15 January 2018

What's new in Spring'18 with Event Monitoring

Summary of Event Monitoring Spring'18 Release Features

1. Hourly Event Log Files Beta - enhanced interval to obtain event log data for customers and partners

Currently EventLogFile object has your Salesforce event data from the previous 24 hrs. With hourly event logs you are able to track events that have been generated 2-4 hrs ago alongside daily event log files. See the interval field from the picture below where Interval = 'hourly' from workbench API tool. 

This allows you to make decisions whether you pull your event log files several times a day to your analytics environment for security or performance monitoring use cases or stay in the daily batch for adoption monitoring. The hourly event log files does not automatically work with event monitoring analytics app, Splunk, New Relic, FairWarning or Cloudlock. Please work with your analytics team to start using the hourly files. 


Screen Shot 2017-07-28 at 10.35.39 AM.png


2. Insecure External Assets Event Log - track insecure external assets hosted in Salesforce and fix URLs from HTTP to HTTPS. This event log file will be generated when your users are accessing external assets like images in Salesforce over insecure HTTP protocol. The insecure external assets event log file will be provided free of charge and out of box to all customers similar to Login and Logout event log files. 



3. Delete Event Log Files - to help comply with existing and upcoming data regulations like GDPR, event log data can now be deleted with a specific Delete Event Monitoring Records permissions. 



Before this permission can be assigned to a user or permission set, there is also a Org wide preference that needs to be turned on. 



4. Track User Actions with time based workflows - correlate multiple events together with Login Key and Session Key

To get more visibility into Time Based Workflow, we've added the Login and Session Key to help track all transaction changes in the specific Time Based Workflow.


5. Salesforce Connect Event Log enhancements - track external objects comprehensively

For Salesforce Connect customers, several log files enhancements have been added to provide more fine grain visibility for external objects, be it query or write operation, when the call occurred and which user accessed the data.
  • External Cross-Org Callout events
    • EXECUTE_MS—How long it took in milliseconds for Salesforce to prepare and execute the query. Previously, this field was reserved for future use.
    • FETCH_MS—How long it took in milliseconds to retrieve the query results from the external system. Previously, this field was reserved for future use.
    • ROWS_FETCHED—(New) Reserved for future use.
  • External Custom Apex Callout events
    • EXECUTE_MS—How long it took in milliseconds for Salesforce to prepare and execute the query. Previously, this field was reserved for future use.
    • FETCH_MS—How long it took in milliseconds to retrieve the query results from the external system. Previously, this field was reserved for future use.
    • ROWS_FETCHED—(New) Number of rows fetched by the callout.
    • THROUGPUT—Number of records retrieved in 1 second. Previously, this field was reserved for future use.
  • External OData Callout events
    • EXECUTE_MS—How long it took in milliseconds for Salesforce to prepare and execute the query. Previously, this field was reserved for future use.
    • FETCH_MS—How long it took in milliseconds to retrieve the query results from the external system. Previously, this field was reserved for future use.
    • NEXT_LINK—OData next link that the callout used to request a subsequent batch or page of rows. Previously, this field was reserved for future use. This field isn’t supported for the OData 2.0 adapter on orgs created before Spring ’18.
    • PARENT_CALLOUT—If the callout requested a subsequent page of rows, this field identifies the initial callout whose request resulted in the multi-page result set. Previously, this field was reserved for future use. This field isn’t supported for the OData 2.0 adapter on orgs created before Spring ’18.
    • ROWS—Total number of records in the result set. Previously, this field was reserved for future use.
    • ROWS_FETCHED—Number of rows fetched by the callout. Previously, this field was reserved for future use. This field isn’t supported for the OData 2.0 adapter on orgs created before Spring ’18.
    • THROUGHPUT—Number of records retrieved in 1 second. Previously, this field was reserved for future use. This field isn’t supported for the OData 2.0 adapter on orgs created before Spring ’18.

Example

Suppose your Salesforce org connects to an external system via an OData adapter. When you defined the external data source in Salesforce, you selected Named Principal for Identity Type. With the named principal, the same set of credentials is always used to access the external system from your org.
To identify the users who accessed an external object’s records during a specific time period, use the log data for the External OData Callout event type. Sort by ENTITY and USER_ID to see which users accessed the external object.
In this event log file, we see that three users accessed the Product external object over 12 callouts.Log data for the External OData Callout event type, with highlighted USER_ID values for callouts that access the Products external object


6. Event Monitoring Analytics App Trailhead, in case you're using the Event Monitoring Analytics App or a new customer getting started the Event Monitoring Analytics App Trailhead is a great way to spend 1h 15 mins to understand how to get started for adoption, performance or security monitoring for your Salesforce application.

7. Changes to Event Log File schema due to regulatory consistency

Document Attachment Downloads event log file
We retired the FILE_NAME field. If you’ve created custom fields and need to retrieve data from the FILE_NAME field, query the Document standard object. For example, SELECT Name FROM Document WHERE Id=[ENTITY_ID value from Document Attachment Downloads log data].
Knowledge Article View event log file
We retired the USERNAME field.
Logout event log file
We retired the USER_NAME field.