All Apps and Add-ons

Can the SetupAuditTrail object be used as an input in the Splunk Add-on for Salesforce?

bullcitydave
Engager

I would like to add the SetupAuditTrail object as an input in the Splunk Add-on for Salesforce, but I have been unsuccessful, compared to other objects like LoginHistory, which is pulling fine. Is there a limitation or something I am doing incorrect in my input configuration?

Not Getting Pulled
SetupAuditTrail Input

Getting Pulled
LoginHistory input

Tags (1)

AarthiRamesh
Engager

Did you get the SetUpAuditTrail logs to Splunk? I am facing the same issue

0 Karma

guarisma
Contributor

Hello,

Your Object Fields and Order By fields are wrong, check this Question

Object Fields should be = Id,Action,Section,CreatedDate,CreatedById,Display,DelegateUser,ResponsibleNamespacePrefix
Orther By field should be = CreatedDate

But then I discovered that it's pulling the first 90 days of events and then it stops, I think there's a bug in the code since the logs seems to be trying to pool from the checkpoint but never finds anything new anymore.

0 Karma

deepashri_123
Motivator

@bullcitydave,

May be try reducing the interval,Since its 7200 the data will be available after 2hrs. Try reducing interval for testing and once confirmed set back to normal.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...