Skip to main content

Query Event Log Data for Security and Performance Insights

Learning Objectives

After completing this unit, you’ll be able to:

  • Explain what Event Log Objects are and why they’re useful.
  • Describe how to query Event Log Object data using SOQL.
  • Explain how to use Salesforce Direct to create visualizations of event log data.
  • List some use cases for building custom Lightning UI apps using Event Log Objects.

Act Fast on Security and Performance Events

When it comes to security and performance incidents, early detection is crucial. Event Log Objects are here to help. Event Log Object data is available with minimal delay, in near real-time, enabling you to detect issues earlier and improve issue mitigation. The Event Log Object framework helps you surface event data in the Event Log standard objects. This makes it easy to perform interactive analytics and diagnose security and performance issues using SOQL.

Let's see how Event Log Objects compare with event log files. Event logs capture data quickly, but log files are generated at intervals: a daily 24-hour log file, or hourly. The daily log files are generated after peak hours, so you'll see the data for a given day in the next day's file. Hourly log files have a shorter delay; they typically show activity that happened 3 to 6 hours earlier. But this can vary depending on ‌system load and other factors. Also, you can't access log files directly in the user interface, though you can view them through the Event Monitoring Analytics app.

Event Log Objects contain many of the same events as the Event Log File framework, and you can query this data using SOQL and Salesforce Platform APIs instead of downloading CSV files.

With Event Log Objects, you can query up to 15 days of data at a time using the Timestamp filter present on all event log objects. And you can transform your event log data into clear, insightful visualizations with Salesforce Direct. Use a variety of chart types to gain deeper insights. For more details, check out Analyze Log Data with Salesforce Direct.

Event Log Objects dashboard.

You can also use Event Log Objects and Salesforce Platform APIs to build custom apps in Lightning UI for specific event-related use cases. To get the most out of your log data, review the Best Practices and Considerations for Leveraging Event Log Object Data article before you start creating queries.

Use Case: Monitor Report Exports for Anypoint Security

Let’s look at a use case. Your business requires employees to use Salesforce to view data and generate reports. However, large data exports can be a sign of a security breach. To ensure security, you want to monitor and, if needed, limit large data exports. Here’s how you can find out which users have exported the most rows from the Report Event Log in the previous 10 days.

SOQL Query

Run this SOQL query to find users who have exported rows through reports in the past 10 days:

SELECT UserIdentifier,
SUM(RowCount) FROM ReportEventLog WHERE Origin='ReportExported' AND DAY_ONLY(Timestamp) > LAST_N_DAYS:10
Group By UserIdentifier Order by SUM(RowCount) DESC

For each user, sum the number of exported rows in the last 10 days: SUM(RowCount) FROM ReportEventLog WHERE Origin='ReportExported' AND DAY_ONLY(Timestamp) > LAST_N_DAYS:10

Order the users by number of rows exported: Group By UserIdentifier Order by SUM(RowCount) DESC

Key Takeaways

You can obtain information about different types of events with minimal latency by querying Event Log Objects. Event Log Objects enable you to stay on top of security events and respond efficiently.

Ready for some next steps? Dive into the resources to learn more!

Resources

Comparta sus comentarios sobre Trailhead en la Ayuda de Salesforce.

Nos encantaría conocer su experiencia con Trailhead. Ahora puede acceder al nuevo formulario de comentarios cuando quiera desde el sitio de la Ayuda de Salesforce.

Más información Continuar para compartir comentarios