Skip to content
Merged
Show file tree
Hide file tree
Changes from 9 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion packages/salesforce/_dev/build/docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,11 @@ As an example, you can use the data from this integration to understand the acti
The Salesforce integration collects log events using the REST API of Salesforce.

**Logs** help you keep a record of events happening in Salesforce.
Log data streams collected by the Salesforce integration include [Login](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_login.htm).
Log data streams collected by the Salesforce integration include [Login](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_login.htm), and [Logout](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_logout.htm).

Data streams:
- `login_rest`: Tracks login activity of users who log in to Salesforce.
- `logout_rest`: Tracks user UI logout. A logout event records a successful user logout from your organization’s UI.
Comment thread
kush-elastic marked this conversation as resolved.
Outdated

## Compatibility

Expand Down Expand Up @@ -167,3 +168,11 @@ This is the `login_rest` data stream. It represents events containing details ab
{{event "login_rest"}}

{{fields "login_rest"}}

### Logout Rest

This is the `logout_rest` data stream. It represents events containing details about your organization's user logout history.

{{event "logout_rest"}}

{{fields "logout_rest"}}
2 changes: 1 addition & 1 deletion packages/salesforce/_dev/deploy/docker/files/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,4 +68,4 @@ rules:
content-type: ["text/csv"]
body: |-
"EVENT_TYPE","TIMESTAMP","REQUEST_ID","ORGANIZATION_ID","USER_ID","RUN_TIME","CPU_TIME","URI","SESSION_KEY","LOGIN_KEY","TYPE","METHOD","SUCCESS","TIME","REQUEST_SIZE","RESPONSE_SIZE","URL","TIMESTAMP_DERIVED","USER_ID_DERIVED","CLIENT_IP","URI_ID_DERIVED"
"ApexCallout","20221122044615.591","ABCDE","00D5j000000VABC","0055j000000ABCD","1305","10","CALLOUT-LOG","ABCDEF","ABCDEFGH","OData","GET","1","1293","10","256","https://temp.sh/odata/Accounts","2022-11-22T04:46:15.591Z","0055j012345utlPAAQ","127.0.0.1","0055j000000utlPABCD"
"ApexCallout","20221122044615.591","ABCDE","00D5j000000VABC","0055j000000ABCD","1305","10","CALLOUT-LOG","ABCDEF","ABCDEFGH","OData","GET","1","1293","10","256","https://temp.sh/odata/Accounts","2022-11-22T04:46:15.591Z","0055j012345utlPAAQ","81.2.69.142","0055j000000utlPABCD"
Comment thread
kush-elastic marked this conversation as resolved.
Outdated
5 changes: 5 additions & 0 deletions packages/salesforce/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# newer versions go on top

- version: 0.2.0
changes:
- description: Salesforce integration package with "logout_rest" data stream.
link: https://github.com/elastic/integrations/pull/4323
type: enhancement
- version: 0.1.0
changes:
- description: Salesforce integration package with "login_rest" data stream.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
dynamic_fields:
event.ingested: ".*"
fields:
tags:
- preserve_original_event
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"EVENT_TYPE":"Logout","TIMESTAMP":"20211019050707.13","REQUEST_ID":"4exLFFQZNa5xxFl1cJNwOV","ORGANIZATION_ID":"00D5j000000VI3n","USER_ID":"0055j000000utlP","USER_TYPE":"X","SESSION_TYPE":"C","SESSION_LEVEL":"1","BROWSER_TYPE":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","PLATFORM_TYPE":"1015","RESOLUTION_TYPE":"9999","APP_TYPE":"1000","CLIENT_VERSION":"9998","API_TYPE":"fo","API_VERSION":"54.0","USER_INITIATED_LOGOUT":"1","SESSION_KEY":"/b1/C123g6WXplkT","LOGIN_KEY":"OK123uSUIZVr9YzF","TIMESTAMP_DERIVED":"2021-10-19T05:07:07.128Z","USER_ID_DERIVED":"0055j000000utlPAAQ","CLIENT_IP":"175.16.199.0"}
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
{
"expected": [
{
"@timestamp": "2021-10-19T05:07:07.128Z",
"ecs": {
"version": "8.4.0"
},
"event": {
"action": "logout",
"category": [
"authentication"
],
"code": "4exLFFQZNa5xxFl1cJNwOV",
"dataset": "salesforce.logout_rest",
"kind": "event",
"module": "salesforce",
"original": "{\"EVENT_TYPE\":\"Logout\",\"TIMESTAMP\":\"20211019050707.13\",\"REQUEST_ID\":\"4exLFFQZNa5xxFl1cJNwOV\",\"ORGANIZATION_ID\":\"00D5j000000VI3n\",\"USER_ID\":\"0055j000000utlP\",\"USER_TYPE\":\"X\",\"SESSION_TYPE\":\"C\",\"SESSION_LEVEL\":\"1\",\"BROWSER_TYPE\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36\",\"PLATFORM_TYPE\":\"1015\",\"RESOLUTION_TYPE\":\"9999\",\"APP_TYPE\":\"1000\",\"CLIENT_VERSION\":\"9998\",\"API_TYPE\":\"fo\",\"API_VERSION\":\"54.0\",\"USER_INITIATED_LOGOUT\":\"1\",\"SESSION_KEY\":\"/b1/C123g6WXplkT\",\"LOGIN_KEY\":\"OK123uSUIZVr9YzF\",\"TIMESTAMP_DERIVED\":\"2021-10-19T05:07:07.128Z\",\"USER_ID_DERIVED\":\"0055j000000utlPAAQ\",\"CLIENT_IP\":\"175.16.199.0\"}",
"type": [
"info"
]
},
"related": {
"ip": [
"175.16.199.0"
]
},
"salesforce": {
"logout": {
"access_mode": "rest",
"api": {
"type": "fo",
"version": "54.0"
},
"app_type": "Application",
"browser_type": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36",
"client_version": "9998",
"event_type": "Logout",
"login_key": "OK123uSUIZVr9YzF",
"organization_id": "00D5j000000VI3n",
"platform_type": "Windows 10",
"resolution_type": "9999",
"session": {
"level": "Standard Session",
"type": "Content"
},
"user_id": "0055j000000utlP",
"user_initiated_logout": "1"
}
},
"source": {
"geo": {
"city_name": "Changchun",
"continent_name": "Asia",
"country_iso_code": "CN",
"country_name": "China",
"location": {
"lat": 43.88,
"lon": 125.3228
},
"region_iso_code": "CN-22",
"region_name": "Jilin Sheng"
},
"ip": "175.16.199.0"
},
"tags": [
"preserve_original_event"
],
"user": {
"id": "0055j000000utlPAAQ",
"roles": "Salesforce Administrator"
}
}
]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
input: httpjson
service: salesforce
vars:
instance_url: http://{{Hostname}}:{{Port}}
client_id: temp_client_id
client_secret: forty_characters_long_secret_key
username: temp_user
password: temp_password
token_url: http://{{Hostname}}:{{Port}}/services/oauth2/token
data_stream:
vars:
preserve_original_event: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
config_version: 2
interval: {{period}}
request.method: GET
auth.oauth2:
enabled: true
client.id: {{client_id}}
client.secret: {{client_secret}}
token_url: {{token_url}}
user: {{username}}
password: {{password}}
request.url: {{instance_url}}/services/data/v54.0/query?q=logout+rest
request.transforms:
- set:
target: url.params.q
value: "SELECT Id,CreatedDate,LogDate,LogFile FROM EventLogFile WHERE Interval = 'Hourly' AND EventType = 'Logout' AND LogDate > [[.cursor.last_published_logout]] ORDER BY CreatedDate ASC NULLS FIRST"
default: "SELECT Id,CreatedDate,LogDate,LogFile FROM EventLogFile WHERE Interval = 'Hourly' AND EventType = 'Logout' ORDER BY LogDate ASC NULLS FIRST"
response.split:
target: body.records
chain:
- step:
request.url: {{instance_url}}/services/data/v54.0/sobjects/EventLogFile/$.records[:].Id/LogFile
request.method: GET
replace: $.records[:].Id
cursor:
last_published_logout:
value: '[[.last_event.LogDate]]'
tags:
{{#if preserve_original_event}}
- preserve_original_event
{{/if}}
{{#each tags as |tag|}}
- {{tag}}
{{/each}}
{{#contains "forwarded" tags}}
publisher_pipeline.disable_host: true
{{/contains}}
processors:
- add_fields:
target: salesforce
fields:
instance_url: {{instance_url}}
{{#if processors}}
{{processors}}
{{/if}}
Loading