Taking a look at the set-up for the Salesforce app, you'll need to outline that token in splunk_ta_salesforce_account.conf. In the conf file, you'll need to create a new stanza for the account name and add the token there. See example:
[account_name] // The account name you create in this add-on
endpoint = // URL of the Salesforce endpoint
auth_type = basic
username = // The Salesforce username you want to use
password = // The password of the Salesforce username
token = // (Optional) The security token is needed if your Splunk instance is
Please reference https://docs.splunk.com/Documentation/AddOns/released/Salesforce/Setupv2#Set_up_basic_authentication_using_configuration_files for where to input your refresh_token.
If you are looking for your refresh token in salesforce, I'd recommend starting here: https://help.salesforce.com/articleView?id=remoteaccess_oauth_refresh_token_flow.htm&type=5. I'm admittedly less familiar with salesforce oauth, but it appears other users were able to recover the refresh token with a few queries to auth. (see responses to this post: https://developer.salesforce.com/forums/?id=906F0000000AgInIAK)
... View more