Salesforce Insights

Latest Dynatrace

Salesforce Insights enables Salesforce administrators and IT operation teams to monitor their Salesforce environment.

Setup

Learn how to set up Salesforce Insights and find out what kind of data it can capture.

Make sure to meet the following requirements to use the extension.

Salesforce account

The Salesforce extension can capture three types of Salesforce data. Select each configuration for more details.

  • The Event Streaming configuration allows you to monitor the usage of your Salesforce CRM account.

  • The EventLogFile configuration allows you to ingest log files from Salesforce into Dynatrace.

  • The API Queries configuration allows you to ingest Salesforce Object Query Language (SOQL) data into Dynatrace. The data is ingested into Dynatrace as log events or Business Events.

Salesforce authentication

User and password authentication

  1. A user with the permissions for the desired configuration
  2. The password for the user
  3. The security token for the user

Connected app authentication

In this mode the extension connects as a connected app. This is the recommended method of authentication and no user password is required.
Technically, the app implements the OAuth 2.0 JWT Bearer Flow.

Dynatrace will ask for:

  • The Consumer Key of the connected app
  • The Private Key of the connected app
  • The Subject of the JWT token—this is the username of a user that is part of a Profile in the connected app
Requirements

  • openssl—for generating the certificate, not needed if you already have a certificate and a private key

    Note: on Windows, if you have git installed, you should also have a copy of openssl.
    You should find it in a directory such as C:\Program Files\Git\mingw64\bin depending on your installation.

Certificate

The connected app must have a certificate that we later authenticate with Salesforce using this certificate's private key.

This command generates a certificate and a private key:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem
  • The cert.pem file will be later added to the connected app.
  • The key.pem file will be used by Dynatrace to authenticate with Salesforce.
Create the connected app

In Salesforce Lightning

  1. Go to Setup > Apps > App Manager
  2. Select New Connected App

Name the app and add the contact email. Under API (Enable OAuth Settings):

  1. Check Enable OAuth Settings
  2. If the Callback URL is not used, you can put in http://localhost
  3. Check Use digital signatures
  4. Upload the cert.pem file generated above under Use digital signatures.
  5. In Selected OAuth Scopes, add these scopes:
    • Manage use data via APIs (API)
    • Perform requests at any time (refresh_token, offline_access)
  6. Leave all other settings as default and select Save.
OAuth policy
  1. Set up the OAuth Policy permitted users.
  2. On the connected app page, select Manage > Edit Policies.
  3. Under OAuth Policies select Admin approved users are pre-authorized.
  4. Select Save.
Approved users

Identify users that can use the app. You can do it by adding Profiles to the Application Profile Assignment list.

  1. On the connected app page, go to Profiles > Manage Profiles.
  2. Add profiles that can use the connected app.
    Note: Later, any username from these profiles can be used as the Subject when configuring the extension.

Profiles need the following permissions for event streaming:

  • General user permissions
    • View Real-Time Event Monitoring Data
  • Administrative permissions
    • Customize Application
    • View All Data

To check the needed permissions documentation, see how to Enable Access to Real-Time Event Monitoring.

Client ID authentication

For Client ID authentication, create an API Only user in Salesforce, and provide the Client ID and Client Secret.

Enable extension

To enable the Salesforce Extension, you must have an Environment ActiveGate.

  1. Find the extension in Hub and activate it.
  2. Select Add monitoring configuration on the Configuration page.
  3. Select an ActiveGate group.
    • One of these servers will need to access the salesforce API, which is publicly available.
    • The login URLs are: https://login.salesforce.com or https://test.salesforce.com
    • The Pub/Sub endpoints are: api.pubsub.salesforce.com:7443 or api.deu.pubsub.salesforce.com:7443
    • A proxy can be configured later if necessary.
Parameter
Description
Endpoint name
Choose a helpful name to identify the endpoint
Login URL
Choose from Production or Sandbox
Pub/Sub URL
Choose from Global Endpoint or Europe (Frankfurt) Endpoint
Reporting Mode
Business Events, Logs, OpenKit (RUM)
Custom Application ID
The Dynatrace Custom Application ID for the app you created before
(only needed if a managed environment is used and OpenKit is used as reporting mode.)
Authentication type
Events filtering
Choose which real-time events you'd like to send to Dynatrace, by default all are enabled
Usernames Blocklist
Optional list of Usernames to ignore; use this to block automation/API users from reporting
Proxy
Optional proxy; in case the ActiveGate cannot connect to the Salesforce URLs
OpenKit

If you use OpenKit, we recommend starting with the Custom Application setup.

Salesforce Data Ingest

Event Streaming

Capture real-time events from Salesforce and send them as Business Events to Dynatrace.

RUM ingest should only be used on Managed Environments.

  1. Enable Real-time event Streaming.
  2. In Setup > Event Manager, enable Streaming Data for the events you want to capture.
  3. Obtain the credentials needed for the extension to connect to Salesforce.

Enable use cases such as:

  • Track Session Hijack, Credential Stuffing and Anomaly Events
  • Track important permission sets and changes
  • What are the slowest Lightning or Classic pages response times?
  • What files are being uploaded, downloaded, and by which user?
  • What are the most used reports, who is running them, what queries are being used?
  • What are the top API Queries being made?
  • What browsers are users using?
  • Where is Salesforce being accessed from?
  • How many users are using the platform currently, what is the user experience?

The extension uses the Salesforce Pub/Sub API to list for Event Streaming Events. These events are captured and sent as Business events, or in case of OpenKit as User Actions, with all their respective properties sent as Action Properties.

For a detailed description of every event and their properties, see the Salesforce documentation.

Events
Description
Track anomalies in how users make API calls.
Track user API queries in your organization.
Track when a user downloads the results of a Bulk API request.
Track when a Concurrent Long Running Apex error has occurred.
Track when a user successfully logs in to Salesforce during an identified credential stuffing attack.
Track file activity. For example, track when a user downloads or previews a file.
Track when a user creates, accesses, updates, or deletes a record in Salesforce Lightning.
Track when a user accesses data with list views.
Track when an admin logs into your organization as another user.
Track when a user logs in to your organization.
Track when a user logs out in the Salesforce UI.
Track when users are assigned the Modify All Data or View All Data permission through a permission set.
Track anomalies in how users run or export reports.
Track when a user accesses or exports data with reports.
Track when an unauthorized user gains ownership of a Salesforce user’s session with a stolen session identifier.
Track when a user creates, accesses, updates, or deletes a record in Salesforce Classic.

The extension is limited to events that Salesforce produces as Real-Time Events.

Business Events

For business events, all data is ingested using the business events API.

It can be queried using DQL:

fetch bizevents
| filter event.type == "salesforce.ApiEventStream"

img.png

Each of the events of type salesforce.NameOfTheEvent will have all properties documented by Salesforce.
For instance, see the properties for an ApiEventStream.

So we can create visualizations using all of these properties.

fetch bizevents
| filter event.type == "salesforce.ApiEventStream"
| summarize count(), by: {SourceIp}

img.png

You can get a list of all event types with DQL:

fetch bizevents
| filter event.provider == "https://dynatrace--staging.sandbox.my.salesforce.com"
| summarize count(), by: {event.type}

img.png

Example: Get logins by user overtime
fetch bizevents
| filter event.type == "salesforce.LoginEventStream"
| makeTimeseries logins=count(), by:{Username}, interval: 5m
| sort logins desc

img.png

OpenKit

To create a custom application to receive the data:

  1. In Hub, see Digital Experience Monitoring section. Then, select Generic front end > Set up.
  2. Create your custom application—name it and choose an icon.
  3. Select Monitor custom application.

custom-app-01

  1. In the Custom application settings, go to Instrumentation wizard and save the Application ID for later.

custom-app-02

  1. Now you can enable the extension. For details, go back to the #enable-extension section.

The data is sent to the Frontend application that you created, so you can access:

  • Sessions Details
  • The individual properties, by selecting User Action > Perform waterfall analysis

To use these properties in User Sessions Query Language:

  1. In the application settings, go to Session and user action properties.
  2. Create a property. Note: the Name must match exactly the property name, see Salesforce events.

Example: Capture the rows number

salesforce-data-04

Querying the property:

SELECT useraction.name, SUM(longProperties.rowsprocessed) FROM useraction WHERE useraction.name STARTSWITH "Report" GROUP BY useraction.name

salesforce-data-05

EventLogFile

Capture event log files from Salesforce and ingest them as logs to Dynatrace.

  • EventLogFile needs to be enabled in Salesforce.
  • The user must have set permissions to read event log files.

Details

  1. Create a new EventLogFile configuration by selecting Configure EventLogFile.
    Note that under Events to capture all the different Log Files will be disabled by default.
  2. Select which log files you would like to ingest.

Do not expect real-time data out of this configuration. Event Log data is delayed by several hours in Salesforce.

Visualization

The events are sent as Log Events to Dynatrace, and can be queries using DQL:

fetch logs
| filter query.type == "EventLogFile"

img.png

Every property for a certain Event Log File will be available.
To find fields details, see EventLogFile Supported Event Types.

Example

Get details about ApexExecution events:

fetch logs
| filter EVENT_TYPE == "ApexExecution"
| fields TIMESTAMP_DERIVED, ENTRY_POINT, EXEC_TIME, CPU_TIME, DB_TOTAL_TIME, NUMBER_SOQL_QUERIES

img.png

API Queries (SOQL)

Run SOQL queries against Salesforce and ingest the data as logs or Business Events. The user must have permissions to query the Salesforce API, and read the Objects that are being queried.

Details

To ingest Salesforce Object Query Language (SOQL) data into Dynatrace,

  1. Select Configure API queries.

  2. Add up to 100 SOQL queries to be executed at the specified interval. Each query has the following parameters:

    • Query Name—A name for the query that will help you locate this query data later in Dynatrace Logs.
    • Query—The SOQL query to be executed.
      • The query must contain at least one datetime field.
      • The placeholder {last_execution_timestamp} must be used to filter the query results and deduplicate the data.
      • Example: SELECT Id, CreatedDate, Field, NewValue, OldValue FROM OpportunityFieldHistory WHERE CreatedDate > {last_execution_timestamp}
    • Frequency
      • The frequency can be of type Interval or Cron.
      • Interval—The query will be every X minutes.
      • Cron—The query will be executed based on the cron expression provided, you can use crontab guru to generate the cron expression.

Visualization

Let's consider this query configuration:

Query Name: Logins
Query: SELECT UserId, COUNT(Id) from LoginHistory WHERE LoginTime > {last_execution_timestamp} GROUP BY UserId

img.png

The results can be obtained with the DQL:

fetch logs
| filter query.name == "Logins"

img.png

And a chart could be created with:

fetch logs
| filter query.name == "Logins"
| makeTimeseries sum(toDouble(expr0)), by: {UserId}, interval: 5m

img.png

You can also fetch all the queries and their text configured for this Salesforce instance:

fetch logs
| filter event.provider == "https://dynatrace--staging.sandbox.my.salesforce.com"
| summarize count(), by: {query.name}

img.png

Extend the retention period for Salesforce Insights data

By default, your ingested data is stored for 30 days. You can adjust the retention time by creating a custom bucket.

To create a custom bucket for a Salesforce event

  1. In Dynatrace, go to Settings > Business Analytics > Bucket assignment.

  2. On the Business event bucket assignment page, select Add rule and name your rule.

  3. In the Bucket field, choose your retention period.

  4. Add a Matcher to your rule by typing or pasting your matcher-specific DQL query. Events that match your rule will be assigned to your selected bucket. If no rules match, events will be assigned to the default bucket. To assign all your Salesforce events to your bucket, you need to use the matcher containing the matchesValue function and your Salesforce URL, as in the example below.

    matchesValue(event.provider, "https://environment.my.salesforce.com")

  5. Select Save changes.

Troubleshooting

Error logs can be obtained via Dynatrace, by navigating to the Extension page, and selecting Status for each monitoring configuration.

Detailed logs can be obtained by creating an ActiveGate Diagnosis.