Salesforce Event Monitoring

The Salesforce Event Monitoring Source in Observo AI enables the ingestion of JSON-formatted event logs from Salesforce's Event Monitoring API, supporting real-time monitoring, analytics, and security for user activity and system performance data.

Purpose

The purpose of the Observo AI Source Salesforce Event Monitoring is to enable users to ingest event log data from Salesforce's Event Monitoring API into the Observo AI platform for analysis and processing. It facilitates the collection of events, logs, and metrics related to user activity, security, and system performance, typically in JSON format, allowing organizations to streamline data pipelines, enhance observability, and support use cases such as monitoring, analytics, and security by processing Salesforce event data in real time.

Prerequisites

Before configuring the Salesforce Event Monitoring source in Observo AI, ensure the following requirements are met to facilitate seamless data ingestion:

• Observo AI Platform Setup:

  • The Observo AI platform must be installed and operational, with support for the Salesforce Event Monitoring source.

  • Verify that the platform supports common data formats such as JSON, as Salesforce event logs are typically delivered in this format. Additional parsers may be needed for custom processing.

• Salesforce API Access:

  • An active Salesforce instance must be available to send event monitoring data to Observo AI.

  • Obtain the Salesforce instance such as https://your-instance.salesforce.com and credentials such as OAuth2 tokens or username/password with API access from the Salesforce Admin setup.

• Authentication:

  • Prepare one of the following authentication methods:

    • OAuth2: Generate a Connected App in Salesforce Setup under App Manager, and obtain Client ID, Client Secret, and OAuth2 token endpoint for secure access to the Event Monitoring API.

    • Username/Password (Legacy): Provide a username, password, and security token with API permissions, if OAuth2 is not used.

• Network and Connectivity:

  • Ensure Observo AI can communicate with the Salesforce Event Monitoring API endpoint such as https://your-instance.salesforce.com/services/data/vXX.X/monitor.

  • Check for proxy settings, firewall rules, or VPC endpoint configurations that may affect connectivity to the Salesforce API.

Integration

The Integration section outlines the configurations for the Salesforce Event Monitoring source. To configure the Salesforce Event Monitoring source in Observo AI, follow these steps to set up and test the data flow:

1. Log in to Observo AI:

   • Navigate to the Sources tab.

   • Click the Add Source button and select Create New.

   • Choose Salesforce Event Monitoring from the list of available sources to begin configuration.

2. General Settings:

   • Name: A unique identifier for the source, such as salesforce-event-source-1.

   • Description (Optional): Provide a description for the source.

   • Endpoint: The Salesforce Event Monitoring API endpoint to collect data from. Supports templating with $LAST_VALUES when using checkpointing. Default: https://<ORG_DOMAIN>.my.salesforce.com

     Example

     https://bigcompany.my.salesforce.com

   • Collection Interval (Optional): Collection intervals are used to set up search date range and scheduling. Default: 30 minutes

     Options

     5 Minutes

     10 Minutes

     15 Minutes

     30 Minutes

3. Authentication:

   • Client ID: Client ID for OAuth2 authentication.

   • Client Secret: Client secret for OAuth2 authentication.

   • Token URL: URL to get the OAuth2 token. Default: https://<ORG_DOMAIN>.my.salesforce.com/services/oauth2/token

     Example

     https://connect-agility-85522.my.salesforce.com/services/oauth2/token

4. Pagination:

   • Request Interval: Time to wait between pagination requests. Use a duration string like '100ms' or '1s'. Default: 1ms

   • Page Size: Number of EventLog Files to request per page. Default: 20

     Examples

     10

     20

     30

5. Checkpoint:

   • Initial Value: Starting value for the collection. Will be used for the first collection.

     Example

     2025-05-01T00:00:00Z

6. TLS Configuration (Optional):

   • CA File: The CA certificate provided as an inline string in PEM format.

   • Include System CA Certs Pool (True): Include the system CA certificates pool in the list of CAs used to verify the server certificate.

   • Cert File: Path to the TLS cert to use for TLS required connections.

   • Key File: Path to the TLS key to use for TLS required connections.

   • Insecure (True): Skip TLS verification when connecting to the endpoint. This is insecure and should not be used in production.

   • Insecure Skip Verify (True): Enable TLS but not verify the certificate.

   • Server Name Override: The server name to use to verify the hostname on the returned certificates.

7. Advanced Settings (Optional):

   • Proxy URL: URL of the proxy server to use when connecting to the endpoint.

   • Read Buffer Size: Size of the read buffer in bytes.

   • Write Buffer Size: Size of the write buffer in bytes.

   • Timeout: Timeout for the HTTP request. Use a number followed by a unit, such as '30s' or '1m'. Default: 10s

   • Compression: Compression algorithm to use for the request body.

     Options

     Description

     Gzip

     DEFLATE compression with headers for file storage

     Zlib

     DEFLATE format with minimal wrapper and checksums

     Deflate

     Combines LZ77 and Huffman for compression efficiency

     Snappy

     Prioritizes speed over compression ratio and complexity

     Zstd

     Fast compression with good ratio and dictionaries

     Lz4

     Ultra-fast compression with minimal resource overhead

8. Parser Config:

   • Enable Source Log Parser: (False)

   • Toggle Enable Source Log Parser Switch to enable.

   • Select appropriate Parser from the Source Log Parser dropdown.

   • Add additional Parsers as needed.

9. Pattern Extractor:

   • Refer to Observo AI's Pattern Extractor documentation for details on configuring pattern-based data extraction.

10. Archival Destination:

    • Toggle Enable Archival on Source Switch to enable.

    • Under Archival Destination, select from the list of Archival Destinations (Required).

11. Save and Test Configuration:

    • Save the configuration settings in Observo AI.

    • Send sample data to the Salesforce Event Monitoring endpoint and verify ingestion in the Analytics tab for data flow.

Example Scenarios

Nexus Service Solutions, a fictitious enterprise in the service provider sector, specializes in customer relationship management and technical support services. To enhance their operational efficiency and security monitoring, Nexus aims to ingest event log data from Salesforce's Event Monitoring API into their Observo AI platform. This integration will enable real-time analysis of user activity, system performance, and security events, supporting compliance and performance optimization. Below is the detailed configuration process for setting up the Salesforce Event Monitoring source in Observo AI, based on the provided documentation, with all required fields specified.

Standard Salesforce Event Monitoring Source Setup

Here is a standard Salesforce Event Monitoring Source configuration example. Only the required sections and their associated field updates are displayed in the table below:

General Settings

Authentication

Checkpoint

Pagination

TLS Configuration

Advanced Settings

Test Configuration

• Save the configuration in the Observo AI interface.

• Send sample event data to the Salesforce Event Monitoring API endpoint and verify ingestion in the Analytics tab.

• Monitor Observo AI logs for errors and confirm data throughput matches expected event log volume.

• Use Salesforce’s admin setup to cross-check event log delivery to the API.

Scenario Troubleshooting

• Authentication Errors: Verify that the Client ID and ${SALESFORCE_CLIENT_SECRET} are valid in the Salesforce Connected App and have Event Monitoring API access.

• Connectivity Issues: Ensure the proxy at http://proxy.nexusservices.com:8080 allows traffic to https://nexus-services.my.salesforce.com. Test with curl or Postman.

• Data Not Ingested: Confirm the JSON parser is enabled and matches the API response structure.

• Request Timeout: Increase the Timeout to 60s if network latency is high or check proxy performance.

• Inaccessible Host: Verify TLS 1.3 compatibility with Salesforce’s API and check DNS resolution for nexus-services.my.salesforce.com.

This configuration enables Nexus Service Solutions to securely ingest Salesforce event monitoring logs into Observo AI, supporting real-time monitoring and compliance.

Troubleshooting

If issues arise with the Salesforce Event Monitoring source in Observo AI, use the following steps to diagnose and resolve them:

• Verify Configuration Settings:

  • Ensure all fields, such as Endpoint, Client ID, Client Secret, and parser settings, are correctly entered and match the Salesforce API setup.

  • Confirm the HTTP method, such as GET, aligns with the Salesforce Event Monitoring API requirements.

• Check Authentication:

  • Verify the OAuth2 credentials (Client ID, Client Secret, and token) are valid, not expired, and have permissions to access the Salesforce Event Monitoring API.

  • For legacy username/password, confirm the username, password, and security token are correct.

  • Check Observo AI logs for authentication failure errors.

• Validate Network Connectivity:

  • Check for firewall rules, proxy settings, or VPC endpoint configurations that may block access to the Salesforce API endpoint.

  • Test connectivity using tools like curl or Postman with similar proxy configurations to verify access.

• Common Error Messages:

  • "Inaccessible host": May indicate TLS version mismatches, such as TLS 1.3 issues, or DNS problems. Ensure the Salesforce endpoint supports the required TLS version and check DNS settings.

  • "Authentication failed": Verify that the OAuth2 credentials or username/password and security token are correct and have the necessary permissions for the Event Monitoring API.

  • "Request timeout": Check the Timeout setting and network latency; consider increasing the timeout value.

• Monitor Logs and Data:

  • Verify that data is being ingested by monitoring the Salesforce Event Monitoring endpoint activity.

  • Use the Analytics tab in the targeted Observo AI pipeline to monitor data volume and ensure expected throughput.

  • Check Observo AI logs for errors or warnings related to data ingestion from the Salesforce Event Monitoring source.

Resources

For additional guidance and detailed information, refer to the following resources:

• External Documentation:

  • Salesforce Event Monitoring API

  • What is TLS (Transport Layer Security)?

  • Benefits TLS Encryption

  • What is TLS Encryption?

  • Using TLS to protect data

  • Protect Your Data with TLS 1.3 Encryption

  • What is an SSL/TLS Certificate?