Set up Real-Time Event Monitoring

Learning Objectives

After completing this unit, you’ll be able to:

  • Set up Real-Time Event Monitoring via Event Manager.
  • Set user access to Real-Time Event Monitoring through profiles and permission sets.
  • Subscribe to Event Monitoring–specific platform events.
  • Describe a common use case of Real-Time Events in an organization.
  • Identify how to consume and view Real-Time Events using the Streaming Monitor app.

The challenges in this module rely on the data that come with a Trailhead Playground, so create a new Trailhead Playground for this module. Follow the steps below to create the Trailhead Playground.

Get Your Trailhead Playground Username and Password

Let’s get started by opening your Trailhead Playground. Scroll to the bottom of this page and click Launch. If you see a tab in your org labeled Get Your Login Credentials, great! Follow the steps below. 

If not, from the App Launcher (App Launcher), find and open Playground Starter and follow the steps. If you don’t see the Playground Starter app, check out Find the Username and Password for Your Trailhead Playground on Trailhead Help.

  1. Click the Get Your Login Credentials tab and take note of your username.
  2. Click Reset My Password. This sends an email to the address associated with your username.
  3. Click the link in the email.

Enter a new password, confirm it, and click Change Password.

Set Up Real-Time Event Monitoring

To get started, head to Setup and in the Quick Find box enter Event Manager. Enterprise and Unlimited environments have access to the LogoutEvent platform event object by default, but the remainder of the events need licensing to access Shield Event Monitoring. If you don’t have access and would like to try them out, you can enable Real-Time Events in a Developer Edition org. As long as the Developer Edition org has the Event Monitoring add-on subscription, you have Real-Time Event Monitoring. The Trailhead Playground org will also have access. In order to activate the events, simply navigate to the event that you would like to use and enable streaming or storage. 

Setup Event Manager displaying events and their name, subscription channel, type, description, and indication of whether they represent streaming data or storing data, or both.

Enable Access to Real-Time Event Monitoring

You can set user access to Real-Time Event Monitoring through profiles and permission sets. The user permissions needed are as follows.

  • To view events: View Real-Time Event Monitoring Data
  • To create, edit, and manage Transaction Security policies: Customize Application
Note

Note

Your Trailhead Playground already has access enabled to Real-Time Event Monitoring. However, if you want to set user access to Real-Time Event Monitoring in your Salesforce org, follow these steps.

To set user access, follow these steps.

1. From Setup, do one of the following:

    • Enter Permission Sets in the Quick Find box, then select Permission Sets.
    • Enter Profiles in the Quick Find box, then select Profiles.

2. Select a permission set or profile.

3. Depending on whether you’re using permission sets or profiles, do one of the following:

    • In permission sets or the enhanced profile user interface, select a permission. In the Find Settings dialog box, enter View Real-Time Event Monitoring Data. Click Edit, select the option, and click Save. Repeat these steps for the Customize Application permission.
    • In the original profile user interface, select a profile name, and then click Edit. Select View Real-Time Event Monitoring Data, and Customize Application if you plan to create Transaction Security policies. Click Save.

In addition to enabling Real-Time Event Monitoring, set user permissions to Real-Time Event objects. Real-Time Event Monitoring objects sometimes contain sensitive data.

Subscribe to Event Monitoring–Specific Platform Events

Real-Time Event Monitoring takes some of the events that would normally be logged and streams them using platform events. This means that you can consume the events in the same way that you do for platform events, via a subscriber. Unlike platform events, not all Real-Time Events can be subscribed to via triggers or declarative tools.

Use Real-Time Event Monitoring to subscribe to standard events published by Salesforce to monitor activity in your org. You can subscribe to this data from an external data system of your choice using a streaming API client.

Data is streamed using a publish-subscribe model. Salesforce publishes streaming data to an event subscription channel, and your app subscribes, or listens, to the event channel to get the data close to real time. Streaming events are retained for up to 3 days. Real-Time Event Monitoring’s streaming events don’t count against your Platform Events delivery allocation. Some system protection limits apply.

Note

Note

To more efficiently obtain and process event data from 3 days ago or less, we recommend querying events from big objects instead of subscribing to past events in a stream.

Subscribe Using EMP Connector

Let's take a look at one way to subscribe to platform events using EMP Connector.

Note

Note

EMP Connector is a free, open-source, community-supported tool. Salesforce provides this tool as an example of how to subscribe to events using CometD. To contribute to the EMP Connector project with your own enhancements, submit pull requests to the repository at https://github.com/forcedotcom/EMP-Connector.

Prerequisites

Enable A Real-Time Event for Streaming

1. Enable the real-time event ReportEventStream for streaming.

  1. In your playground, in Setup, enter Event Manager in the Quick Find box, and then select Event Manager.
  2. For Report Event, select Enable Streaming and Enable Storage from the dropdown.

2. To download the EMP Connector project files, open a terminal.

  1. On Windows, enter CMD in the search box at the bottom of your home screen next to the start button.
  2. On Mac, press the Command button and the space bar simultaneously to open a search bar on your screen. Then enter Terminal to search for Terminal. Double-click Terminal in the left sidebar to open your Mac's terminal.

3. In the terminal, clone the repository from GitHub with this command:

  1. git clone https://github.com/forcedotcom/EMP-Connector

4. In Visual Studio Code, click File | Open Folder.

5. Choose the EMP Connector folder you just cloned.

6. Navigate to the Java Extension Pack page in your browser.

7. Click Install.

8. Click Open Visual Studio Code.

9. Click Install.

The Java Extension Pack page in Visual Studio Code

10. Click Run | Open Configurations.

11. Click Java.

12. If you get a prompt asking you to run Java language server in standard mode, select Yes. A new file, launch.json, opens.

13. In launch.json, find the following line: "mainClass": "com.salesforce.emp.connector.example.LoginExample" and the line below it, "projectName": "emp-connector".

14. Add a comma and then press enter and copy the following text to the new line: "args": "username password /event/ReportEventStream".

A code block displaying the Visual Studio Code Java Extension Pack and “args”: “username password /event/ReportEventStream” highlighted

15. Replace username and password with your playground credentials.

Note

Note

Some operating systems interpret certain characters to have a special function. For example, on macOS and Unix-based systems, some of the special characters include !, \, and $. If your password includes special characters, the class may fail to run properly. Try escaping the special character by preceding it with \\. On a Mac, a password such as test!password would be entered as test\\!password.

16. Save the file.

17. Find main/java/com/salesforce/emp/connector/example/LoginExample.java, right-click it, and select Run.
The menu in Visual Studio Code with main/java/com/salesforce/emp/connector/example/LoginExample.java expanded and the mouse clicking on the Run button.

18. A terminal window opens with the subscription:
A terminal window in the Java Process Console that shows the code associated with the subscription

19. To generate an event message, perform the action that fires the event. For ReportEventStream, run any report in your playground.

  1. To create a report in your playground, click App launcher icon and type Reports
  2. Click Reports.
  3. Click New Report.
  4. Choose Cases and click Continue.
  5. Click Run.

20. After you run the report, EMP Connector receives an event notification and prints it to the console. The output looks similar to the following.

{
"schema": "mn_C9tvH0ofZbpxU2XthsQ",
"payload": {
"EventDate": "2020-11-18T22:39:26.000Z",
"Description": null,
"EvaluationTime": 0.0,
"NumberOfColumns": 7,
"Operation": "ReportRunAndNotificationSent",
"DashboardId": null,
"LoginHistoryId": "0YaB000003NcnpbKAB",
"Name": "Total Cases Created",
"IsScheduled": false,
"ColumnHeaders": "[OWNER, ACCOUNT.NAME, SUBJECT, CREATED_DATE, AGE, OPEN, CLOSED]",
"Format": "Tabular",
"CreatedById": "005B0000006xcmjIAA",
"OwnerId": "005B00000078z7S",
"SessionKey": "+Tned3rTsZ5a1hBA",
"PolicyOutcome": null,
"Records": "{\"totalSize\":26,\"rows\":[{\"datacells\":[\"005B00000078z7SIAQ\",\"500B00000062HLqIAM\",\"500B00000062HLqIAM\",\"001B000001KYEVsIAP\"]},{\"datacells\":[\"005B00000078z7SIAQ\",\"500B00000062HLrIAM\",\"500B00000062HLrIAM\",\"001B000001KYEVxIAP\"]},{\"datacells\":[\"005B00000078z7SIAQ\",\"500B00000062HLsIAM\",\"500B00000062HLsIAM\",\"001B000001KYEVxIAP\"]},{\"datacells\":[\"005B00000078z7SIAQ\",\"500B00000062HLtIAM\",\"500B00000062HLtIAM\",\"001B000001KYEVyIAP\"]},{\"datacells\":[\"005B00000078z7SIAQ\",\"500B00000062HLuIAM\",\"500B00000062HLuIAM\",\"001B000001KYEVyIAP\"]},{\"datacells\":[\"005B00000078z7SIAQ\",\"500B00000062HLvIAM\",\"500B00000062HLvIAM\",\"001B000001KYEVyIAP\"]}]}",
"EventIdentifier": "92b7815d-acfd-465e-9b1b-54d3a2833571",
"DisplayedFieldEntities": "Account,Owner,Case",
"RelatedEventIdentifier": null,
"ExecutionIdentifier": "cb56d782-ee73-44c5-b4b6-10a9e014b6ae",
"RowsProcessed": 26.0,
"RowsReturned": null,
"ReportId": null,
"Sequence": 1,
"DashboardName": null,
"EventSource": "Lightning",
"SourceIp": "Salesforce.com IP",
"Scope": "organization",
"Username": "rburgle@force.com",
"UserId": "005B00000078z7SIAQ",
"CreatedDate": "2020-11-18T22:39:36.796Z",
"ExportFileFormat": null,
"LoginKey": "B9AyV/N2mnoXMyXc",
"PolicyId": null,
"GroupedColumnHeaders": null,
"QueriedEntities": "Case",
"SessionLevel": "STANDARD"
},
"event": { "replayId": 127201 }
}


The output contains information about the size of the report in lines 7 (NumberOfColumnsand 19 (totalSize), the IP address of the client that logged in in line 30, login history so that you can track a user session and correlate user activity with a particular series of report events in line 10, the policy outcome of any transaction policy associated with the event, such as whether the user approved or denied the two-factor authentication request in line 18, and more.

As you can see in this example event, we can begin to piece together details around the user’s activity. We can look for other events with the same LoginHistoryID to trace events back to the user’s original authentication, and track his activity with a particular series of report events. We can also take a look at the PolicyOutcome. If the user was blocked from performing the operation that triggered the policy, entered an invalid password too many times, or denied the two-factor approval request in the authenticator app, this may signal that he tried to access unauthorized information. 

Streaming Real-Time Events

As mentioned before, Real-Time Events are streamed using platform events and can be consumed by any relevant client application. If you are using a third-party application for monitoring, you can subscribe to the Real-Time Events and evaluate them there. A great way to explore the events is to use the Streaming Monitor app provided by Salesforce Labs! Streaming Monitor allows you to select the type of event and then subscribe to a number of events using the lighting-emp-api component. If you would like to learn more, check out this blog post on Salesforce’s streaming capabilities.

Resources

Keep learning for
free!
Sign up for an account to continue.
What’s in it for you?
  • Get personalized recommendations for your career goals
  • Practice your skills with hands-on challenges and quizzes
  • Track and share your progress with employers
  • Connect to mentorship and career opportunities