Indexing Data from Salesforce Objects in Splunk

In one of my previous posts, I talked about the Splunk App for Salesforce and how it helps you poll Salesforce “Event Log File” which are the Salesforce access logs/events.

I have been getting a lot of questions around what other data can you ingest using the App. What if you want to index records from standard or custom object? Take the example of Service Cloud data, how would you use Splunk to poll records from the Case Object to track various metrics such as the average Case closure time, open cases by User, etc. Another example would be how to track business metrics around Sales Orders and Quotes processing.

The good news is that with the help of this App, you can now quickly capture data from any Salesforce object as long as it is exposed via REST API. All you need is the Splunk App for Salesforce and the Salesforce SOQL query you want to use.

Assuming you have the Splunk App for Salesforce installed, below you can find the steps you need to get the data in Splunk:

1- Select “Salesforce Object” modular input and create a new entry
2- Provide a unique name to the input
3- Paste the SOQL query you want to index – example: SELECT CaseNumber, Id, LastModifiedById, OwnerId, Account.Name, Status, LastModifiedDate FROM Case
4- Select the time you want to start querying data from. If kept blank, default is 90 days.
5- Select the number of records you want Splunk to poll in each query (maximum is 1000 for standard object and 500 for custom objects)
6- Select the poll frequency

Voila, as simple as this – you can now search that data in Splunk. End result is pure insight into your Salesfoce data: