cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
augustallen4
Explorer
Member since: ‎07-25-2018
‎06-05-2020
Community Statistics
Posts 5
Solutions 1
Karma Given 7
Karma Received 4
Member Since ‎07-25-2018
Activity Feed
View All

Re: Salesforce Add-On v2.0 Misses Indexing Events ...

by in All Apps and Add-ons
‎01-15-2019 09:51 AM
2 Karma
‎01-15-2019 09:51 AM
2 Karma
Found a fix. Requires a simple edit to a function in Splunk_TA_Salesforce\bin\splunk_ta_salesforce\cloudconnectlib\plugin\cce_plugin_sfdc.py. The function is filter_records_before_date and all I did was comment out the if statement and un-indent return events. I've tested this and it properly indexes all events now; revised function looks like this: @cce_pipeline_plugin def filter_records_before_date(is_greater_than, events, field, value): """Filter all events which the value of field is equal given value.""" #if not _to_bool(is_greater_than): return events #return [event for event in events if event.get(field, '') != value] ... View more

Salesforce Add-On v2.0 Misses Indexing Events from...

by in All Apps and Add-ons
‎01-13-2019 10:35 PM
2 Karma
‎01-13-2019 10:35 PM
2 Karma
Updating to the latest version of the Splunk Add-on for Salesforce v2.0 has caused what I believe to be a bug, where Splunk misses events for objects that are being monitored. I have reproduced this issue across a production system on Splunk 6.6.2 and a test instance on Splunk 7.7.3. I have not experienced this issue on earlier versions of the Salesforce Add-on. It's difficult to explain via text so I will describe how you can easily reproduce it in the hopes that it is easier to read. Set up any input to ingest an object in Salesforce with LastModifiedDate, the default Salesforce field, as the object field for "Order By". If you have n number of these objects in Salesforce that have a LastModifiedDate more recent than your query start date (if you left query start date blank the default is 90 days ago) then you would expect the add-on to ingest and index all n objects. However, you'll find that it only indexes n-1 objects. The object with the latest LastModifiedDate will be missing. I'm confident Splunk does see this event though because the SOQL that is sent to Salesforce (identified by the _internal index with INFO logging) returns n number of events which I've confirmed using the Salesforce SOQL developer console. Further evidence supporting that Splunk sees this latest event is that Splunk will update the Query Start to be the date of the most recent object's LastModifiedDate. Therefore the object is seen by Splunk, but just doesn't seem to get indexed. Furthermore, you can force Splunk to index this or any object by editing two or more objects in Salesforce in-between the time period of the interval. For example if you have the interval set to query Salesforce every 10 minutes and you edit Object A, B and then C in this time period then Splunk will index Object A and B, but there will be no event generated for C. However, Splunk will use the LastModifiedDate of Object C for future queries. You can find further evidence that Splunk is missing an event by searching "index=_internal events collected" with INFO logging configured in the Salesforce app and you will see "file=cce_plugin_sfdc.py, func_name=log... Events Collect n-1". I suspect this is a simple fix by editing one of the python functions in the app so that Splunk indexes the latest event, but I haven't quite figured out a fix. Has anyone else experienced this issue or know of a workaround? ... View more

Re: How to rename dbxquery fields in dashboards?

by in Splunk Search
‎09-20-2018 05:25 PM
‎09-20-2018 05:25 PM
If you're willing to explicitly write out all the field values you could use dbxquery with shortnames=true and then add to your search | table fieldA fieldB fieldC... If the database table changed or was re-ordered this would break though. I'm still thinking about other options. ... View more

Re: How to make a multi-select token with dynamic ...

by in All Apps and Add-ons
‎09-20-2018 05:10 PM
‎09-20-2018 05:10 PM
I'm looking to default to having all the values selected and then a user can remove any values they do not want. If there's a value for ALL then you have to deselect it and then click dozens of other values. The functionality I'm looking for is more like a "select all" not just making "all" an option. If I could figure out how they did it in the machine learning toolkit that would be perfect. ... View more

How to make a multi-select token with dynamic opti...

by in All Apps and Add-ons
‎09-15-2018 10:32 AM
‎09-15-2018 10:32 AM
I have a dashboard which will dynamically return values in a separate multiselect token based on user input to an initial token. However, I would like the multiselect token to default to having all options selected with the ability to uncheck any option and remove them from results. The functionality I am looking for is nearly identical to the "Fields to use for predicting" in the Machine Learning Toolkit but I cannot figure out how to see the source code in that app. The only difference is that I would like to default to having all values selected. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
Karma given to