Dynatrace Hub

Extend the platform,
empower your team.

Popular searches:

Salesforce Event Streaming (v2)

Salesforce Event Streaming (v2)

Capture Real User Monitoring data via Salesforce Real Time Event Streaming.

Extension by Dynatrace

Product information
Release notes

Overview

The Salesforce Event Streaming extension allows you to monitor the usage of your Salesforce CRM account.

Answer questions like:

What are the slowest Lightning or Classic pages response times
Track Session Hijack, Credential Stuffing and Anomaly Events
Track important permission sets changes
What files are being uploaded and download? By which users?
What are the most used reports, who is running them, what queries are being used
How many users are using the platform currently, what is the user experience
What are the top API Queries being made
Where is salesforce being accessed from?
What is the browser being used?

Get started

Requirements

A Salesforce account with real time event streaming enabled
- For Username + Password authentication, the username, password and security token
- For Connected App authentication, a Connected App with a pem certificate
An Environment Activegate

Salesforce Account

Under Setup -> Event Manager enable Streaming Data for the events you want to capture.
Obtain the credentials needed for the extension to connect to Salesforce.
- For Username + Password authentication, check the User and Password Authentication section of this documentation
- For Connected App authentication, check the Connected App Authentication section of this documentation

event-manager

Dynatrace

Create a Custom Application to receive the data:

Navigate to Digital Experiences -> Custom Applications -> Create custom application.
Give it a name and an icon

custom-app-01

Under the application settings, navigate to Instrumentation Wizard and save the Application ID for later

custom-app-02

Activate the extension:

Navigate to the Dynatrace Hub and activate the extension.
Create a monitoring configuration on the extension page.
Select an Activegate group.
- One of these servers will need to access the salesforce API, which is on the internet.
- The login URLs are: https://login.salesforce.com or https://test.salesforce.com
- The Pub Sub endpoints are: api.pubsub.salesforce.com:7443 or api.deu.pubsub.salesforce.com:7443
- A proxy can be configured later if necessary.

The parameters for the monitoring configuration are:

Parameter	Description
Endpoint name	A friendly name to identify the endpoint
Login URL	Chose from Production or Sandbox
Pub/Sub URL	Chose from Global Endpoint or Europe (Frankfurt) Endpoint
Reporting Mode	Only OpenKit is supported at this time
Custom Application ID	The Dynatrace Custom Application ID for the app you created before
Authentication type	Choose from Username and Password or Connected App, see specific documentation below
Events filtering	Choose which real time events you'd like to send to Dynatrace, by default all are enabled
Usernames Blocklist	Optional list of Usernames to ignore, use this to block automation/api users from reporting
Proxy	Optional proxy, in case the Activegate cannot connect to the Salesforce URLs

The data is sent to the Frontend Application that you created:

salesforce-data-01

You can drill down to the Sessions:

salesforce-data-02

And to the individual properties, by clicking on the User Action > Perform waterfall analysis:

salesforce-data-03 To use these properties in User Sessions Query Language:

Under the application settings, navigate to Session and user action properties
Create a property. Note: the Name must match exactly the property name as documented in the Salesforce events.

Example: capturing the number of rows for a report:

salesforce-data-04

Querying the property:

SELECT useraction.name, SUM(longProperties.rowsprocessed) FROM useraction WHERE useraction.name STARTSWITH "Report" GROUP BY useraction.name

salesforce-data-05

Details

The extension uses the Salesforce Pub/Sub API to listen for Event Streaming Events.

These events are captured and sent as User Actions with all their respective properties sent as Action Properties. The event properties can be seen by clicking on an User Action > Perform waterfall analysis

A detailed description of every event and their properties can be found on the Salesforce documentation.

The current events being captured are:

ApiAnomalyEvent - Track anomalies in how users make API calls
ApiEventStream - Track user API queries in your org
BulkApiResultEvent - Track when a user downloads the results of a Bulk API request
ConcurLongRunApexErrEvent - Track when a Concurrent Long Running Apex error has occurred
CredentialStuffingEvent - Track when a user successfully logs in to Salesforce during an identified credential stuffing attack
FileEvent - Track file activity. For example, track when a user downloads or previews a file
LightningUriEventStream - Track when a user creates, accesses, updates, or deletes a record in Salesforce Lightning
ListViewEventStream - Track when a user accesses data with list views
LoginAsEventStream - Track when an admin logs in to your org as another user
LoginEventStream - Track when a user logs in to your org
LogoutEventStream - Track when a user clicks Log Out in the Salesforce UI
PermissionSetEvent - Track when users are assigned the Modify All Data or View All Data permission through a permission set
ReportAnomalyEvent - Track anomalies in how users run or export reports
ReportEventStream - Track when a user accesses or exports data with reports
SessionHijackingEvent - Track when an unauthorized user gains ownership of a Salesforce user’s session with a stolen session identifier
UriEventStream - Track when a user creates, accesses, updates, or deletes a record in Salesforce Classic

User and Password authentication

A user with the permissions:
- General User Permissions
  - View Real-Time Event Monitoring Data
- Administrative Permissions
  - Customize Application
  - View All Data
The password for the user
The security token for the user

Connected App authentication

In this mode the extension connects as a Connected App, this is the recommended method of authentication and no user password is required.
Technically, the app implements the OAuth 2.0 JWT Bearer Flow

Dynatrace will ask for:

The Consumer Key of the Connected App
The Private Key of the Connected App
The Subject of the JWT token, this is the username of a user that is part of a Profile in the Connected App

Requirements

openssl (for generating the certificate, not needed if you already have a certificate and private key)

Note, on Windows if you have git installed you should also have a copy of openssl.
It would be under a directory like C:\Program Files\Git\mingw64\bin depending on your installation.

You can read more about the OAuth 2.0 JWT Bearer Flow here

Certificate

The connected app must have a certificate.
We later authenticate with Salesforce using this certificate's private key

This command generates a certificate and a private key:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem

The cert.pem file will be later added to the Connected App.
The key.pem file will be used by Dynatrace to authenticate with Salesforce.

Create the Connected App

In Salesforce Lightning:

Go to Setup > Apps > App Manager
Select New Connected App

Give the app a name and add the contact email. Under API (Enable OAuth Settings):

Check Enable OAuth Settings
The Callback URL is not used, you can input http://localhost
Check Use digital signatures

Upload the cert.pem file generated above under Use digital signatures.

Under Selected OAuth Scopes, Add these scopes:

Manage use data via APIs (api)
Perform requests at any time (refresh_token, offline_access)

Leave all other settings as default and click Save.

The Connected App screen should look like this (with your name, email and certificate):

OAuth policy

Now set up the OAuth Policy permitted users.
On the connected app page, select Manage, then Edit Policies.

Under OAuth Policies select Admin approved users are pre-authorized.
Click Save.

Approved users

Identify users that can use the app.
This is done by adding Profiles to the Application Profile Assignment list.

One the connected app page, under Profiles, click Manage Profiles.
Add profiles that can use the connected app.
Note: Later, any username from these profiles can be used as the Subject when configuring the extension.

Note that the profile needs the permissions:

General User Permissions

View Real-Time Event Monitoring Data

Administrative Permissions

Customize Application
View All Data

Please check the needed permissions documentation here

Troubleshooting

Logs

Error logs can be obtained via Dynatrace, by navigating to the Extension page, and clicking on the Status for each Monitoring Configuration.
Detailed logs can be obtained by creating an Activegate Diagnosis

salesforce-faq-01

Support

Built and supported by Dynatrace

Dynatrace support center

Subscribe to new releases

copy to clipboard

Full version history

To have more information on how to install the downloaded package, please follow the instructions on this page.

ReleaseDate

Version 2.0.7

Build with glibc 2.17 for compatibility with linux AGs running older glibc

Version 2.0.6

Reduce the http client timeout from 60 to 30 seconds, to better display error messages during the fastcheck

Version 2.0.5

Fix an issue where sometimes the thread ID for the OpenKit beacon was higher than what is allowed, causing data to not be reported.

No release notes

Discover recent additions to Dynatrace

Site Reliability Guardian

SRG: Automated change impact analysis for your deployment and release processes

DevSecOps Lifecycle Coverage with Snyk

Connect Snyk container scans and Dynatrace runtime insights for strong security.

Business Flow

Know your business result and see problematic process steps.

Salesforce Insights

Provides salesforce usage insights

Carbon Impact

Provides the information about site's carbon footprint

Analyze your data

Understand your data better with deep insights and clear visualizations.

Notebooks

Create powerful, data-driven documents for custom analytics and collaboration.

Dashboards

Transform complex data into clear visualizations with custom dashboards.

Automate your processes

Turn data and answers into actions, securely, and at scale.

Workflows

Automate tasks in your IT landscape, remediate problems, and visualize processes

Jira for Workflows

Jira Integration for managing Jira issues via Workflow actions

Slack for Workflows

Automate Slack messaging for security incidents, attacks, remediation, and more.

Secure your cloud application

See vulnerabilities and attacks in your environment.

Security overview

Get a comprehensive overview of the security of your applications.

Third-party vulnerabilities

Detect vulnerabilities in real time, with context and automated risk assessment.

Code-level vulnerabilities

Detect vulnerabilities in your code in real time.

Attacks

Get a real-time overview of all the attacks on your environment.

Are you looking for something different?We have hundred of apps, extensions, and other technologies to customize your environment

Leverage our newest innovations of Dynatrace Saas

Kick-start your app creation

Kick-start your app creation

Whether you’re a beginner or a pro, Dynatrace Developer has the tools and support you need to create incredible apps with minimal effort.

Go to Dynatrace Developer

Upgrading from Dynatrace Managed to SaaS

Upgrading from Dynatrace Managed to SaaS

Drive innovation, speed, and agility in your organization by seamlessly and securely upgrading.

Log Management and Analytics

Log Management and Analytics

Innovate faster and more efficiently with unified log management and log analytics for actionable insights and automation.