15 January 2018

What's new in Spring'18 with Event Monitoring

Summary of Event Monitoring Spring'18 Release Features

1. Hourly Event Log Files Beta - enhanced interval to obtain event log data for customers and partners

Currently EventLogFile object has your Salesforce event data from the previous 24 hrs. With hourly event logs you are able to track events that have been generated 2-4 hrs ago alongside daily event log files. See the interval field from the picture below where Interval = 'hourly' from workbench API tool. 

This allows you to make decisions whether you pull your event log files several times a day to your analytics environment for security or performance monitoring use cases or stay in the daily batch for adoption monitoring. The hourly event log files does not automatically work with event monitoring analytics app, Splunk, New Relic, FairWarning or Cloudlock. Please work with your analytics team to start using the hourly files. 


Screen Shot 2017-07-28 at 10.35.39 AM.png


2. Insecure External Assets Event Log - track insecure external assets hosted in Salesforce and fix URLs from HTTP to HTTPS. This event log file will be generated when your users are accessing external assets like images in Salesforce over insecure HTTP protocol. The insecure external assets event log file will be provided free of charge and out of box to all customers similar to Login and Logout event log files. 



3. Delete Event Log Files - to help comply with existing and upcoming data regulations like GDPR, event log data can now be deleted with a specific Delete Event Monitoring Records permissions. 



Before this permission can be assigned to a user or permission set, there is also a Org wide preference that needs to be turned on. 



4. Track User Actions with time based workflows - correlate multiple events together with Login Key and Session Key

To get more visibility into Time Based Workflow, we've added the Login and Session Key to help track all transaction changes in the specific Time Based Workflow.


5. Salesforce Connect Event Log enhancements - track external objects comprehensively

For Salesforce Connect customers, several log files enhancements have been added to provide more fine grain visibility for external objects, be it query or write operation, when the call occurred and which user accessed the data.
  • External Cross-Org Callout events
    • EXECUTE_MS—How long it took in milliseconds for Salesforce to prepare and execute the query. Previously, this field was reserved for future use.
    • FETCH_MS—How long it took in milliseconds to retrieve the query results from the external system. Previously, this field was reserved for future use.
    • ROWS_FETCHED—(New) Reserved for future use.
  • External Custom Apex Callout events
    • EXECUTE_MS—How long it took in milliseconds for Salesforce to prepare and execute the query. Previously, this field was reserved for future use.
    • FETCH_MS—How long it took in milliseconds to retrieve the query results from the external system. Previously, this field was reserved for future use.
    • ROWS_FETCHED—(New) Number of rows fetched by the callout.
    • THROUGPUT—Number of records retrieved in 1 second. Previously, this field was reserved for future use.
  • External OData Callout events
    • EXECUTE_MS—How long it took in milliseconds for Salesforce to prepare and execute the query. Previously, this field was reserved for future use.
    • FETCH_MS—How long it took in milliseconds to retrieve the query results from the external system. Previously, this field was reserved for future use.
    • NEXT_LINK—OData next link that the callout used to request a subsequent batch or page of rows. Previously, this field was reserved for future use. This field isn’t supported for the OData 2.0 adapter on orgs created before Spring ’18.
    • PARENT_CALLOUT—If the callout requested a subsequent page of rows, this field identifies the initial callout whose request resulted in the multi-page result set. Previously, this field was reserved for future use. This field isn’t supported for the OData 2.0 adapter on orgs created before Spring ’18.
    • ROWS—Total number of records in the result set. Previously, this field was reserved for future use.
    • ROWS_FETCHED—Number of rows fetched by the callout. Previously, this field was reserved for future use. This field isn’t supported for the OData 2.0 adapter on orgs created before Spring ’18.
    • THROUGHPUT—Number of records retrieved in 1 second. Previously, this field was reserved for future use. This field isn’t supported for the OData 2.0 adapter on orgs created before Spring ’18.

Example

Suppose your Salesforce org connects to an external system via an OData adapter. When you defined the external data source in Salesforce, you selected Named Principal for Identity Type. With the named principal, the same set of credentials is always used to access the external system from your org.
To identify the users who accessed an external object’s records during a specific time period, use the log data for the External OData Callout event type. Sort by ENTITY and USER_ID to see which users accessed the external object.
In this event log file, we see that three users accessed the Product external object over 12 callouts.Log data for the External OData Callout event type, with highlighted USER_ID values for callouts that access the Products external object


6. Event Monitoring Analytics App Trailhead, in case you're using the Event Monitoring Analytics App or a new customer getting started the Event Monitoring Analytics App Trailhead is a great way to spend 1h 15 mins to understand how to get started for adoption, performance or security monitoring for your Salesforce application.

7. Changes to Event Log File schema due to regulatory consistency

Document Attachment Downloads event log file
We retired the FILE_NAME field. If you’ve created custom fields and need to retrieve data from the FILE_NAME field, query the Document standard object. For example, SELECT Name FROM Document WHERE Id=[ENTITY_ID value from Document Attachment Downloads log data].
Knowledge Article View event log file
We retired the USERNAME field.
Logout event log file
We retired the USER_NAME field.


05 November 2017

Event Monitoring at Dreamforce 2017

Ready for Dreamforce 2017? 

Wanted to give a quick list of Salesforce Shield & Event Monitoring related break out sessions that might be worth your time to check out:

What: How to Use Event Monitoring to Drive Adoption and Performance
Where: Moscone West 2024
When: 11/6/2017 at 9:00-10:00am

What: Getting Started with Event Monitoring and Field Audit Trail
Where: Moscone West 2008
When: 11/7/2017 at 1:30-2:10pm

What: GDPR Game Show
Where: Moscone West 2024
When: 11/7/2017 at 3:00-3:40pm

Have a great Dreamforce! 

#DF17


16 June 2017

How to Customize Your Report Downloads Dashboard

Attention all security folks! How to monitor data exports from cloud applications is always popular topic amongst security teams.

With Event Monitoring and Salesforce Shield, customers can closely follow these activities in form of Event Log Files and Transaction Security Policies. With Event Monitoring Wave App, customers can further visualize who's downloading data (exporting reports).

Event Monitoring Wave App already includes the out of the box denormalization from UserIDs to Usernames but with three simple steps you can also denormalize and update your Report Downloads dashboard to include what reports your users are downloading.

Dennis Schultz, Principal Solution Engineer from Salesforce has worked on a short video that shows how to use Salesforce Wave Analytics Recipe feature to bring more Salesforce data into Wave and transform your dashboards to include Report Names just under 5 minutes.

How to add Report Names to the Report Dashboards with Salesforce Wave Analytics Recipes in 3 easy steps.


1. Create "Lookup" Dataset
  • From your Wave app environment click Create Dataset. 
  • Select Salesforce as the source and select Report object. Select fields e.g. Report ID and Report Name. Create the Dataset. 
  • To enable the integration between Wave Analytics and Salesforce, go to Data Manager to enable the default Salesforce Dataflow. Once finished, soon you'll see the dataset in your Wave environment. 
  • You can confirm you have the right information from the Values table.
2. Create a new Report Export Dataset with Recipe features
  • Go to Data Manager and select Prepare
  • Create Recipe and Select ReportExportWithUsers Dataset as the base to work with
  • Name your new Dataset "ReportExportWithReportNames"
  • Transform the table with the Lookup Dataset we created in Step 1 with Add Data Transform
  • Select URI_ID_Derived from the Base ReportExportWithUsers Dataset and Report ID from the new Lookup Dataset
  • Now specify you want the Report Name field to be included in the new Dataset
  • Finally create Dataset to run the Recipe
  • Run on scheduled to pick up new events daily
3. Update the Report Downloads Dashboards
  • Open the Report Downloads Dashboard
  • Make a Copy or Clone the Dashboard before continuing 
  • Rename the Dashboard "New Report Downloads" and Save
  • Open ReportExportwithReportNames DataSet
  • Group by Username and ReportName - some names might not be available e.g. User created a new report and deleted the report
  • Click the scissors to "Clip to Designer" the lense and Provide a name ReportExportWithNames 
  • Return to the New Report Downloads Dashboard and hold the Shift Key down and move the widget to the Dashboard
  • Save the Dashboard and Click the Eye button to view it
Please take a look at the video and leave comments or questions below: http://salesforce.vidyard.com/watch/SfuJDkrD9qmycyjgwcdiNS



Cheers, Jari