Extend the platform,
empower your team.
Enables you to monitor the usage of your salesforce environment by end users.
Extension by DynatraceThe Salesforce event stream extension allows you to monitor the usage of your salesforce environment by the end users.
Get insight into the usage of the Salesforce platform, answering questions like:
What are the slowest Lightning or Classic pages response times What are the most used reports, who is running them, what queries are being used How many users are using the platform currently, what is the user experience What are the top API Queries being made Where is salesforce being accessed from? What is the browser being used?
Salesforce account
View Real-Time Event Monitoring Data
user permission.Customize Application
permission as documented hereAn example of an account configured with Event Streaming (Setup > Events > Event Manager):
https://dt-cdn.net/hub/event_manager_YeVsnKM.png
There are three steps to install this ActiveGate extension:
plugin_deployment
folder of the remote plugin module:
unzip -o -d /opt/dynatrace/remotepluginmodule/plugin_deployment custom.remote.python.salesforce_eventstream.zip
- Adjust the path if the ActiveGate was installed somewhere other than /opt/dynatrace
2. Browser - Upload the same extension ZIP file to your tenant.
- Settings > Monitored technologies > Custom extensions > Upload extension
3. Define the custom application
Create an endpoint for every Salesforce account you want to monitor. This is done at Settings > Monitored technologies > Custom extensions > Salesforce EventStream.
There are two ways to connect to the Salesforce API:
Username and Password
Connected App - In this mode, you connect as a connected app.
Drawbacks:
Advantages:
The parameters are:
https://localhost:9999/mbeacon/<environment_id>
9999
.View Real-Time Event Monitoring Data
permissionConnected App
or Username + Password
Username + Password
authentication is selectedConnected App
authentication is selectedConnected App
authentication is selectedttps://login.salesforce.com
https://test.salesforce.com
https://site.force.com/customers
Connected App
authentication is selectedConnected App
authentication is selectedConnected App
authentication is selectedConnected App
authentication is selected8443
if using mutual certificates
, usually 443
otherwisepem
file that has the full certificate chain, example: /var/certs/fullchain.pem
user + password + security token
pem
file that has the certificate key , example: /var/certs/key.pem
/event/LightningUriEventStream
events/event/APIEventStream
events/event/ListViewEventStream
events/event/UriEventStream
events/event/ReportEventStream
events1440
minutes (Sessions older than 1 day
will be closed and deleted from the cache)http://proxy.com:3128
Real User Monitoring
All data is sent using the Real User Monitoring
SDK, called Openkit
You can view the data under Applications > Application Name.
A Custom Device
is also created for troubleshooting purposes only.
Technologies > Salesforce Connector > Salesforce Connector (<application_id>)
If there are any WARNING
messages thrown by the extension, they are sent as Custom Info Events
on the Custom Device page.
If there are ERROR
or FATAL
messages, they will open a problem for the same custom device.
This ActiveGate extension uses Openkit to create user sessions based on Salesforce event stream events. This extension reports real user sessions and actions. The data is captured from the Salesforce Event Streaming API.
The properties below are captured for the corresponding events. These are displayed in the user action waterfall.
Options marked with an *
are only captured if Capture user details
is enabled.
Note that you need to create action or session properties to query these in Dynatrace using UQL.
Salesforce account with Salesforce Shield
or Salesforce Event Monitoring
add-on subscription
This extension consumes DEM Units. The amount of DEM units depends on the number of Salesforce sessions, as per the table in the documentation.
Get insight into the usage of the Salesforce platform, answering questions like:
The connected app will need a certificate attached to it.
You can use an existing certificate or create a new one.
Here are the steps to create a certificate using openssl
and keytool
.
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem
This will create two files called cert.pem
and key.pem
.
cat cert.pem key.pem >> full_cert.pem
After this step, you should have a file called full_cert.pem
Convert the full_cert.pem
file to pkcs12. You must set a password when prompted.
openssl pkcs12 -export -out full_cert.pkcs12 -in full_cert.pem
Add the file to a new Java keystore.
Set a password for the keystore (destination password).
The source password is the one you created with the previous command.
keytool -importkeystore -srckeystore full_cert.pkcs12 -srcstoretype pkcs12 -destkeystore full_cert.jks -deststoretype JKS
After this is done, you should have five files. You will only use two of them:
In Salesforce Lightning, go to Setup > Apps > App Manager. Select New Connected App.
https://dt-cdn.net/hub/new_connected_app.png
Give the app a name and add the contact email.
Under API (Enable OAuth Settings)
, enable:
Enable OAuth Settings
The callback URL won't be used. you can use something like http://localhost
Upload the cert.pem
file you created under Use digital signatures
.
https://dt-cdn.net/hub/app_settings_1.png
Under Selected OAuth Scopes
, add:
(api)
scope, which should be called Manage user data via APIs (api)
(refresh_token, offline_access)
scope, which should be called Perform requests at any time (refresh_token, offline_access)
The names might differ depending on the version of Salesforce. Use the ones that end with (api)
and (refresh_token, offline_access)
.
https://dt-cdn.net/hub/app_settings_2.png
Leave all other options as is. Select Save.
Now it's time to set up the OAuth Policy
permitted users.
On the connected app page, select Manage, then Edit Policies.
Under OAuth Policies select Admin approved users are pre-authorized.
https://dt-cdn.net/hub/policy.png
Select Save.
On the same connected app page, under Profiles, select Manage Profiles.
Add a profile for users that are approved to use this connected app, like System Administrator
.
https://dt-cdn.net/hub/profiles.png
Place the full_cert.jks
file somewhere in the ActiveGate file system.
On Linux, the user dtuserag
must be able to read
this file.
The path to this file will later be used in the Dynatrace extension configuration page.
For this setup, this is how the endpoint will look in Dynatrace:
Important notes:
Classic URL
.1
because it was not specified.Consumer Key
can be copied from Setup > Apps > App Manager > View in Salesforce.https://dt-cdn.net/hub/endpoint_connected_app.png
The logs under %PROGRAMDATA%
(windows) or /var/lib
(Linux) give you more details if you run into trouble.
The full path is /var/lib/dynatrace/remotepluginmodule/log/remoteplugin/custom.remote.python.salesforce_eventstream/SalesforceEventStream.log
A good example log:
https://dt-cdn.net/hub/log.png
Errors will also be sent to a custom device. Here's an example of an error when using the lightning URL instead of the classic URL:
This is done by using the UserId and looking for it in the list of currently opened sessions. This is necessary because some events report LoginKey and SessionKey as null sometimes, see: https://developer.salesforce.com/docs/atlas.en-us.platform_events.meta/platform_events/sforce_api_objects_reporteventstream.htm
Remove unused fields from the extension
To update, please:
Report properties that were not being reported to a Login Action: