Splunk App for Salesforce: After creating a query ...

bi0ekcc · ‎01-05-2016

We created a new query for a custom object in Salesforce. We are only returning 312 records back, when we should have around 2596 .
Our query limit is 1000. How can we tell why it's not pulling everything back? We've tested the same query with the Splunk Salesforce user and it's returning the correct amount of records. Does the input paginate correctly?

Is there any troubleshooting we can look at to tell us what query it is running against Salesforce, the raw results, and other information.

In addition, how does the query limit work? Does it just append a LIMIT onto the sql query, or does it also count against a sub-select?

agabrielli · ‎12-01-2020

Hi guys, I 'm having the same issue.

The connector retrieves up 2000 records. I've configured both "Order By" and "Query Start Date Parameters" = 10000 but it doesn't work. The event I'm trying to sync is LoginEvent.

Which configuration do I need to perform to be sure to retrieves all the thousands of generated events?

chustwayte · ‎03-15-2017

I have experienced this a couple times as well. I recently just indexed over a million rows within Multiple sourcetypes and found that if you don't have a good start date or order by field that you can get incomplete results. I've tried this a few times with different types of queries and have been successfull with all attempts since making sure I have this information. Good Luck!

Splunk App for Salesforce: After creating a query for a custom object, how to troubleshoot why it's not pulling all records?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases