I have recently lost Salesforce logging . Its been working just fine and nothing was changed from Splunk side . I checkedthe salesforce sfdc object logs and found the following error
The response status=403 for request which url=https://XXXX.my.salesforce.com/services/data/v42.0/query?q=SELECT%20Id%2CLastModifiedDate%2CName%20FROM%20Report%20WHERE%20LastModifiedDate%3E2018-10-25T18%3A23%3A57.000%2B0000%20ORDER%20BY%20LastModifiedDate%20LIMIT%201000 and method=GET.
2020-05-28 15:56:29,903 +0000 log_level=INFO, pid=72666, tid=MainThread, file=task.py, func_name=perform, code_line_no=533 | [stanza_name=report] Task=ListRecords need been terminated due to request response
Im not sure if the error code 403 means the password of the service account im using to call the API has changed/expired ( not aware of any changes here , in fact the user is able to login with no issues ) . I have also checked the account profile and verified that API is enabled
Could you please help ?
... View more
Im new to splunk and just started learning it and im having little issues extracting some fields from a raw data
ex: of Ram Data
04/12 15:50:38 [LOGON]  Domain: SamLogon: Network logon of Domain\test1$ from machine1 Returns 0xC0000064
I would like to extract the following
SamLogon : Network logon of Domain\test1$ from machine1
Returns : 0xC0000064
im trying to use the regex in props.conf in SH
Any help would be appreciated . Thanks
... View more