Hi,
I've configured our Add-on for Salesforce to collect Event Log data as per the add-on documentation. It's using the same account as the object inputs (which are working fine) and the account definitely has API access to event log data.
However in the event log collector log file I'm seeing an error caused by an incomplete URL:
HTTPError: HTTP Error Only absolute URIs are allowed. uri = /services/data/v42.0/sobjects/EventLogFile/<file_id>/LogFile
it seems as though the endpoint is not being prepended to the URL, even though it's defined in the account that is being used.
I looked through the scripted inputs to see exactly how this flow works and found where the request object is built (Splunk_TA_salesforce/bin/input_module_sfdc_event_log.py (line 31):
request = {
'url': '{{server_url}}/services/data/{{API_VERSION}}/sobjects'
'/EventLogFile/{{event_log_file.Id}}/LogFile',
'method': 'GET',
'headers': header,
}
{{server_url}} is set here (line 252):
# Block for OAuth flow
if task_config.get("account").get("auth_type") and
task_config.get("account").get("auth_type") == _OAUTHFLOW:
set_values = (
('set_var', ['{{account.access_token}}'], 'session_id'),
('set_var', ['{{account.instance_url}}'], 'server_url')
)
I could see it is getting the server URL from the account configuration which is as follows ($SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/local/splunk_ta_salesforce_account.conf):
[svc_prod_salesforce]
access_token = ******
auth_type = oauth
client_id = <client_id>
client_secret = ******
endpoint = <endpoint_url>
instance_url = https://<endpoint_url>
refresh_token = ******
Does anyone know what's going on here? I can't seem to find any reason that the script wouldn't be able to see the account configuration.
Any help would be greatly appreciated.
Thanks,
Pat
... View more