Skip to content

Source types for the Splunk Add-on for Salesforce

The Splunk Add-on for Salesforce provides the index-time and search-time knowledge for Salesforce event log file data and Salesforce object queries in the following formats.

Source type Description CIM data models
sfdc:logfile Salesforce event log data. Web, Change, Authentication
sfdc:<object_name> Enter the object name you want to get data from in the field. You can either get data from a Salesforce standard object or a customized object. For example, search for sourcetype=sfdc:LoginHistory to get the data of the login history for all successful and failed login attempts for organizations and enabled portals. Version 2.0.0 provides default support for sfdc:contentversion. sourcetype=sfdc:LoginHistory is mapped to Authentication.