Splunk Cloud

SalesForce Add on


Hi All,

We are unable to get Salesforce event log into Splunk.  Getting 400 error code. PFB the error message details.

Also note that, we are able to query the data and fetch the results by the same user through Salesforce, it is just that when we connect through Splunk it doesn't work.

Here is an error message:

2020-07-07 07:47:13,452 +0000 log_level=ERROR, pid=32523, tid=MainThread, file=engine_v2.py, func_name=start, code_line_no=57 | [stanza_name=event] CloudConnectEngine encountered exception Traceback (most recent call last): File "/opt/splunk/etc/apps/Splunk_TA_salesforce/bin/splunk_ta_salesforce/cloudconnectlib/core/engine_v2.py", line 52, in start for temp in result: File "/opt/splunk/etc/apps/Splunk_TA_salesforce/bin/splunk_ta_salesforce/cloudconnectlib/core/job.py", line 88, in run contexts = list(self._running_task.perform(self._context) or ()) File "/opt/splunk/etc/apps/Splunk_TA_salesforce/bin/splunk_ta_salesforce/cloudconnectlib/core/task.py", line 288, in perform raise CCESplitError cloudconnectlib.core.exceptions.CCESplitError



2020-07-07 07:47:13,451 +0000 log_level=ERROR, pid=32523, tid=MainThread, file=task.py, func_name=_send_request, code_line_no=504 | [stanza_name=event] The response status=400 for request which url=https://xxxyyyy.salesforce.com/services/data/v48.0/query?q=SELECT%20Id%2CEventType%2CLogDate%2CCreatedDate%20FROM%20EventLogFile%20WHERE%20CreatedDate%3E%3D2020-06-07T00%3A00%3A00.000z%20AND%20Interval%3D%27Hourly%27%20ORDER%20BY%20CreatedDate%20LIMIT%201000 and method=GET.

Labels (1)
Tags (1)
0 Karma



I am also getting the same issue, Were you able to resolve this issue?


0 Karma



Were you able to resolve this issue?

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!