Splunk App for Salesforce

Do you manage a Salesforce environment and would like to analyze who is accessing what? Would you like to find out who is exporting sensitive data? Would you like to detect any Salesforce related suspicious activities or any slow running reports, dashboards, SOQL queries?

If the answer to the above is yes, you should check out the Splunk App for Salesforce which has been recently released as a service on Splunk Cloud. This App relies on the Salesforce Event Log File that exposes Salesforce access logs. In addition to that, you can also leverage this app to collect and index any data from the standard Salesforce objects. In other words, you can use this app to index structured and unstructured salesforce data.
For a quick peek at the app, check out the Splunk App for Salesforce Demo video




In a nutshell, this App provides deep insight into three categories:

• Application Management: You can view various dashboards that let you detect slow running Salesforce reports, slow running dashboards, stale or unused reports. You can also have deep insight into your APEX backend performance such as slow running classes, SOQL queries, triggers, VisualForce pages and much more.


Screen Shot 2014-10-13 at 2.40.28 PM


• Adoption and Usage Analytics: You can use this app to perform trend analysis for all access to Salesforce by user, group, regions. You can find out what browsers, platforms/OS (mobile or PC) your users are connecting from. For example, you can also leverage this app to detect if some access related issues are caused by old/unsupported versions of the browser.


Browser Analytics


• Security: You can detect security threats by analyzing login patterns and also trigger alerts if there are, for example, high login requests from a given IP. The app can also prevent data loss by monitoring Report exports, accessed documents, previews, etc.


Data Export/Access


• Chatter feed: You can also automatically trigger Chatter feed entries for alerting your Salesforce admins of all anomalies.


Chatter feed alert


You can test drive the app for free by signing up for the Online Sandbox. The setup is pretty straight forward and should take you a few minutes provided you have the right access to your Salesforce instance. Make sure you have met all the pre-requisites as per the app documentation

Stay tuned for more. Happy Splunking!


The app looks great, but, is it going to be released also as an app for Splunk Enterprise? For on-premises solution?


January 21, 2015

+1 for Splunk Enterprise as well.

John Harte
January 26, 2015

Hi Guillermo, John,

At this time, the app is only available as a Service on Splunk Cloud – no on-prem is yet planned. You could use a Hybrid model in order to have Splunk on-prem search your SFDC data in the cloud.


Elias Haddad
January 26, 2015

How exactly can we set up the hybrid model? Don’t we have to get a copy of the scripted calls against the SF APIs in order to run them form our on-prem Splunk instances?

February 18, 2015


I’m interested in getting Salesforce events into our on-prem Splunk. Is there any documentation on how do this using the Hybrid model?

Kind regards

David Smith
July 15, 2015

Please check the App documentation Q&A section for more details on the hybrid model:

Elias Haddad
July 20, 2015

If I understand correctly, this app is only for monitoring your SFDC instance, not for reporting on the SFDC object data, correct? I am looking for a tool to report on our SFDC data (for example, Accounts, contacts, cases, etc), and since we already have a Splunk license, I thought this might be a solution. Is that something you offer?

December 15, 2015

How is splunk useful for salesforce developers. Will they will be able to see production logs. Will they will be able to see custom object details. Will they will be able to see application logs logged by code.

January 25, 2016