[salesforce] Add salesforce package foundation along with login_rest data stream
#4261
Conversation
yug-rajani
added
enhancement
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
🤖 GitHub commentsExpand to view the GitHub comments
To re-run your PR in the CI, just comment with:
|
🌐 Coverage report
|
yug-rajani
changed the title
salesforce package foundation along with login_rest data streamsalesforce package foundation along with login_rest data stream
|
If specifying the version is important, then below questions apply
|
packages/salesforce/data_stream/login_rest/agent/stream/httpjson.yml.hbs
Outdated
Show resolved
Hide resolved
Yes, it should. The deployment logic associated with the old version is still available for use as long as you force the API to use the old version (reference).
Technically, it must be supported in 53.0. We tested the version 52.0 when we developed the Filebeat Module (which was the latest stable version then), while we tested it with the latest stable version now (based on Workbench) i.e. 54.0 when developing the current integration for Salesforce. However, we are hard-coding the version and hence using the API v53.0 wouldn't be possible here.
Whenever Salesforce releases a new application version, Salesforce internally updates the API version (reference).
Based on the release notes here, I think the API version increments with the major version upgrade.
The steps can be found here.
The steps can be found here.
As it is a cloud platform, I think the users will always be using the latest version of Salesforce. Also, the test instance we use was created approximately a year ago, when the latest version was |
This is system test event only that's why you are seeing this difference. For customer there won't be a scenario in which they'll face this huge difference. Let me update current test event with the live response so you won't see this difference in the system test as well. |
|
Can we also attempt to do a Maps visualization in the dashboard, making use of the This is the requirement i mentioned in the TDD document |
|
If the user has multiple salesforce URLs (spanned across multiple policy), how would the user select a specific salesforce instance in kibana? Shouldn't HostControl be used to help user? |
Please hold this requirement until more clarity is available on elastic/elastic-package#1053 (comment) |
Reference : elastic/elastic-package#1053 (comment) @ruflin , @jsoriano If the geoIP processor might not always give the latitute and longitude values, is it a good approach to go with a kibana map for geo distribution of users (in this case salesforce users). Three approaches I can think of are : Approach 1 : Approach 2 : Approach 3: This is a challenge in every dashboard where geomap is used. What can be the best approach? Please note, Geo Map representation is an additional representation over the table representation displaying top 10 source IPs. I find that GeoMap representation would be a convenient representation for security audit users. |
|
I think we use "Approach 2" already in quite a few dashboards and did not have complaints yet. I would expect that in general it is understood that not 100% of ip addresses can be translated to geo locations so that some ip addresses are missing is expected. I personally always like to see the map visualisation as it is eye catching. |
|
|
||
| - In case of data ingestion if the user finds following type of error logs: | ||
| ``` | ||
| {"log.level":"error","@timestamp":"2022-11-24T12:59:36.835+0530","log.logger":"input.httpjson-cursor","log.origin":{"[file.name](http://file.name/)":"compat/compat.go","file.line":124},"message":"Input 'httpjson-cursor' failed with: input.go:130: input 8A049E17A5CA661D failed (id=8A049E17A5CA661D)\n\toauth2 client: error loading credentials using user and password: oauth2: cannot fetch token: 400 Bad Request\n\tResponse: {\"error\":\"invalid_grant\",\"error_description\":\"authentication failure\"}","[service.name](http://service.name/)":"filebeat","id":"8A049E17A5CA661D","ecs.version":"1.6.0"} |
There was a problem hiding this comment.
Please do the formatting.
|
|
||
| Example: | ||
|
|
||
| Address Bar Content: https://elastic1234-dev-ed.my.salesforce.com/home/home.jsp?source=lex |
There was a problem hiding this comment.
Please elaborate as
If Address bar content is Salesforce Instance URL is
|
|
||
| ### Steps to find out the version of Salesforce | ||
|
|
||
| On the Home tab in Salesforce Classic, on the top right of the screen is a link to release like `Summer '22`. This indicates your release. |
There was a problem hiding this comment.
What about for Salesforce Lightening?
There was a problem hiding this comment.
We could not find the exact way for the Salesforce Lightning, However User will still have two options
- Switch his view to Classic and can find the same, they just need one click to perform this activity.
- To find out the version of Salesforce by hitting the following URL: (Salesforce Instance URL)/services/data
The option 2 is already mentioned in the Readme
|
@SubhrataK , kindly have a look at the README and share your feedback. |
|
Feedback shared via the Google Doc. @kush-elastic kindly update the readme based on my comments provided in the doc. |
|
@SubhrataK , @kush-elastic has requested for the final approval of the PR. Can you please check if it looks good to you? |
|
@agithomas Looks good to me. |
|
LGTM |
|
Package salesforce - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=salesforce |
andrewkroh
added
the
New Integration
What does this PR do?
login_rest)Checklist
changelog.ymlfile.manifest.ymlfile to point to the latest Elastic stack release (e.g.^7.13.0).How to test this PR locally