Lookups for the Splunk Add-on for Salesforce¶
This topic contains information on the lookups for the Splunk Add-on for Salesforce.
KV Store lookups for the Splunk Add-on for Salesforce¶
| Lookup definition | Purpose |
|---|---|
lookup_sfdc_usernames |
The lookup is used to enrich the Salesforce events coming from Event Log File and LoginHistory. It mapsUSER_ID to user’s information, such as UserId, Email, Username, Name, LastName, FirstName, etc. For Event Log File, it maps USER_ID to user’s information, such as UserId, Email, Username, Name, LastName, and FirstName. For LoginHistory, it maps UserId to user’s information, such as Email, Username, Name, LastName, and FirstName. |
Scripted lookups for the Splunk Add-on for Salesforce¶
The Splunk Add-on for Salesforce includes one scripted
lookup. The script for the lookup is
located in $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/bin.
| Lookup definition | Purpose |
|---|---|
lookup_sfdc_user_agent_scripted |
The lookup is used to enrich the Salesforce events coming from Event Log File. Maps the USER_AGENT which is a number to human readable http_user_agent. |
Lookup lookup_sfdc_user_agent.csv has been removed starting in version
4.1.0 of the Splunk Add-on for Salesforce.