diff --git a/packages/salesforce/_dev/build/docs/README.md b/packages/salesforce/_dev/build/docs/README.md
index 38a72ad7c5d..fbb13e5e78e 100644
--- a/packages/salesforce/_dev/build/docs/README.md
+++ b/packages/salesforce/_dev/build/docs/README.md
@@ -1,178 +1,187 @@
-# Salesforce Integration
-
-## Overview
-
-The Salesforce integration allows you to monitor a [Salesforce](https://www.salesforce.com/) instance. Salesforce is a customer relationship management (CRM) platform. It provides an ecosystem for businesses to manage marketing, sales, commerce, service, and IT teams from anywhere with one integrated CRM platform.
-
-Use the Salesforce integration to:
-- Gain insights into login and other operational activities by the users of your organization.
-- Create visualizations to monitor, measure and analyze the usage trend and key data, and derive business insights.
-- Create alerts to reduce the MTTD and also the MTTR by referencing relevant logs when troubleshooting an issue.
-
-As an example, you can use the data from this integration to understand the activity patterns of users based on region or the distribution of users by license type.
-
-## Data streams
-
-The Salesforce integration collects log events using the REST API of Salesforce.
-
-**Logs** help you keep a record of events happening in Salesforce.
-Log data streams collected by the Salesforce integration include [Login](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_login.htm), and [Logout](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_logout.htm).
-
-Data streams:
-- `login_rest`: Tracks login activity of users who log in to Salesforce.
-- `logout_rest`: Tracks logout activity of users who logout from Salesforce.
-
-## Compatibility
-
-This integration has been tested against Salesforce `Spring '22 (v54.0) release`.
-
-In order to find out the Salesforce version of your Instance, see below:
-
-1. On the Home tab in Salesforce Classic, in the top right corner of the screen is a link to releases like `Summer '22`. This indicates your release.
-
-2. An alternative way to find out the version of Salesforce is by hitting the following URL:
- - Format: (Salesforce Instance URL)/services/data
- - Example: `https://na9.salesforce.com/services/data`
-
-Example response:
-```xml
-
-
-
- /services/data/v53.0
- 53.0
-
-
-
- /services/data/v54.0
- 54.0
-
-
-
- /services/data/v55.0
- 55.0
-
-
-```
-The last one on the list is the release of your instance. In the example above, the version is `Summer '22` i.e. `v55.0`.
-
-## Prerequisites
-
-You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
-You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended or self-manage the Elastic Stack on your own hardware.
-
-In your Salesforce instance, ensure that `API Enabled permission` is selected for the user profile. Follow the below steps to enable the same:
-
-1. Go to `Setup` > `Quick Find` > `Users`, and Click on `Users`.
-2. Click on the profile link associated with the `User Account` used for data collection.
-3. Search for `API Enabled` permission on the same page. In case it’s not present, search it under `System Permissions` and check if `API Enabled` privilege is selected. If not, enable it for data collection.
-
-## Set Up
-
-For step-by-step instructions on how to set up an integration, see the [Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.
-
-## Configuration
-
-You need the following information from your Salesforce instance to configure this integration in Elastic:
-
-### Salesforce Instance URL
-
-The instance your Salesforce Organization uses is indicated in the URL of your browser's address bar in Salesforce Classic. The value before 'salesforce.com' is your Salesforce Instance.
-
-Example URL: `https://na9.salesforce.com/home/home.jsp`
-
-In the above example, the value before 'salesforce.com' is your Salesforce Instance. In this example, the Salesforce Organization is located on NA9.
-
-The Salesforce Instance URL is: `https://na9.salesforce.com`
-
-In Salesforce Lightning, it is available under the user name in the “View Profile” tab.
-
-### Client Key and Client Secret for Authentication
-
-In order to use this integration, you need to create a new Salesforce Application using OAuth. Follow the steps below to create a connected application in Salesforce:
-
-1. Login to [Salesforce](https://login.salesforce.com/) with the same user credentials that you want to collect data with.
-2. Click on Setup on the top right menu bar. On the Setup page search `App Manager` in the `Search Setup` search box at the top of the page, then select `App Manager`.
-3. Click *New Connected App*.
-4. Provide a name for the connected application. This will be displayed in the App Manager and on its App Launcher tile.
-5. Enter the API name. The default is a version of the name without spaces. Only letters, numbers, and underscores are allowed. If the original app name contains any other characters, edit the default name.
-6. Enter the contact email for Salesforce.
-7. Under the API (Enable OAuth Settings) section of the page, select *Enable OAuth Settings*.
-8. In the Callback URL enter the Instance URL (Please refer to `Salesforce Instance URL`)
-9. Select the following OAuth scopes to apply to the connected app:
- - Manage user data via APIs (api).
- - Perform requests at any time (refresh_token, offline_access).
- - (Optional) In case of data collection, if any permission issues arise, add the Full access (full) scope.
-10. Select *Require Secret for the Web Server Flow* to require the app's client secret in exchange for an access token.
-11. Select *Require Secret for Refresh Token Flow* to require the app's client secret in the authorization request of a refresh token and hybrid refresh token flow.
-12. Click Save. It may take approximately 10 minutes for the changes to take effect.
-13. Click Continue and then under API details click Manage Consumer Details, Verify the user account using Verification Code.
-14. Copy `Consumer Key` and `Consumer Secret` from the Consumer Details section, which should be populated as value to Client ID and Client Secret respectively in the configuration.
-
-For more details on how to Create a Connected App refer to the salesforce documentation [here](https://help.salesforce.com/apex/HTViewHelpDoc?id=connected_app_create.htm).
-
-### Username
-
-User Id of the registered user in Salesforce.
-
-### Password
-
-Password used for authenticating the above user.
-
-## Additional Information
-
-Follow the steps below, in case you need to find the API version:
-
-1. Go to `Setup` > `Quick Find` > `Apex Classes`.
-2. Click the `New` button.
-3. Click the `Version Settings` tab.
-4. Refer to the `Version` dropdown for the API Version number.
-
-## Validation
-
-After the integration is successfully configured, clicking on the Assets tab of the Salesforce Integration should display a list of available dashboards. Click on the dashboard available for your configured datastream. It should be populated with the required data.
-
-## Troubleshooting
-
-- In case of data ingestion if the user finds the following type of error logs:
-```
-{
- "log.level": "error",
- "@timestamp": "2022-11-24T12:59:36.835+0530",
- "log.logger": "input.httpjson-cursor",
- "log.origin": {
- "[file.name](http://file.name/)": "compat/compat.go",
- "file.line": 124
- },
- "message": "Input 'httpjson-cursor' failed with: input.go:130: input 8A049E17A5CA661D failed (id=8A049E17A5CA661D)\n\toauth2 client: error loading credentials using user and password: oauth2: cannot fetch token: 400 Bad Request\n\tResponse: {\"error\":\"invalid_grant\",\"error_description\":\"authentication failure\"}",
- "[service.name](http://service.name/)": "filebeat",
- "id": "8A049E17A5CA661D",
- "ecs.version": "1.6.0"
-}
-```
-Please check if the `API Enabled permission` is provided to the `profile` associated with the `username` used as part of the integration.
-Please refer to the Prerequisites section above for more information.
-
-If the error continues follow these steps:
-
-1. Go to `Setup` > `Quick Find` > `Manage Connected Apps`.
-2. Click on the Connected App name created by you to generate the client id and client secret (Refer to Client Key and Client Secret for Authentication) under the Master Label.
-3. Click on Edit Policies, and select `Relax IP restrictions` from the dropdown for IP Relaxation.
-
-## Logs reference
-
-### Login Rest
-
-This is the `login_rest` data stream. It represents events containing details about your organization's user login history.
-
-{{event "login_rest"}}
-
-{{fields "login_rest"}}
-
-### Logout Rest
-
-This is the `logout_rest` data stream. It represents events containing details about your organization's user logout history.
-
-{{event "logout_rest"}}
-
-{{fields "logout_rest"}}
+# Salesforce Integration
+
+## Overview
+
+The Salesforce integration allows you to monitor a [Salesforce](https://www.salesforce.com/) instance. Salesforce is a customer relationship management (CRM) platform. It provides an ecosystem for businesses to manage marketing, sales, commerce, service, and IT teams from anywhere with one integrated CRM platform.
+
+Use the Salesforce integration to:
+- Gain insights into login and other operational activities by the users of your organization.
+- Create visualizations to monitor, measure and analyze the usage trend and key data, and derive business insights.
+- Create alerts to reduce the MTTD and also the MTTR by referencing relevant logs when troubleshooting an issue.
+
+As an example, you can use the data from this integration to understand the activity patterns of users based on region or the distribution of users by license type.
+
+## Data streams
+
+The Salesforce integration collects log events using the REST API of Salesforce.
+
+**Logs** help you keep a record of events happening in Salesforce.
+Log data streams collected by the Salesforce integration include [Login](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_login.htm), [Logout](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_logout.htm) and [Apex](https://developer.salesforce.com/docs/atlas.en-us.238.0.object_reference.meta/object_reference/sforce_api_objects_apexclass.htm).
+
+Data streams:
+- `login_rest`: Tracks login activity of users who log in to Salesforce.
+- `logout_rest`: Tracks logout activity of users who logout from Salesforce.
+- `apex`: Represents information about various Apex events like Callout, Execution, REST API, SOAP API, Trigger, etc.
+
+## Compatibility
+
+This integration has been tested against Salesforce `Spring '22 (v54.0) release`.
+
+In order to find out the Salesforce version of your Instance, see below:
+
+1. On the Home tab in Salesforce Classic, in the top right corner of the screen is a link to releases like `Summer '22`. This indicates your release.
+
+2. An alternative way to find out the version of Salesforce is by hitting the following URL:
+ - Format: (Salesforce Instance URL)/services/data
+ - Example: `https://na9.salesforce.com/services/data`
+
+Example response:
+```xml
+
+
+
+ /services/data/v53.0
+ 53.0
+
+
+
+ /services/data/v54.0
+ 54.0
+
+
+
+ /services/data/v55.0
+ 55.0
+
+
+```
+The last one on the list is the release of your instance. In the example above, the version is `Summer '22` i.e. `v55.0`.
+
+## Prerequisites
+
+You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
+You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended or self-manage the Elastic Stack on your own hardware.
+
+In your Salesforce instance, ensure that `API Enabled permission` is selected for the user profile. Follow the below steps to enable the same:
+
+1. Go to `Setup` > `Quick Find` > `Users`, and Click on `Users`.
+2. Click on the profile link associated with the `User Account` used for data collection.
+3. Search for `API Enabled` permission on the same page. In case it’s not present, search it under `System Permissions` and check if `API Enabled` privilege is selected. If not, enable it for data collection.
+
+## Set Up
+
+For step-by-step instructions on how to set up an integration, see the [Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.
+
+## Configuration
+
+You need the following information from your Salesforce instance to configure this integration in Elastic:
+
+### Salesforce Instance URL
+
+The instance your Salesforce Organization uses is indicated in the URL of your browser's address bar in Salesforce Classic. The value before 'salesforce.com' is your Salesforce Instance.
+
+Example URL: `https://na9.salesforce.com/home/home.jsp`
+
+In the above example, the value before 'salesforce.com' is your Salesforce Instance. In this example, the Salesforce Organization is located on NA9.
+
+The Salesforce Instance URL is: `https://na9.salesforce.com`
+
+In Salesforce Lightning, it is available under the user name in the “View Profile” tab.
+
+### Client Key and Client Secret for Authentication
+
+In order to use this integration, you need to create a new Salesforce Application using OAuth. Follow the steps below to create a connected application in Salesforce:
+
+1. Login to [Salesforce](https://login.salesforce.com/) with the same user credentials that you want to collect data with.
+2. Click on Setup on the top right menu bar. On the Setup page search `App Manager` in the `Search Setup` search box at the top of the page, then select `App Manager`.
+3. Click *New Connected App*.
+4. Provide a name for the connected application. This will be displayed in the App Manager and on its App Launcher tile.
+5. Enter the API name. The default is a version of the name without spaces. Only letters, numbers, and underscores are allowed. If the original app name contains any other characters, edit the default name.
+6. Enter the contact email for Salesforce.
+7. Under the API (Enable OAuth Settings) section of the page, select *Enable OAuth Settings*.
+8. In the Callback URL enter the Instance URL (Please refer to `Salesforce Instance URL`)
+9. Select the following OAuth scopes to apply to the connected app:
+ - Manage user data via APIs (api).
+ - Perform requests at any time (refresh_token, offline_access).
+ - (Optional) In case of data collection, if any permission issues arise, add the Full access (full) scope.
+10. Select *Require Secret for the Web Server Flow* to require the app's client secret in exchange for an access token.
+11. Select *Require Secret for Refresh Token Flow* to require the app's client secret in the authorization request of a refresh token and hybrid refresh token flow.
+12. Click Save. It may take approximately 10 minutes for the changes to take effect.
+13. Click Continue and then under API details click Manage Consumer Details, Verify the user account using Verification Code.
+14. Copy `Consumer Key` and `Consumer Secret` from the Consumer Details section, which should be populated as value to Client ID and Client Secret respectively in the configuration.
+
+For more details on how to Create a Connected App refer to the salesforce documentation [here](https://help.salesforce.com/apex/HTViewHelpDoc?id=connected_app_create.htm).
+
+### Username
+
+User Id of the registered user in Salesforce.
+
+### Password
+
+Password used for authenticating the above user.
+
+## Additional Information
+
+Follow the steps below, in case you need to find the API version:
+
+1. Go to `Setup` > `Quick Find` > `Apex Classes`.
+2. Click the `New` button.
+3. Click the `Version Settings` tab.
+4. Refer to the `Version` dropdown for the API Version number.
+
+## Validation
+
+After the integration is successfully configured, clicking on the Assets tab of the Salesforce Integration should display a list of available dashboards. Click on the dashboard available for your configured datastream. It should be populated with the required data.
+
+## Troubleshooting
+
+- In case of data ingestion if the user finds the following type of error logs:
+```
+{
+ "log.level": "error",
+ "@timestamp": "2022-11-24T12:59:36.835+0530",
+ "log.logger": "input.httpjson-cursor",
+ "log.origin": {
+ "[file.name](http://file.name/)": "compat/compat.go",
+ "file.line": 124
+ },
+ "message": "Input 'httpjson-cursor' failed with: input.go:130: input 8A049E17A5CA661D failed (id=8A049E17A5CA661D)\n\toauth2 client: error loading credentials using user and password: oauth2: cannot fetch token: 400 Bad Request\n\tResponse: {\"error\":\"invalid_grant\",\"error_description\":\"authentication failure\"}",
+ "[service.name](http://service.name/)": "filebeat",
+ "id": "8A049E17A5CA661D",
+ "ecs.version": "1.6.0"
+}
+```
+Please check if the `API Enabled permission` is provided to the `profile` associated with the `username` used as part of the integration.
+Please refer to the Prerequisites section above for more information.
+
+If the error continues follow these steps:
+
+1. Go to `Setup` > `Quick Find` > `Manage Connected Apps`.
+2. Click on the Connected App name created by you to generate the client id and client secret (Refer to Client Key and Client Secret for Authentication) under the Master Label.
+3. Click on Edit Policies, and select `Relax IP restrictions` from the dropdown for IP Relaxation.
+
+## Logs reference
+
+### Apex
+
+This is the `apex` data stream. Apex enables developers to access the Salesforce platform back-end database and client-server interfaces to create third-party SaaS applications.
+
+{{event "apex"}}
+
+{{fields "apex"}}
+
+### Login Rest
+
+This is the `login_rest` data stream. It represents events containing details about your organization's user login history.
+
+{{event "login_rest"}}
+
+{{fields "login_rest"}}
+
+### Logout Rest
+
+This is the `logout_rest` data stream. It represents events containing details about your organization's user logout history.
+
+{{event "logout_rest"}}
+
+{{fields "logout_rest"}}
diff --git a/packages/salesforce/changelog.yml b/packages/salesforce/changelog.yml
index 03efb8f08bd..7787168a659 100644
--- a/packages/salesforce/changelog.yml
+++ b/packages/salesforce/changelog.yml
@@ -1,5 +1,10 @@
# newer versions go on top
+- version: 0.3.0
+ changes:
+ - description: Salesforce integration package with "apex" data stream.
+ link: https://github.com/elastic/integrations/pull/4410
+ type: enhancement
- version: 0.2.1
changes:
- description: Add pagination support for "login_rest" and "logout_rest".
diff --git a/packages/salesforce/data_stream/apex/_dev/test/pipeline/test-apex.log b/packages/salesforce/data_stream/apex/_dev/test/pipeline/test-apex.log
new file mode 100644
index 00000000000..10794f4c152
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/_dev/test/pipeline/test-apex.log
@@ -0,0 +1,6 @@
+{"CALLOUT_TIME":"0","CLIENT_IP":"81.2.69.142","CPU_TIME":"174","DB_TOTAL_TIME":"12","ENTRY_POINT":"Salesforce Migration","EVENT_TYPE":"ApexExecution","EXEC_TIME":"25","IS_LONG_RUNNING_REQUEST":"0","LOGIN_KEY":"QfNecrLXSII6fsBq","NUMBER_SOQL_QUERIES":"1","ORGANIZATION_ID":"00D5j000000VI3n","QUIDDITY":"QTXF","REQUEST_ID":"4lc-XEdmLH121-l1cJ0001","RUN_TIME":"291","SESSION_KEY":"d7DEqANa7nNZZVD","TIMESTAMP":"20230101170000.885","TIMESTAMP_DERIVED":"2023-01-01T17:00:00.885Z","URI":"/home/home.jsp","URI_ID_DERIVED":"AQB00530000009M943","USER_ID":"0055j000000u123","USER_ID_DERIVED":"0055j000000utlP001"}
+{"CLIENT_IP":"81.2.69.142","CPU_TIME":"10","EVENT_TYPE":"ApexCallout","LOGIN_KEY":"QfNecrLXSII6fsBq","METHOD":"GET","ORGANIZATION_ID":"00D5j000000XY0P","REQUEST_ID":"00D5j00XYZBDS","REQUEST_SIZE":"10","RESPONSE_SIZE":"61","RUN_TIME":"237","SESSION_KEY":"DDKHdl+8yn/LIXzz","SUCCESS":"1","TIME":"227","TIMESTAMP":"20230101055317.461","TIMESTAMP_DERIVED":"2023-01-01T05:53:17.461Z","TYPE":"OData","URI":"CALLOUT-LOG","URI_ID_DERIVED":"AQB00530000009M943","URL":"https://temp.website.here.sh/odata/Random","USER_ID":"0055j000000PQ01","USER_ID_DERIVED":"0055j000000utll12"}
+{"ACTION":"query","ENTITY":"HealthcareBlog","EVENT_TYPE":"ExternalCustomApexCallout","EXECUTE_MS":"2","FETCH_MS":"191","FILTER":"Filter:[columnName=CustomerID, columnValue=537, subfilters=null, tableName=Order, type=EQUALS]","LIMIT":"51","MESSAGE":"System.UnexpectedException: Query is either selecting too many fields or the filter conditions are too complicated","OFFSET":"0","ORDERBY":"(Order:[columnName=DisplayUrl, direction=ASCENDING, tableName=HealthcareBlog], Order:[columnName=ExternalId, direction=ASCENDING, tableName=HealthcareBlog], Order:[columnName=ExternalId, direction=...","ORGANIZATION_ID":"00D5j000000VI3n","REQUEST_ID":"TID:85776000006973d59e","ROWS":"-1","ROWS_FETCHED":"51","SELECT":"(ColumnSelection:[aggregation=NONE, columnName=ExternalId, tableName=HealthcareBlog], ColumnSelection:[aggregation=NONE, columnName=DisplayUrl, tableName=HealthcareBlog], ColumnSelection:[aggregati...","STATUS":"1","SUBQUERIES":"SubQueries","THROUGHPUT":"264.2487","TIMESTAMP":"20230101114253.447","TIMESTAMP_DERIVED":"2023-01-01T11:42:53.447Z","TOTAL_MS":"193","USER_ID":"0055j000000utlP"}
+{ "EVENT_TYPE": "ApexSoap", "TIMESTAMP": "20230104064436.203", "REQUEST_ID": "4nR74Q97128rIbdV2ampDi-", "ORGANIZATION_ID": "00D2wpq000GmWPH", "USER_ID": "0052wpq000ACf2Q", "RUN_TIME": "322", "CPU_TIME": "228", "URI": "APEXSOAP", "SESSION_KEY": "DDKHdl+8yn/LIXzz", "LOGIN_KEY": "Zl16H9F+juAl99mI", "USER_TYPE": "Standard", "REQUEST_STATUS": "S", "DB_TOTAL_TIME": "81604961", "CLIENT_NAME": "CallOptions", "CLASS_NAME": "ContactResource", "METHOD_NAME": "getContactIdAndNames", "LIMIT_USAGE_PERCENT": "1.19", "QUERY": "Query", "TIMESTAMP_DERIVED": "2023-01-04T06:44:36.203Z", "USER_ID_DERIVED": "0052w00000ACf2QAAT", "CLIENT_IP": "81.2.69.142", "URI_ID_DERIVED": "DDKHdl+8yn/LIXzz" }
+{ "EVENT_TYPE": "ApexTrigger", "TIMESTAMP": "20230101101141.419", "REQUEST_ID": "4mbVQZtZj3QuSFl1cIPeV-", "ORGANIZATION_ID": "00D5j000000VI3n", "USER_ID": "0055j000000utlP", "RUN_TIME": "320", "CPU_TIME": "5", "URI": "/showAccounts/", "SESSION_KEY": "SYWCKuVRFIoMOBSJ", "LOGIN_KEY": "UOyL83hAn7WpjB7T", "USER_TYPE": "Standard", "REQUEST_STATUS": "f", "DB_TOTAL_TIME": "39254335", "TRIGGER_ID": "01q5j000000ClvF", "TRIGGER_NAME": "HelloWorldTrigger", "ENTITY_NAME": "Book__c", "TRIGGER_TYPE": "BeforeInsert", "EXEC_TIME": "8", "TIMESTAMP_DERIVED": "2023-01-01T10:11:41.419Z", "USER_ID_DERIVED": "0055j000000utlPAAQ", "CLIENT_IP": "81.2.69.142", "URI_ID_DERIVED": "0052w00000ACf2QAAT" }
+{ "EVENT_TYPE": "ApexRestApi", "TIMESTAMP": "20230101062453.951", "REQUEST_ID": "4mbJ2VQY2Jbggkl1cJIIe-", "ORGANIZATION_ID": "00D5j000000VI3n", "USER_ID": "0055j000000utlP", "RUN_TIME": "320", "CPU_TIME": "206", "URI": "/showAccounts/", "SESSION_KEY": "SYWCKuVRFIoMOBSJ", "LOGIN_KEY": "UOyL83hAn7WpjB7T", "USER_TYPE": "Standard", "REQUEST_STATUS": "F", "DB_TOTAL_TIME": "39254335", "METHOD": "GET", "MEDIA_TYPE": "application/json;charset=UTF-8", "STATUS_CODE": "500", "USER_AGENT": "9999", "ROWS_PROCESSED": "0", "NUMBER_FIELDS": "2", "DB_BLOCKS": "832", "DB_CPU_TIME": "20", "REQUEST_SIZE": "57", "RESPONSE_SIZE": "234", "ENTITY_NAME": "Book__c", "TIMESTAMP_DERIVED": "2023-01-01T06:24:53.951Z", "USER_ID_DERIVED": "0055j000000utlPAAQ", "CLIENT_IP": "81.2.69.142", "URI_ID_DERIVED": "0052w00000ACf2QAAT" }
\ No newline at end of file
diff --git a/packages/salesforce/data_stream/apex/_dev/test/pipeline/test-apex.log-expected.json b/packages/salesforce/data_stream/apex/_dev/test/pipeline/test-apex.log-expected.json
new file mode 100644
index 00000000000..85393fb80cd
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/_dev/test/pipeline/test-apex.log-expected.json
@@ -0,0 +1,419 @@
+{
+ "expected": [
+ {
+ "@timestamp": "2023-01-01T17:00:00.885Z",
+ "ecs": {
+ "version": "8.5.0"
+ },
+ "event": {
+ "action": "apex-execution",
+ "dataset": "salesforce.apex",
+ "duration": 25,
+ "kind": "event",
+ "module": "salesforce",
+ "original": "{\"CALLOUT_TIME\":\"0\",\"CLIENT_IP\":\"81.2.69.142\",\"CPU_TIME\":\"174\",\"DB_TOTAL_TIME\":\"12\",\"ENTRY_POINT\":\"Salesforce Migration\",\"EVENT_TYPE\":\"ApexExecution\",\"EXEC_TIME\":\"25\",\"IS_LONG_RUNNING_REQUEST\":\"0\",\"LOGIN_KEY\":\"QfNecrLXSII6fsBq\",\"NUMBER_SOQL_QUERIES\":\"1\",\"ORGANIZATION_ID\":\"00D5j000000VI3n\",\"QUIDDITY\":\"QTXF\",\"REQUEST_ID\":\"4lc-XEdmLH121-l1cJ0001\",\"RUN_TIME\":\"291\",\"SESSION_KEY\":\"d7DEqANa7nNZZVD\",\"TIMESTAMP\":\"20230101170000.885\",\"TIMESTAMP_DERIVED\":\"2023-01-01T17:00:00.885Z\",\"URI\":\"/home/home.jsp\",\"URI_ID_DERIVED\":\"AQB00530000009M943\",\"USER_ID\":\"0055j000000u123\",\"USER_ID_DERIVED\":\"0055j000000utlP001\"}",
+ "url": "/home/home.jsp"
+ },
+ "related": {
+ "ip": [
+ "81.2.69.142"
+ ]
+ },
+ "salesforce": {
+ "apex": {
+ "access_mode": "REST",
+ "callout_time": 0.0,
+ "cpu_time": 174.0,
+ "db_time": {
+ "total": 12.0
+ },
+ "entry_point": "Salesforce Migration",
+ "event_type": "ApexExecution",
+ "is_long_running_request": "0",
+ "login_key": "QfNecrLXSII6fsBq",
+ "organization_id": "00D5j000000VI3n",
+ "quiddity": "QTXF",
+ "request_id": "4lc-XEdmLH121-l1cJ0001",
+ "run_time": 291.0,
+ "soql_queries": {
+ "count": 1
+ },
+ "uri_derived_id": "AQB00530000009M943",
+ "user_id_derived": "0055j000000utlP001"
+ }
+ },
+ "source": {
+ "geo": {
+ "city_name": "London",
+ "continent_name": "Europe",
+ "country_iso_code": "GB",
+ "country_name": "United Kingdom",
+ "location": {
+ "lat": 51.5142,
+ "lon": -0.0931
+ },
+ "region_iso_code": "GB-ENG",
+ "region_name": "England"
+ },
+ "ip": "81.2.69.142"
+ },
+ "tags": [
+ "preserve_original_event"
+ ],
+ "user": {
+ "id": "0055j000000u123"
+ }
+ },
+ {
+ "@timestamp": "2023-01-01T05:53:17.461Z",
+ "ecs": {
+ "version": "8.5.0"
+ },
+ "event": {
+ "action": "apex-callout",
+ "category": [
+ "network"
+ ],
+ "dataset": "salesforce.apex",
+ "duration": 227,
+ "kind": "event",
+ "module": "salesforce",
+ "original": "{\"CLIENT_IP\":\"81.2.69.142\",\"CPU_TIME\":\"10\",\"EVENT_TYPE\":\"ApexCallout\",\"LOGIN_KEY\":\"QfNecrLXSII6fsBq\",\"METHOD\":\"GET\",\"ORGANIZATION_ID\":\"00D5j000000XY0P\",\"REQUEST_ID\":\"00D5j00XYZBDS\",\"REQUEST_SIZE\":\"10\",\"RESPONSE_SIZE\":\"61\",\"RUN_TIME\":\"237\",\"SESSION_KEY\":\"DDKHdl+8yn/LIXzz\",\"SUCCESS\":\"1\",\"TIME\":\"227\",\"TIMESTAMP\":\"20230101055317.461\",\"TIMESTAMP_DERIVED\":\"2023-01-01T05:53:17.461Z\",\"TYPE\":\"OData\",\"URI\":\"CALLOUT-LOG\",\"URI_ID_DERIVED\":\"AQB00530000009M943\",\"URL\":\"https://temp.website.here.sh/odata/Random\",\"USER_ID\":\"0055j000000PQ01\",\"USER_ID_DERIVED\":\"0055j000000utll12\"}",
+ "outcome": "success",
+ "type": [
+ "connection"
+ ],
+ "url": "https://temp.website.here.sh/odata/Random"
+ },
+ "http": {
+ "request": {
+ "bytes": 10,
+ "method": "GET"
+ },
+ "response": {
+ "bytes": 61
+ }
+ },
+ "related": {
+ "ip": [
+ "81.2.69.142"
+ ]
+ },
+ "salesforce": {
+ "apex": {
+ "access_mode": "REST",
+ "cpu_time": 10.0,
+ "event_type": "ApexCallout",
+ "login_key": "QfNecrLXSII6fsBq",
+ "organization_id": "00D5j000000XY0P",
+ "request_id": "00D5j00XYZBDS",
+ "run_time": 237.0,
+ "type": "OData",
+ "uri": "CALLOUT-LOG",
+ "uri_derived_id": "AQB00530000009M943",
+ "user_id_derived": "0055j000000utll12"
+ }
+ },
+ "source": {
+ "geo": {
+ "city_name": "London",
+ "continent_name": "Europe",
+ "country_iso_code": "GB",
+ "country_name": "United Kingdom",
+ "location": {
+ "lat": 51.5142,
+ "lon": -0.0931
+ },
+ "region_iso_code": "GB-ENG",
+ "region_name": "England"
+ },
+ "ip": "81.2.69.142"
+ },
+ "tags": [
+ "preserve_original_event"
+ ],
+ "user": {
+ "id": "0055j000000PQ01"
+ }
+ },
+ {
+ "@timestamp": "2023-01-01T11:42:53.447Z",
+ "ecs": {
+ "version": "8.5.0"
+ },
+ "event": {
+ "action": [
+ "apex-external-custom-callout"
+ ],
+ "category": [
+ "network"
+ ],
+ "dataset": "salesforce.apex",
+ "duration": 193,
+ "kind": "event",
+ "module": "salesforce",
+ "original": "{\"ACTION\":\"query\",\"ENTITY\":\"HealthcareBlog\",\"EVENT_TYPE\":\"ExternalCustomApexCallout\",\"EXECUTE_MS\":\"2\",\"FETCH_MS\":\"191\",\"FILTER\":\"Filter:[columnName=CustomerID, columnValue=537, subfilters=null, tableName=Order, type=EQUALS]\",\"LIMIT\":\"51\",\"MESSAGE\":\"System.UnexpectedException: Query is either selecting too many fields or the filter conditions are too complicated\",\"OFFSET\":\"0\",\"ORDERBY\":\"(Order:[columnName=DisplayUrl, direction=ASCENDING, tableName=HealthcareBlog], Order:[columnName=ExternalId, direction=ASCENDING, tableName=HealthcareBlog], Order:[columnName=ExternalId, direction=...\",\"ORGANIZATION_ID\":\"00D5j000000VI3n\",\"REQUEST_ID\":\"TID:85776000006973d59e\",\"ROWS\":\"-1\",\"ROWS_FETCHED\":\"51\",\"SELECT\":\"(ColumnSelection:[aggregation=NONE, columnName=ExternalId, tableName=HealthcareBlog], ColumnSelection:[aggregation=NONE, columnName=DisplayUrl, tableName=HealthcareBlog], ColumnSelection:[aggregati...\",\"STATUS\":\"1\",\"SUBQUERIES\":\"SubQueries\",\"THROUGHPUT\":\"264.2487\",\"TIMESTAMP\":\"20230101114253.447\",\"TIMESTAMP_DERIVED\":\"2023-01-01T11:42:53.447Z\",\"TOTAL_MS\":\"193\",\"USER_ID\":\"0055j000000utlP\"}",
+ "outcome": "success",
+ "type": [
+ "connection"
+ ]
+ },
+ "salesforce": {
+ "apex": {
+ "access_mode": "REST",
+ "action": "query",
+ "entity": "HealthcareBlog",
+ "event_type": "ExternalCustomApexCallout",
+ "execute": {
+ "ms": 2.0
+ },
+ "fetch": {
+ "ms": 191
+ },
+ "filter": "Filter:[columnName=CustomerID, columnValue=537, subfilters=null, tableName=Order, type=EQUALS]",
+ "limit": 51,
+ "message": "System.UnexpectedException: Query is either selecting too many fields or the filter conditions are too complicated",
+ "offset": 0,
+ "organization_id": "00D5j000000VI3n",
+ "request_id": "TID:85776000006973d59e",
+ "rows": {
+ "fetched": 51,
+ "total": -1
+ },
+ "select": "(ColumnSelection:[aggregation=NONE, columnName=ExternalId, tableName=HealthcareBlog], ColumnSelection:[aggregation=NONE, columnName=DisplayUrl, tableName=HealthcareBlog], ColumnSelection:[aggregati...",
+ "subqueries": "SubQueries",
+ "throughput": 264.2487
+ }
+ },
+ "tags": [
+ "preserve_original_event"
+ ],
+ "user": {
+ "id": "0055j000000utlP"
+ }
+ },
+ {
+ "@timestamp": "2023-01-04T06:44:36.203Z",
+ "ecs": {
+ "version": "8.5.0"
+ },
+ "event": {
+ "action": "apex-soap",
+ "category": [
+ "network"
+ ],
+ "dataset": "salesforce.apex",
+ "kind": "event",
+ "module": "salesforce",
+ "original": "{ \"EVENT_TYPE\": \"ApexSoap\", \"TIMESTAMP\": \"20230104064436.203\", \"REQUEST_ID\": \"4nR74Q97128rIbdV2ampDi-\", \"ORGANIZATION_ID\": \"00D2wpq000GmWPH\", \"USER_ID\": \"0052wpq000ACf2Q\", \"RUN_TIME\": \"322\", \"CPU_TIME\": \"228\", \"URI\": \"APEXSOAP\", \"SESSION_KEY\": \"DDKHdl+8yn/LIXzz\", \"LOGIN_KEY\": \"Zl16H9F+juAl99mI\", \"USER_TYPE\": \"Standard\", \"REQUEST_STATUS\": \"S\", \"DB_TOTAL_TIME\": \"81604961\", \"CLIENT_NAME\": \"CallOptions\", \"CLASS_NAME\": \"ContactResource\", \"METHOD_NAME\": \"getContactIdAndNames\", \"LIMIT_USAGE_PERCENT\": \"1.19\", \"QUERY\": \"Query\", \"TIMESTAMP_DERIVED\": \"2023-01-04T06:44:36.203Z\", \"USER_ID_DERIVED\": \"0052w00000ACf2QAAT\", \"CLIENT_IP\": \"81.2.69.142\", \"URI_ID_DERIVED\": \"DDKHdl+8yn/LIXzz\" }",
+ "type": [
+ "connection"
+ ],
+ "url": "APEXSOAP"
+ },
+ "related": {
+ "ip": [
+ "81.2.69.142"
+ ]
+ },
+ "salesforce": {
+ "apex": {
+ "access_mode": "REST",
+ "class_name": "ContactResource",
+ "client_name": "CallOptions",
+ "cpu_time": 228.0,
+ "db_time": {
+ "total": 8.160496E7
+ },
+ "event_type": "ApexSoap",
+ "limit_usage": {
+ "pct": 1.19
+ },
+ "login_key": "Zl16H9F+juAl99mI",
+ "method_name": "getContactIdAndNames",
+ "organization_id": "00D2wpq000GmWPH",
+ "query": "Query",
+ "request_id": "4nR74Q97128rIbdV2ampDi-",
+ "request_status": "S",
+ "run_time": 322.0,
+ "uri_derived_id": "DDKHdl+8yn/LIXzz",
+ "user_id_derived": "0052w00000ACf2QAAT"
+ }
+ },
+ "source": {
+ "geo": {
+ "city_name": "London",
+ "continent_name": "Europe",
+ "country_iso_code": "GB",
+ "country_name": "United Kingdom",
+ "location": {
+ "lat": 51.5142,
+ "lon": -0.0931
+ },
+ "region_iso_code": "GB-ENG",
+ "region_name": "England"
+ },
+ "ip": "81.2.69.142"
+ },
+ "tags": [
+ "preserve_original_event"
+ ],
+ "user": {
+ "id": "0052wpq000ACf2Q",
+ "roles": "Standard"
+ }
+ },
+ {
+ "@timestamp": "2023-01-01T10:11:41.419Z",
+ "ecs": {
+ "version": "8.5.0"
+ },
+ "event": {
+ "action": "apex-trigger",
+ "dataset": "salesforce.apex",
+ "duration": 8,
+ "kind": "event",
+ "module": "salesforce",
+ "original": "{ \"EVENT_TYPE\": \"ApexTrigger\", \"TIMESTAMP\": \"20230101101141.419\", \"REQUEST_ID\": \"4mbVQZtZj3QuSFl1cIPeV-\", \"ORGANIZATION_ID\": \"00D5j000000VI3n\", \"USER_ID\": \"0055j000000utlP\", \"RUN_TIME\": \"320\", \"CPU_TIME\": \"5\", \"URI\": \"/showAccounts/\", \"SESSION_KEY\": \"SYWCKuVRFIoMOBSJ\", \"LOGIN_KEY\": \"UOyL83hAn7WpjB7T\", \"USER_TYPE\": \"Standard\", \"REQUEST_STATUS\": \"f\", \"DB_TOTAL_TIME\": \"39254335\", \"TRIGGER_ID\": \"01q5j000000ClvF\", \"TRIGGER_NAME\": \"HelloWorldTrigger\", \"ENTITY_NAME\": \"Book__c\", \"TRIGGER_TYPE\": \"BeforeInsert\", \"EXEC_TIME\": \"8\", \"TIMESTAMP_DERIVED\": \"2023-01-01T10:11:41.419Z\", \"USER_ID_DERIVED\": \"0055j000000utlPAAQ\", \"CLIENT_IP\": \"81.2.69.142\", \"URI_ID_DERIVED\": \"0052w00000ACf2QAAT\" }",
+ "type": [
+ "connection"
+ ],
+ "url": "/showAccounts/"
+ },
+ "related": {
+ "ip": [
+ "81.2.69.142"
+ ]
+ },
+ "salesforce": {
+ "apex": {
+ "access_mode": "REST",
+ "cpu_time": 5.0,
+ "db_time": {
+ "total": 3.9254336E7
+ },
+ "entity_name": "Book__c",
+ "event_type": "ApexTrigger",
+ "login_key": "UOyL83hAn7WpjB7T",
+ "organization_id": "00D5j000000VI3n",
+ "request_id": "4mbVQZtZj3QuSFl1cIPeV-",
+ "request_status": "f",
+ "run_time": 320.0,
+ "trigger": {
+ "id": "01q5j000000ClvF",
+ "name": "HelloWorldTrigger",
+ "type": "BeforeInsert"
+ },
+ "uri_derived_id": "0052w00000ACf2QAAT",
+ "user_id_derived": "0055j000000utlPAAQ"
+ }
+ },
+ "source": {
+ "geo": {
+ "city_name": "London",
+ "continent_name": "Europe",
+ "country_iso_code": "GB",
+ "country_name": "United Kingdom",
+ "location": {
+ "lat": 51.5142,
+ "lon": -0.0931
+ },
+ "region_iso_code": "GB-ENG",
+ "region_name": "England"
+ },
+ "ip": "81.2.69.142"
+ },
+ "tags": [
+ "preserve_original_event"
+ ],
+ "user": {
+ "id": "0055j000000utlP",
+ "roles": "Standard"
+ }
+ },
+ {
+ "@timestamp": "2023-01-01T06:24:53.951Z",
+ "ecs": {
+ "version": "8.5.0"
+ },
+ "event": {
+ "category": [
+ "network"
+ ],
+ "dataset": "salesforce.apex",
+ "kind": "event",
+ "module": "salesforce",
+ "original": "{ \"EVENT_TYPE\": \"ApexRestApi\", \"TIMESTAMP\": \"20230101062453.951\", \"REQUEST_ID\": \"4mbJ2VQY2Jbggkl1cJIIe-\", \"ORGANIZATION_ID\": \"00D5j000000VI3n\", \"USER_ID\": \"0055j000000utlP\", \"RUN_TIME\": \"320\", \"CPU_TIME\": \"206\", \"URI\": \"/showAccounts/\", \"SESSION_KEY\": \"SYWCKuVRFIoMOBSJ\", \"LOGIN_KEY\": \"UOyL83hAn7WpjB7T\", \"USER_TYPE\": \"Standard\", \"REQUEST_STATUS\": \"F\", \"DB_TOTAL_TIME\": \"39254335\", \"METHOD\": \"GET\", \"MEDIA_TYPE\": \"application/json;charset=UTF-8\", \"STATUS_CODE\": \"500\", \"USER_AGENT\": \"9999\", \"ROWS_PROCESSED\": \"0\", \"NUMBER_FIELDS\": \"2\", \"DB_BLOCKS\": \"832\", \"DB_CPU_TIME\": \"20\", \"REQUEST_SIZE\": \"57\", \"RESPONSE_SIZE\": \"234\", \"ENTITY_NAME\": \"Book__c\", \"TIMESTAMP_DERIVED\": \"2023-01-01T06:24:53.951Z\", \"USER_ID_DERIVED\": \"0055j000000utlPAAQ\", \"CLIENT_IP\": \"81.2.69.142\", \"URI_ID_DERIVED\": \"0052w00000ACf2QAAT\" }",
+ "type": [
+ "connection"
+ ],
+ "url": "/showAccounts/"
+ },
+ "http": {
+ "request": {
+ "bytes": 57,
+ "method": "GET"
+ },
+ "response": {
+ "bytes": 234,
+ "status_code": 500
+ }
+ },
+ "related": {
+ "ip": [
+ "81.2.69.142"
+ ]
+ },
+ "salesforce": {
+ "apex": {
+ "access_mode": "REST",
+ "cpu_time": 206.0,
+ "db_blocks": 832,
+ "db_cpu_time": 20.0,
+ "db_time": {
+ "total": 3.9254336E7
+ },
+ "entity_name": "Book__c",
+ "event_type": "ApexRestApi",
+ "fields": {
+ "count": 2
+ },
+ "login_key": "UOyL83hAn7WpjB7T",
+ "media_type": "application/json;charset=UTF-8",
+ "organization_id": "00D5j000000VI3n",
+ "request_id": "4mbJ2VQY2Jbggkl1cJIIe-",
+ "request_status": "F",
+ "rows": {
+ "processed": 0
+ },
+ "run_time": 320.0,
+ "uri_derived_id": "0052w00000ACf2QAAT",
+ "user_agent": "Unknown",
+ "user_id_derived": "0055j000000utlPAAQ"
+ }
+ },
+ "source": {
+ "geo": {
+ "city_name": "London",
+ "continent_name": "Europe",
+ "country_iso_code": "GB",
+ "country_name": "United Kingdom",
+ "location": {
+ "lat": 51.5142,
+ "lon": -0.0931
+ },
+ "region_iso_code": "GB-ENG",
+ "region_name": "England"
+ },
+ "ip": "81.2.69.142"
+ },
+ "tags": [
+ "preserve_original_event"
+ ],
+ "user": {
+ "id": "0055j000000utlP",
+ "roles": "Standard"
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git a/packages/salesforce/data_stream/apex/_dev/test/pipeline/test-common-config.yml b/packages/salesforce/data_stream/apex/_dev/test/pipeline/test-common-config.yml
new file mode 100644
index 00000000000..5622947e4b8
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/_dev/test/pipeline/test-common-config.yml
@@ -0,0 +1,5 @@
+dynamic_fields:
+ event.ingested: ".*"
+fields:
+ tags:
+ - preserve_original_event
diff --git a/packages/salesforce/data_stream/apex/_dev/test/system/test-default-config.yml b/packages/salesforce/data_stream/apex/_dev/test/system/test-default-config.yml
new file mode 100644
index 00000000000..c6aa6813ff0
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/_dev/test/system/test-default-config.yml
@@ -0,0 +1,12 @@
+input: httpjson
+service: salesforce
+vars:
+ instance_url: http://{{Hostname}}:{{Port}}
+ client_id: temp_client_id
+ client_secret: forty_characters_long_secret_key
+ username: temp_user
+ password: temp_password
+ token_url: http://{{Hostname}}:{{Port}}/services/oauth2/token
+data_stream:
+ vars:
+ preserve_original_event: true
diff --git a/packages/salesforce/data_stream/apex/agent/stream/httpjson.yml.hbs b/packages/salesforce/data_stream/apex/agent/stream/httpjson.yml.hbs
new file mode 100644
index 00000000000..7a900755e82
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/agent/stream/httpjson.yml.hbs
@@ -0,0 +1,47 @@
+config_version: 2
+interval: {{period}}
+request.method: GET
+auth.oauth2:
+ enabled: true
+ client.id: {{client_id}}
+ client.secret: {{client_secret}}
+ token_url: {{token_url}}
+ user: {{username}}
+ password: {{password}}
+request.url: {{instance_url}}/services/data/v54.0/query?q=apex
+request.transforms:
+ - set:
+ target: url.params.q
+ value: "SELECT Id,CreatedDate,LogDate,LogFile FROM EventLogFile WHERE Interval = 'Hourly' AND LogDate > [[.cursor.last_published_apex]] AND (EventType = 'ApexCallout' OR EventType = 'ApexExecution' OR EventType = 'ApexRestApi' OR EventType = 'ApexSoap' OR EventType = 'ApexTrigger' OR EventType = 'ExternalCustomApexCallout') ORDER BY LogDate ASC NULLS FIRST"
+ default: "SELECT Id,CreatedDate,LogDate,LogFile FROM EventLogFile WHERE Interval = 'Hourly' AND (EventType = 'ApexCallout' OR EventType = 'ApexExecution' OR EventType = 'ApexRestApi' OR EventType = 'ApexSoap' OR EventType = 'ApexTrigger' OR EventType = 'ExternalCustomApexCallout') ORDER BY LogDate ASC NULLS FIRST"
+response.pagination:
+- set:
+ target: url.value
+ value: '[[if (ne .last_response.body.done true)]]{{instance_url}}[[.last_response.body.nextRecordsUrl]][[end]]'
+ fail_on_template_error: true
+chain:
+ - step:
+ request.url: {{instance_url}}/services/data/v54.0/sobjects/EventLogFile/$.records[:].Id/LogFile
+ request.method: GET
+ replace: $.records[:].Id
+cursor:
+ last_published_apex:
+ value: '[[(formatDate ((parseDate .last_event.TIMESTAMP_DERIVED "RFC3339").Add (parseDuration "-1h")))]]'
+tags:
+{{#if preserve_original_event}}
+ - preserve_original_event
+{{/if}}
+{{#each tags as |tag|}}
+ - {{tag}}
+{{/each}}
+{{#contains "forwarded" tags}}
+publisher_pipeline.disable_host: true
+{{/contains}}
+processors:
+- add_fields:
+ target: salesforce
+ fields:
+ instance_url: {{instance_url}}
+{{#if processors}}
+{{processors}}
+{{/if}}
diff --git a/packages/salesforce/data_stream/apex/elasticsearch/ingest_pipeline/default.yml b/packages/salesforce/data_stream/apex/elasticsearch/ingest_pipeline/default.yml
new file mode 100644
index 00000000000..b678f86f192
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/elasticsearch/ingest_pipeline/default.yml
@@ -0,0 +1,476 @@
+---
+description: Pipeline for parsing Salesforce Apex logs.
+processors:
+- json:
+ field: message
+ target_field: json
+ ignore_failure: true
+- set:
+ field: event.original
+ value: '{{{message}}}'
+ ignore_failure: true
+ ignore_empty_value: true
+- fingerprint:
+ fields:
+ - json.REQUEST_ID
+ - json.SESSION_KEY
+ - json.TIMESTAMP_DERIVED
+ - json.USER_ID
+ target_field: _id
+ ignore_missing: true
+- set:
+ field: salesforce.apex.access_mode
+ value: "REST"
+ ignore_failure: true
+ ignore_empty_value: true
+- set:
+ field: ecs.version
+ value: "8.5.0"
+ ignore_failure: true
+ ignore_empty_value: true
+- date:
+ field: json.TIMESTAMP_DERIVED
+ target_field: "@timestamp"
+ formats:
+ - ISO8601
+ ignore_failure: true
+- rename:
+ field: json.ACTION
+ target_field: salesforce.apex.action
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.CALLOUT_TIME
+ target_field: salesforce.apex.callout_time
+ type: float
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.CLASS_NAME
+ target_field: salesforce.apex.class_name
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.CLIENT_NAME
+ target_field: salesforce.apex.client_name
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.CPU_TIME
+ target_field: salesforce.apex.cpu_time
+ type: float
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.DB_BLOCKS
+ target_field: salesforce.apex.db_blocks
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.DB_CPU_TIME
+ target_field: salesforce.apex.db_cpu_time
+ type: float
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.DB_TOTAL_TIME
+ target_field: salesforce.apex.db_time.total
+ type: float
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.ENTITY
+ target_field: salesforce.apex.entity
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.ENTITY_NAME
+ target_field: salesforce.apex.entity_name
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.ENTRY_POINT
+ target_field: salesforce.apex.entry_point
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.EVENT_TYPE
+ target_field: salesforce.apex.event_type
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.EXECUTE_MS
+ target_field: salesforce.apex.execute.ms
+ type: float
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.FETCH_MS
+ target_field: salesforce.apex.fetch.ms
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.FILTER
+ target_field: salesforce.apex.filter
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.IS_LONG_RUNNING_REQUEST
+ target_field: salesforce.apex.is_long_running_request
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.LOGIN_KEY
+ target_field: salesforce.apex.login_key
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.LIMIT
+ target_field: salesforce.apex.limit
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.LIMIT_USAGE_PERCENT
+ target_field: salesforce.apex.limit_usage.pct
+ type: float
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.MEDIA_TYPE
+ target_field: salesforce.apex.media_type
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.MESSAGE
+ target_field: salesforce.apex.message
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.METHOD_NAME
+ target_field: salesforce.apex.method_name
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.NUMBER_FIELDS
+ target_field: salesforce.apex.fields.count
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.NUMBER_SOQL_QUERIES
+ target_field: salesforce.apex.soql_queries.count
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.OFFSET
+ target_field: salesforce.apex.offset
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.ORGANIZATION_ID
+ target_field: salesforce.apex.organization_id
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.QUERY
+ target_field: salesforce.apex.query
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.QUIDDITY
+ target_field: salesforce.apex.quiddity
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.REQUEST_ID
+ target_field: salesforce.apex.request_id
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.REQUEST_STATUS
+ target_field: salesforce.apex.request_status
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.ROWS
+ target_field: salesforce.apex.rows.total
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.ROWS_FETCHED
+ target_field: salesforce.apex.rows.fetched
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.ROWS_PROCESSED
+ target_field: salesforce.apex.rows.processed
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.RUN_TIME
+ target_field: salesforce.apex.run_time
+ type: float
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.SELECT
+ target_field: salesforce.apex.select
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.SUBQUERIES
+ target_field: salesforce.apex.subqueries
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.THROUGHPUT
+ target_field: salesforce.apex.throughput
+ type: float
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.TRIGGER_ID
+ target_field: salesforce.apex.trigger.id
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.TRIGGER_NAME
+ target_field: salesforce.apex.trigger.name
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.TRIGGER_TYPE
+ target_field: salesforce.apex.trigger.type
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.TYPE
+ target_field: salesforce.apex.type
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.URI
+ target_field: salesforce.apex.uri
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.URI_ID_DERIVED
+ target_field: salesforce.apex.uri_derived_id
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.USER_AGENT
+ target_field: salesforce.apex.user_agent
+ ignore_missing: true
+ ignore_failure: true
+- script:
+ description: Set request user agent value from user agent numeric code.
+ lang: painless
+ ignore_failure: true
+ source: |
+ Map map = new HashMap();
+ map.put("100", "Internet Explorer");
+ map.put("110", "Firefox");
+ map.put("130", "Chrome");
+ map.put("140", "Safari");
+ map.put("150", "Opera");
+ map.put("160", "Android");
+ map.put("170", "Netscape");
+ map.put("180", "Webkit");
+ map.put("190", "Gecko");
+ map.put("230", "Blackberry");
+ map.put("240", "Good Access");
+ map.put("999", "Unknown");
+ String temp = map.get(ctx.salesforce.apex.user_agent.substring(0,3));
+ if (temp != null) {
+ ctx.salesforce.apex.user_agent = temp;
+ }
+ if: 'ctx.salesforce?.apex?.user_agent != null'
+- rename:
+ field: json.USER_ID_DERIVED
+ target_field: salesforce.apex.user_id_derived
+ ignore_missing: true
+ ignore_failure: true
+- set:
+ field: event.dataset
+ value: "salesforce.apex"
+ ignore_failure: true
+ ignore_empty_value: true
+- set:
+ field: event.kind
+ value: "event"
+ ignore_failure: true
+ ignore_empty_value: true
+- set:
+ field: event.module
+ value: "salesforce"
+ ignore_failure: true
+ ignore_empty_value: true
+- set:
+ field: event.type
+ value: ["connection"]
+ if: 'ctx.salesforce?.apex?.event_type != "ApexExecution"'
+ ignore_failure: true
+ ignore_empty_value: true
+- set:
+ field: event.category
+ value: ["network"]
+ if: 'ctx.salesforce?.apex?.event_type != "ApexTrigger" && ctx.salesforce?.apex?.event_type != "ApexExecution"'
+ ignore_failure: true
+ ignore_empty_value: true
+- script:
+ description: Set event.action field based on the type of Apex event received.
+ if: ctx.salesforce?.apex?.event_type != null && ctx.salesforce?.apex?.event_type != ""
+ lang: painless
+ source: |
+ def eventType = ctx.salesforce?.apex?.event_type?.toLowerCase();
+ Map referenceTable = [
+ "apexcallout": "apex-callout",
+ "apextrigger": "apex-trigger",
+ "apexexecution": "apex-execution",
+ "apexrestApi": "apex-rest",
+ "apexsoap": "apex-soap",
+ "externalcustomapexcallout": ["apex-external-custom-callout"]
+ ];
+ ctx.event.action = referenceTable[eventType];
+- convert:
+ field: json.TIME
+ target_field: event.duration
+ type: long
+ if: 'ctx.salesforce?.apex?.event_type == "ApexCallout" && ctx.json?.TIME != ""'
+ ignore_failure: true
+- convert:
+ field: json.EXEC_TIME
+ target_field: event.duration
+ type: long
+ if: '(ctx.salesforce?.apex?.event_type == "ApexTrigger" || ctx.salesforce?.apex?.event_type == "ApexExecution") && ctx.json?.EXEC_TIME != ""'
+ ignore_failure: true
+- convert:
+ field: salesforce.apex.run_time
+ target_field: event.duration
+ type: long
+ if: '(ctx.salesforce?.apex?.event_type == "ApexRestApi" || ctx.salesforce?.apex?.event_type == "ApexSoap") && ctx.salesforce?.apex?.run_time != ""'
+ ignore_failure: true
+- convert:
+ field: json.TOTAL_MS
+ target_field: event.duration
+ type: long
+ if: 'ctx.salesforce?.apex?.event_type == "ExternalCustomApexCallout" && ctx.json?.TOTAL_MS != ""'
+ ignore_failure: true
+- set:
+ field: event.outcome
+ value: "success"
+ if: '(ctx.json?.SUCCESS == "1" && ctx.json?.SUCCESS != null) || (ctx.json?.STATUS == "1" && ctx.json?.STATUS != null)'
+ ignore_failure: true
+ ignore_empty_value: true
+- set:
+ field: event.outcome
+ value: "failure"
+ if: '(ctx.json?.SUCCESS != "1" && ctx.json?.SUCCESS != null) || (ctx.json?.STATUS != "1" && ctx.json?.STATUS != null)'
+ ignore_failure: true
+ ignore_empty_value: true
+- rename:
+ field: json.URL
+ target_field: event.url
+ if: 'ctx.salesforce?.apex?.event_type == "ApexCallout"'
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: salesforce.apex.uri
+ target_field: event.url
+ if: 'ctx.salesforce?.apex?.event_type != "ApexCallout" && ctx.salesforce?.apex?.event_type != "ExternalCustomApexCallout"'
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.USER_ID
+ target_field: user.id
+ ignore_missing: true
+ ignore_failure: true
+- rename:
+ field: json.USER_TYPE
+ target_field: user.roles
+ ignore_missing: true
+ ignore_failure: true
+# A Salesforce internal IP (such as a login from Salesforce Workbench or AppExchange) is shown as “Salesforce.com IP”
+- rename:
+ field: json.CLIENT_IP
+ target_field: source.ip
+ if: 'ctx.json?.CLIENT_IP != "Salesforce.com IP" && ctx.json?.CLIENT_IP != "" && ctx.json?.CLIENT_IP != null'
+ ignore_missing: true
+ ignore_failure: true
+# A Salesforce internal IP (such as a login from Salesforce Workbench or AppExchange) is shown as “Salesforce.com IP”
+- geoip:
+ field: source.ip
+ target_field: source.geo
+ if: 'ctx.source?.ip != "Salesforce.com IP" && ctx.source?.ip != "" && ctx.source?.ip != null'
+ ignore_missing: true
+ ignore_failure: true
+- append:
+ field: related.ip
+ value: '{{{source.ip}}}'
+ if: ctx.source?.ip != null
+ allow_duplicates: false
+ ignore_failure: true
+- rename:
+ field: json.METHOD
+ target_field: http.request.method
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.REQUEST_SIZE
+ target_field: http.request.bytes
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.RESPONSE_SIZE
+ target_field: http.response.bytes
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- convert:
+ field: json.STATUS_CODE
+ target_field: http.response.status_code
+ type: long
+ ignore_missing: true
+ ignore_failure: true
+- script:
+ description: Drops null/empty values recursively.
+ lang: painless
+ source: |
+ boolean dropEmptyFields(Object object) {
+ if (object == null || object == "") {
+ return true;
+ } else if (object instanceof Map) {
+ ((Map) object).values().removeIf(value -> dropEmptyFields(value));
+ return (((Map) object).size() == 0);
+ } else if (object instanceof List) {
+ ((List) object).removeIf(value -> dropEmptyFields(value));
+ return (((List) object).length == 0);
+ }
+ return false;
+ }
+ dropEmptyFields(ctx);
+- remove:
+ field:
+ - json
+ - message
+ ignore_missing: true
+ ignore_failure: true
+- remove:
+ field: event.original
+ if: "ctx.tags == null || !(ctx.tags.contains('preserve_original_event'))"
+ ignore_failure: true
+ ignore_missing: true
+on_failure:
+- set:
+ field: error.message
+ value: '{{{_ingest.on_failure_message}}}'
diff --git a/packages/salesforce/data_stream/apex/fields/base-fields.yml b/packages/salesforce/data_stream/apex/fields/base-fields.yml
new file mode 100644
index 00000000000..3500f7ce8c2
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/fields/base-fields.yml
@@ -0,0 +1,15 @@
+- name: data_stream.type
+ type: constant_keyword
+ description: Data stream type.
+- name: data_stream.dataset
+ type: constant_keyword
+ description: Data stream dataset.
+- name: data_stream.namespace
+ type: constant_keyword
+ description: Data stream namespace.
+- name: input.type
+ type: keyword
+ description: Input type.
+- name: '@timestamp'
+ type: date
+ description: Event timestamp.
diff --git a/packages/salesforce/data_stream/apex/fields/ecs.yml b/packages/salesforce/data_stream/apex/fields/ecs.yml
new file mode 100644
index 00000000000..2d8fad82a4e
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/fields/ecs.yml
@@ -0,0 +1,64 @@
+- external: ecs
+ name: ecs.version
+- external: ecs
+ name: error.message
+- external: ecs
+ name: event.action
+- external: ecs
+ name: event.category
+- external: ecs
+ name: event.created
+- external: ecs
+ name: event.dataset
+- external: ecs
+ name: event.duration
+ description: Duration of the event in milliseconds. If event.start and event.end are known this value should be the difference between the end and start time
+ unit: ms
+- external: ecs
+ name: event.id
+- external: ecs
+ name: event.ingested
+- external: ecs
+ name: event.kind
+- external: ecs
+ name: event.module
+- external: ecs
+ name: event.outcome
+- external: ecs
+ name: event.type
+- external: ecs
+ name: event.url
+- external: ecs
+ name: http.request.bytes
+- external: ecs
+ name: http.request.method
+- external: ecs
+ name: http.response.bytes
+- external: ecs
+ name: http.response.status_code
+- external: ecs
+ name: related.ip
+- external: ecs
+ name: source.ip
+- external: ecs
+ name: source.geo.city_name
+- external: ecs
+ name: source.geo.continent_name
+- external: ecs
+ name: source.geo.country_iso_code
+- external: ecs
+ name: source.geo.country_name
+- external: ecs
+ name: source.geo.location
+- external: ecs
+ name: source.geo.region_iso_code
+- external: ecs
+ name: source.geo.region_name
+- external: ecs
+ name: tags
+- external: ecs
+ name: user.id
+- external: ecs
+ name: user.roles
+- external: ecs
+ name: user.name
diff --git a/packages/salesforce/data_stream/apex/fields/fields.yml b/packages/salesforce/data_stream/apex/fields/fields.yml
new file mode 100644
index 00000000000..b31f9c0fa9a
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/fields/fields.yml
@@ -0,0 +1,168 @@
+- name: salesforce
+ type: group
+ fields:
+ - name: apex
+ type: group
+ fields:
+ - name: access_mode
+ type: keyword
+ description: The mode of collecting logs from Salesforce - "REST" or "Stream".
+ - name: action
+ type: keyword
+ description: Action performed by the callout.
+ - name: callout_time
+ type: float
+ description: Time spent waiting on webservice callouts, in milliseconds.
+ unit: ms
+ metric_type: gauge
+ - name: class_name
+ type: keyword
+ description: The Apex class name. If the class is part of a managed package, this string includes the package namespace.
+ - name: client_name
+ type: keyword
+ description: The name of the client that's using Salesforce services. This field is an optional parameter that can be passed in API calls. If blank, the caller didnt specify a client in the CallOptions header.
+ - name: cpu_time
+ type: float
+ description: The CPU time in milliseconds used to complete the request.
+ unit: ms
+ metric_type: gauge
+ - name: db_blocks
+ type: long
+ description: Indicates how much activity is occurring in the database. A high value for this field suggests that adding indexes or filters on your queries would benefit performance.
+ metric_type: gauge
+ - name: db_cpu_time
+ type: float
+ description: The CPU time in milliseconds to complete the request. Indicates the amount of activity taking place in the database layer during the request.
+ unit: ms
+ metric_type: gauge
+ - name: db_time.total
+ type: float
+ description: Time (in milliseconds) spent waiting for database processing in aggregate for all operations in the request. Compare this field to CPU_TIME to determine whether performance issues are occurring in the database layer or in your own code.
+ unit: ms
+ metric_type: gauge
+ - name: entity
+ type: keyword
+ description: Name of the external object being accessed.
+ - name: entity_name
+ type: keyword
+ description: The name of the object affected by the trigger.
+ - name: entry_point
+ type: keyword
+ description: The entry point for this Apex execution.
+ - name: event_type
+ type: keyword
+ description: The type of event.
+ - name: execute.ms
+ type: float
+ description: How long it took (in milliseconds) for Salesforce to prepare and execute the query. Available in API version 42.0 and later.
+ unit: ms
+ metric_type: gauge
+ - name: fetch.ms
+ type: float
+ description: How long it took (in milliseconds) to retrieve the query results from the external system. Available in API version 42.0 and later.
+ unit: ms
+ metric_type: gauge
+ - name: filter
+ type: keyword
+ description: Field expressions to filter which rows to return. Corresponds to WHERE in SOQL queries.
+ - name: is_long_running_request
+ type: keyword
+ description: Indicates whether the request is counted against your org's concurrent long-running Apex request limit (true) or not (false).
+ - name: limit
+ type: long
+ description: Maximum number of rows to return for a query. Corresponds to LIMIT in SOQL queries.
+ - name: limit_usage.pct
+ type: float
+ description: The percentage of Apex SOAP calls that were made against the organization's limit.
+ unit: percent
+ metric_type: gauge
+ - name: login_key
+ type: keyword
+ description: The string that ties together all events in a given user's login session. It starts with a login event and ends with either a logout event or the user session expiring.
+ - name: media_type
+ type: keyword
+ description: The media type of the response.
+ - name: message
+ type: keyword
+ description: Error or warning message associated with the failed call.
+ - name: method_name
+ type: keyword
+ description: The name of the calling Apex method.
+ - name: fields.count
+ type: long
+ description: The number of fields or columns, where applicable.
+ - name: soql_queries.count
+ type: long
+ description: The number of SOQL queries that were executed during the event.
+ - name: offset
+ type: long
+ description: Number of rows to skip when paging through a result set. Corresponds to OFFSET in SOQL queries.
+ - name: organization_id
+ type: keyword
+ description: The 15-character ID of the organization.
+ - name: query
+ type: keyword
+ description: The SOQL query, if one was performed.
+ - name: quiddity
+ type: keyword
+ description: The type of outer execution associated with this event.
+ - name: request_id
+ type: keyword
+ description: The unique ID of a single transaction. A transaction can contain one or more events. Each event in a given transaction has the same REQUEST_ID.
+ - name: request_status
+ type: keyword
+ description: The status of the request for a page view or user interface action.
+ - name: rows.total
+ type: long
+ description: Total number of records in the result set. The value is always -1 if the custom adapter's DataSource.Provider class doesn't declare the QUERY_TOTAL_SIZE capability.
+ - name: rows.fetched
+ type: long
+ description: Number of rows fetched by the callout. Available in API version 42.0 and later.
+ - name: rows.processed
+ type: long
+ description: The number of rows that were processed in the request.
+ - name: run_time
+ type: float
+ description: The amount of time that the request took in milliseconds.
+ unit: ms
+ metric_type: gauge
+ - name: select
+ type: keyword
+ description: Comma-separated list of fields being queried. Corresponds to SELECT in SOQL queries.
+ - name: subqueries
+ type: keyword
+ description: Reserved for future use.
+ - name: throughput
+ type: float
+ description: Number of records retrieved in one second.
+ metric_type: gauge
+ - name: trigger
+ type: group
+ fields:
+ - name: id
+ type: keyword
+ description: The 15-character ID of the trigger that was fired.
+ - name: name
+ type: keyword
+ description: For triggers coming from managed packages, TRIGGER_NAME includes a namespace prefix separated with a . character. If no namespace prefix is present, the trigger is from an unmanaged trigger.
+ - name: type
+ type: keyword
+ description: The type of this trigger.
+ - name: type
+ type: keyword
+ description: The type of Apex callout.
+ - name: uri
+ type: keyword
+ description: The URI of the page that's receiving the request.
+ - name: uri_derived_id
+ type: keyword
+ description: The 18-character case-safe ID of the URI of the page that's receiving the request.
+ - name: user_agent
+ type: keyword
+ description: The numeric code for the type of client used to make the request (for example, the browser, application, or API).
+ - name: user_id_derived
+ type: keyword
+ description: The 18-character case-safe ID of the user who's using Salesforce services through the UI or the API.
+ - name: instance_url
+ type: keyword
+ description: The Instance URL of the Salesforce instance.
diff --git a/packages/salesforce/data_stream/apex/manifest.yml b/packages/salesforce/data_stream/apex/manifest.yml
new file mode 100644
index 00000000000..d9ca8a8e379
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/manifest.yml
@@ -0,0 +1,40 @@
+type: logs
+title: Salesforce apex logs
+streams:
+ - input: httpjson
+ vars:
+ - name: period
+ type: text
+ title: Period
+ description: Period of fetching logs, i.e. 1s/1m/1h.
+ multi: false
+ required: true
+ show_user: false
+ default: 1h
+ - name: tags
+ type: text
+ title: Tags
+ multi: true
+ required: true
+ show_user: false
+ default:
+ - salesforce-apex
+ - forwarded
+ - name: preserve_original_event
+ required: true
+ show_user: true
+ title: Preserve original event
+ description: Preserves a raw copy of the original event, added to the field `event.original`.
+ type: bool
+ multi: false
+ default: false
+ - name: processors
+ type: yaml
+ title: Processors
+ multi: false
+ required: false
+ show_user: false
+ description: Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
+ template_path: httpjson.yml.hbs
+ title: Salesforce Apex logs
+ description: Collect Salesforce Apex logs.
diff --git a/packages/salesforce/data_stream/apex/sample_event.json b/packages/salesforce/data_stream/apex/sample_event.json
new file mode 100644
index 00000000000..088cc7ec593
--- /dev/null
+++ b/packages/salesforce/data_stream/apex/sample_event.json
@@ -0,0 +1,98 @@
+{
+ "@timestamp": "2022-11-22T04:46:15.591Z",
+ "agent": {
+ "ephemeral_id": "c50ecba0-45f3-4a29-bd66-d5bd6317345e",
+ "id": "6e72b9f7-fadd-4789-a6ea-e17925d36c7e",
+ "name": "docker-fleet-agent",
+ "type": "filebeat",
+ "version": "8.4.1"
+ },
+ "data_stream": {
+ "dataset": "salesforce.apex",
+ "namespace": "ep",
+ "type": "logs"
+ },
+ "ecs": {
+ "version": "8.5.0"
+ },
+ "elastic_agent": {
+ "id": "6e72b9f7-fadd-4789-a6ea-e17925d36c7e",
+ "snapshot": false,
+ "version": "8.4.1"
+ },
+ "event": {
+ "action": "apex-callout",
+ "agent_id_status": "verified",
+ "category": [
+ "network"
+ ],
+ "created": "2023-01-04T05:20:36.070Z",
+ "dataset": "salesforce.apex",
+ "duration": 1293,
+ "ingested": "2023-01-04T05:20:38Z",
+ "kind": "event",
+ "module": "salesforce",
+ "original": "{\"CLIENT_IP\":\"81.2.69.142\",\"CPU_TIME\":\"10\",\"EVENT_TYPE\":\"ApexCallout\",\"LOGIN_KEY\":\"Obv9123BzbaxqCo1\",\"METHOD\":\"GET\",\"ORGANIZATION_ID\":\"00D5j000000001V\",\"REQUEST_ID\":\"4exLFFQZ1234xFl1cJNwOV\",\"REQUEST_SIZE\":\"10\",\"RESPONSE_SIZE\":\"256\",\"RUN_TIME\":\"1305\",\"SESSION_KEY\":\"WvtsJ1235oW24EbH\",\"SUCCESS\":\"1\",\"TIME\":\"1293\",\"TIMESTAMP\":\"20221122044615.591\",\"TIMESTAMP_DERIVED\":\"2022-11-22T04:46:15.591Z\",\"TYPE\":\"OData\",\"URI\":\"CALLOUT-LOG\",\"URI_ID_DERIVED\":\"0055j000000utlPAQZB\",\"URL\":\"https://temp.sh/odata/Accounts\",\"USER_ID\":\"0055j0000000001\",\"USER_ID_DERIVED\":\"0055j012345utlPAAQ\"}",
+ "outcome": "success",
+ "type": [
+ "connection"
+ ],
+ "url": "https://temp.sh/odata/Accounts"
+ },
+ "http": {
+ "request": {
+ "bytes": 10,
+ "method": "GET"
+ },
+ "response": {
+ "bytes": 256
+ }
+ },
+ "input": {
+ "type": "httpjson"
+ },
+ "related": {
+ "ip": [
+ "81.2.69.142"
+ ]
+ },
+ "salesforce": {
+ "apex": {
+ "access_mode": "REST",
+ "cpu_time": 10,
+ "event_type": "ApexCallout",
+ "login_key": "Obv9123BzbaxqCo1",
+ "organization_id": "00D5j000000001V",
+ "request_id": "4exLFFQZ1234xFl1cJNwOV",
+ "run_time": 1305,
+ "type": "OData",
+ "uri": "CALLOUT-LOG",
+ "uri_derived_id": "0055j000000utlPAQZB",
+ "user_id_derived": "0055j012345utlPAAQ"
+ },
+ "instance_url": "http://elastic-package-service_salesforce_1:8010"
+ },
+ "source": {
+ "geo": {
+ "city_name": "London",
+ "continent_name": "Europe",
+ "country_iso_code": "GB",
+ "country_name": "United Kingdom",
+ "location": {
+ "lat": 51.5142,
+ "lon": -0.0931
+ },
+ "region_iso_code": "GB-ENG",
+ "region_name": "England"
+ },
+ "ip": "81.2.69.142"
+ },
+ "tags": [
+ "preserve_original_event",
+ "salesforce-apex",
+ "forwarded"
+ ],
+ "user": {
+ "id": "0055j0000000001"
+ }
+}
\ No newline at end of file
diff --git a/packages/salesforce/docs/README.md b/packages/salesforce/docs/README.md
index dc6e92ba823..c0c9a8524ad 100644
--- a/packages/salesforce/docs/README.md
+++ b/packages/salesforce/docs/README.md
@@ -1,170 +1,368 @@
-# Salesforce Integration
-
-## Overview
-
-The Salesforce integration allows you to monitor a [Salesforce](https://www.salesforce.com/) instance. Salesforce is a customer relationship management (CRM) platform. It provides an ecosystem for businesses to manage marketing, sales, commerce, service, and IT teams from anywhere with one integrated CRM platform.
-
-Use the Salesforce integration to:
-- Gain insights into login and other operational activities by the users of your organization.
-- Create visualizations to monitor, measure and analyze the usage trend and key data, and derive business insights.
-- Create alerts to reduce the MTTD and also the MTTR by referencing relevant logs when troubleshooting an issue.
-
-As an example, you can use the data from this integration to understand the activity patterns of users based on region or the distribution of users by license type.
-
-## Data streams
-
-The Salesforce integration collects log events using the REST API of Salesforce.
-
-**Logs** help you keep a record of events happening in Salesforce.
-Log data streams collected by the Salesforce integration include [Login](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_login.htm), and [Logout](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_logout.htm).
-
-Data streams:
-- `login_rest`: Tracks login activity of users who log in to Salesforce.
-- `logout_rest`: Tracks logout activity of users who logout from Salesforce.
-
-## Compatibility
-
-This integration has been tested against Salesforce `Spring '22 (v54.0) release`.
-
-In order to find out the Salesforce version of your Instance, see below:
-
-1. On the Home tab in Salesforce Classic, in the top right corner of the screen is a link to releases like `Summer '22`. This indicates your release.
-
-2. An alternative way to find out the version of Salesforce is by hitting the following URL:
- - Format: (Salesforce Instance URL)/services/data
- - Example: `https://na9.salesforce.com/services/data`
-
-Example response:
-```xml
-
-
-
- /services/data/v53.0
- 53.0
-
-
-
- /services/data/v54.0
- 54.0
-
-
-
- /services/data/v55.0
- 55.0
-
-
-```
-The last one on the list is the release of your instance. In the example above, the version is `Summer '22` i.e. `v55.0`.
-
-## Prerequisites
-
-You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
-You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended or self-manage the Elastic Stack on your own hardware.
-
-In your Salesforce instance, ensure that `API Enabled permission` is selected for the user profile. Follow the below steps to enable the same:
-
-1. Go to `Setup` > `Quick Find` > `Users`, and Click on `Users`.
-2. Click on the profile link associated with the `User Account` used for data collection.
-3. Search for `API Enabled` permission on the same page. In case it’s not present, search it under `System Permissions` and check if `API Enabled` privilege is selected. If not, enable it for data collection.
-
-## Set Up
-
-For step-by-step instructions on how to set up an integration, see the [Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.
-
-## Configuration
-
-You need the following information from your Salesforce instance to configure this integration in Elastic:
-
-### Salesforce Instance URL
-
-The instance your Salesforce Organization uses is indicated in the URL of your browser's address bar in Salesforce Classic. The value before 'salesforce.com' is your Salesforce Instance.
-
-Example URL: `https://na9.salesforce.com/home/home.jsp`
-
-In the above example, the value before 'salesforce.com' is your Salesforce Instance. In this example, the Salesforce Organization is located on NA9.
-
-The Salesforce Instance URL is: `https://na9.salesforce.com`
-
-In Salesforce Lightning, it is available under the user name in the “View Profile” tab.
-
-### Client Key and Client Secret for Authentication
-
-In order to use this integration, you need to create a new Salesforce Application using OAuth. Follow the steps below to create a connected application in Salesforce:
-
-1. Login to [Salesforce](https://login.salesforce.com/) with the same user credentials that you want to collect data with.
-2. Click on Setup on the top right menu bar. On the Setup page search `App Manager` in the `Search Setup` search box at the top of the page, then select `App Manager`.
-3. Click *New Connected App*.
-4. Provide a name for the connected application. This will be displayed in the App Manager and on its App Launcher tile.
-5. Enter the API name. The default is a version of the name without spaces. Only letters, numbers, and underscores are allowed. If the original app name contains any other characters, edit the default name.
-6. Enter the contact email for Salesforce.
-7. Under the API (Enable OAuth Settings) section of the page, select *Enable OAuth Settings*.
-8. In the Callback URL enter the Instance URL (Please refer to `Salesforce Instance URL`)
-9. Select the following OAuth scopes to apply to the connected app:
- - Manage user data via APIs (api).
- - Perform requests at any time (refresh_token, offline_access).
- - (Optional) In case of data collection, if any permission issues arise, add the Full access (full) scope.
-10. Select *Require Secret for the Web Server Flow* to require the app's client secret in exchange for an access token.
-11. Select *Require Secret for Refresh Token Flow* to require the app's client secret in the authorization request of a refresh token and hybrid refresh token flow.
-12. Click Save. It may take approximately 10 minutes for the changes to take effect.
-13. Click Continue and then under API details click Manage Consumer Details, Verify the user account using Verification Code.
-14. Copy `Consumer Key` and `Consumer Secret` from the Consumer Details section, which should be populated as value to Client ID and Client Secret respectively in the configuration.
-
-For more details on how to Create a Connected App refer to the salesforce documentation [here](https://help.salesforce.com/apex/HTViewHelpDoc?id=connected_app_create.htm).
-
-### Username
-
-User Id of the registered user in Salesforce.
-
-### Password
-
-Password used for authenticating the above user.
-
-## Additional Information
-
-Follow the steps below, in case you need to find the API version:
-
-1. Go to `Setup` > `Quick Find` > `Apex Classes`.
-2. Click the `New` button.
-3. Click the `Version Settings` tab.
-4. Refer to the `Version` dropdown for the API Version number.
-
-## Validation
-
-After the integration is successfully configured, clicking on the Assets tab of the Salesforce Integration should display a list of available dashboards. Click on the dashboard available for your configured datastream. It should be populated with the required data.
-
-## Troubleshooting
-
-- In case of data ingestion if the user finds the following type of error logs:
-```
-{
- "log.level": "error",
- "@timestamp": "2022-11-24T12:59:36.835+0530",
- "log.logger": "input.httpjson-cursor",
- "log.origin": {
- "[file.name](http://file.name/)": "compat/compat.go",
- "file.line": 124
- },
- "message": "Input 'httpjson-cursor' failed with: input.go:130: input 8A049E17A5CA661D failed (id=8A049E17A5CA661D)\n\toauth2 client: error loading credentials using user and password: oauth2: cannot fetch token: 400 Bad Request\n\tResponse: {\"error\":\"invalid_grant\",\"error_description\":\"authentication failure\"}",
- "[service.name](http://service.name/)": "filebeat",
- "id": "8A049E17A5CA661D",
- "ecs.version": "1.6.0"
-}
-```
-Please check if the `API Enabled permission` is provided to the `profile` associated with the `username` used as part of the integration.
-Please refer to the Prerequisites section above for more information.
-
-If the error continues follow these steps:
-
-1. Go to `Setup` > `Quick Find` > `Manage Connected Apps`.
-2. Click on the Connected App name created by you to generate the client id and client secret (Refer to Client Key and Client Secret for Authentication) under the Master Label.
-3. Click on Edit Policies, and select `Relax IP restrictions` from the dropdown for IP Relaxation.
-
-## Logs reference
-
-### Login Rest
-
-This is the `login_rest` data stream. It represents events containing details about your organization's user login history.
-
+# Salesforce Integration
+
+## Overview
+
+The Salesforce integration allows you to monitor a [Salesforce](https://www.salesforce.com/) instance. Salesforce is a customer relationship management (CRM) platform. It provides an ecosystem for businesses to manage marketing, sales, commerce, service, and IT teams from anywhere with one integrated CRM platform.
+
+Use the Salesforce integration to:
+- Gain insights into login and other operational activities by the users of your organization.
+- Create visualizations to monitor, measure and analyze the usage trend and key data, and derive business insights.
+- Create alerts to reduce the MTTD and also the MTTR by referencing relevant logs when troubleshooting an issue.
+
+As an example, you can use the data from this integration to understand the activity patterns of users based on region or the distribution of users by license type.
+
+## Data streams
+
+The Salesforce integration collects log events using the REST API of Salesforce.
+
+**Logs** help you keep a record of events happening in Salesforce.
+Log data streams collected by the Salesforce integration include [Login](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_login.htm), [Logout](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile_logout.htm) and [Apex](https://developer.salesforce.com/docs/atlas.en-us.238.0.object_reference.meta/object_reference/sforce_api_objects_apexclass.htm).
+
+Data streams:
+- `login_rest`: Tracks login activity of users who log in to Salesforce.
+- `logout_rest`: Tracks logout activity of users who logout from Salesforce.
+- `apex`: Represents information about various Apex events like Callout, Execution, REST API, SOAP API, Trigger, etc.
+
+## Compatibility
+
+This integration has been tested against Salesforce `Spring '22 (v54.0) release`.
+
+In order to find out the Salesforce version of your Instance, see below:
+
+1. On the Home tab in Salesforce Classic, in the top right corner of the screen is a link to releases like `Summer '22`. This indicates your release.
+
+2. An alternative way to find out the version of Salesforce is by hitting the following URL:
+ - Format: (Salesforce Instance URL)/services/data
+ - Example: `https://na9.salesforce.com/services/data`
+
+Example response:
+```xml
+
+
+
+ /services/data/v53.0
+ 53.0
+
+
+
+ /services/data/v54.0
+ 54.0
+
+
+
+ /services/data/v55.0
+ 55.0
+
+
+```
+The last one on the list is the release of your instance. In the example above, the version is `Summer '22` i.e. `v55.0`.
+
+## Prerequisites
+
+You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
+You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended or self-manage the Elastic Stack on your own hardware.
+
+In your Salesforce instance, ensure that `API Enabled permission` is selected for the user profile. Follow the below steps to enable the same:
+
+1. Go to `Setup` > `Quick Find` > `Users`, and Click on `Users`.
+2. Click on the profile link associated with the `User Account` used for data collection.
+3. Search for `API Enabled` permission on the same page. In case it’s not present, search it under `System Permissions` and check if `API Enabled` privilege is selected. If not, enable it for data collection.
+
+## Set Up
+
+For step-by-step instructions on how to set up an integration, see the [Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.
+
+## Configuration
+
+You need the following information from your Salesforce instance to configure this integration in Elastic:
+
+### Salesforce Instance URL
+
+The instance your Salesforce Organization uses is indicated in the URL of your browser's address bar in Salesforce Classic. The value before 'salesforce.com' is your Salesforce Instance.
+
+Example URL: `https://na9.salesforce.com/home/home.jsp`
+
+In the above example, the value before 'salesforce.com' is your Salesforce Instance. In this example, the Salesforce Organization is located on NA9.
+
+The Salesforce Instance URL is: `https://na9.salesforce.com`
+
+In Salesforce Lightning, it is available under the user name in the “View Profile” tab.
+
+### Client Key and Client Secret for Authentication
+
+In order to use this integration, you need to create a new Salesforce Application using OAuth. Follow the steps below to create a connected application in Salesforce:
+
+1. Login to [Salesforce](https://login.salesforce.com/) with the same user credentials that you want to collect data with.
+2. Click on Setup on the top right menu bar. On the Setup page search `App Manager` in the `Search Setup` search box at the top of the page, then select `App Manager`.
+3. Click *New Connected App*.
+4. Provide a name for the connected application. This will be displayed in the App Manager and on its App Launcher tile.
+5. Enter the API name. The default is a version of the name without spaces. Only letters, numbers, and underscores are allowed. If the original app name contains any other characters, edit the default name.
+6. Enter the contact email for Salesforce.
+7. Under the API (Enable OAuth Settings) section of the page, select *Enable OAuth Settings*.
+8. In the Callback URL enter the Instance URL (Please refer to `Salesforce Instance URL`)
+9. Select the following OAuth scopes to apply to the connected app:
+ - Manage user data via APIs (api).
+ - Perform requests at any time (refresh_token, offline_access).
+ - (Optional) In case of data collection, if any permission issues arise, add the Full access (full) scope.
+10. Select *Require Secret for the Web Server Flow* to require the app's client secret in exchange for an access token.
+11. Select *Require Secret for Refresh Token Flow* to require the app's client secret in the authorization request of a refresh token and hybrid refresh token flow.
+12. Click Save. It may take approximately 10 minutes for the changes to take effect.
+13. Click Continue and then under API details click Manage Consumer Details, Verify the user account using Verification Code.
+14. Copy `Consumer Key` and `Consumer Secret` from the Consumer Details section, which should be populated as value to Client ID and Client Secret respectively in the configuration.
+
+For more details on how to Create a Connected App refer to the salesforce documentation [here](https://help.salesforce.com/apex/HTViewHelpDoc?id=connected_app_create.htm).
+
+### Username
+
+User Id of the registered user in Salesforce.
+
+### Password
+
+Password used for authenticating the above user.
+
+## Additional Information
+
+Follow the steps below, in case you need to find the API version:
+
+1. Go to `Setup` > `Quick Find` > `Apex Classes`.
+2. Click the `New` button.
+3. Click the `Version Settings` tab.
+4. Refer to the `Version` dropdown for the API Version number.
+
+## Validation
+
+After the integration is successfully configured, clicking on the Assets tab of the Salesforce Integration should display a list of available dashboards. Click on the dashboard available for your configured datastream. It should be populated with the required data.
+
+## Troubleshooting
+
+- In case of data ingestion if the user finds the following type of error logs:
+```
+{
+ "log.level": "error",
+ "@timestamp": "2022-11-24T12:59:36.835+0530",
+ "log.logger": "input.httpjson-cursor",
+ "log.origin": {
+ "[file.name](http://file.name/)": "compat/compat.go",
+ "file.line": 124
+ },
+ "message": "Input 'httpjson-cursor' failed with: input.go:130: input 8A049E17A5CA661D failed (id=8A049E17A5CA661D)\n\toauth2 client: error loading credentials using user and password: oauth2: cannot fetch token: 400 Bad Request\n\tResponse: {\"error\":\"invalid_grant\",\"error_description\":\"authentication failure\"}",
+ "[service.name](http://service.name/)": "filebeat",
+ "id": "8A049E17A5CA661D",
+ "ecs.version": "1.6.0"
+}
+```
+Please check if the `API Enabled permission` is provided to the `profile` associated with the `username` used as part of the integration.
+Please refer to the Prerequisites section above for more information.
+
+If the error continues follow these steps:
+
+1. Go to `Setup` > `Quick Find` > `Manage Connected Apps`.
+2. Click on the Connected App name created by you to generate the client id and client secret (Refer to Client Key and Client Secret for Authentication) under the Master Label.
+3. Click on Edit Policies, and select `Relax IP restrictions` from the dropdown for IP Relaxation.
+
+## Logs reference
+
+### Apex
+
+This is the `apex` data stream. Apex enables developers to access the Salesforce platform back-end database and client-server interfaces to create third-party SaaS applications.
+
+An example event for `apex` looks as following:
+
+```json
+{
+ "@timestamp": "2022-11-22T04:46:15.591Z",
+ "agent": {
+ "ephemeral_id": "c50ecba0-45f3-4a29-bd66-d5bd6317345e",
+ "id": "6e72b9f7-fadd-4789-a6ea-e17925d36c7e",
+ "name": "docker-fleet-agent",
+ "type": "filebeat",
+ "version": "8.4.1"
+ },
+ "data_stream": {
+ "dataset": "salesforce.apex",
+ "namespace": "ep",
+ "type": "logs"
+ },
+ "ecs": {
+ "version": "8.5.0"
+ },
+ "elastic_agent": {
+ "id": "6e72b9f7-fadd-4789-a6ea-e17925d36c7e",
+ "snapshot": false,
+ "version": "8.4.1"
+ },
+ "event": {
+ "action": "apex-callout",
+ "agent_id_status": "verified",
+ "category": [
+ "network"
+ ],
+ "created": "2023-01-04T05:20:36.070Z",
+ "dataset": "salesforce.apex",
+ "duration": 1293,
+ "ingested": "2023-01-04T05:20:38Z",
+ "kind": "event",
+ "module": "salesforce",
+ "original": "{\"CLIENT_IP\":\"81.2.69.142\",\"CPU_TIME\":\"10\",\"EVENT_TYPE\":\"ApexCallout\",\"LOGIN_KEY\":\"Obv9123BzbaxqCo1\",\"METHOD\":\"GET\",\"ORGANIZATION_ID\":\"00D5j000000001V\",\"REQUEST_ID\":\"4exLFFQZ1234xFl1cJNwOV\",\"REQUEST_SIZE\":\"10\",\"RESPONSE_SIZE\":\"256\",\"RUN_TIME\":\"1305\",\"SESSION_KEY\":\"WvtsJ1235oW24EbH\",\"SUCCESS\":\"1\",\"TIME\":\"1293\",\"TIMESTAMP\":\"20221122044615.591\",\"TIMESTAMP_DERIVED\":\"2022-11-22T04:46:15.591Z\",\"TYPE\":\"OData\",\"URI\":\"CALLOUT-LOG\",\"URI_ID_DERIVED\":\"0055j000000utlPAQZB\",\"URL\":\"https://temp.sh/odata/Accounts\",\"USER_ID\":\"0055j0000000001\",\"USER_ID_DERIVED\":\"0055j012345utlPAAQ\"}",
+ "outcome": "success",
+ "type": [
+ "connection"
+ ],
+ "url": "https://temp.sh/odata/Accounts"
+ },
+ "http": {
+ "request": {
+ "bytes": 10,
+ "method": "GET"
+ },
+ "response": {
+ "bytes": 256
+ }
+ },
+ "input": {
+ "type": "httpjson"
+ },
+ "related": {
+ "ip": [
+ "81.2.69.142"
+ ]
+ },
+ "salesforce": {
+ "apex": {
+ "access_mode": "REST",
+ "cpu_time": 10,
+ "event_type": "ApexCallout",
+ "login_key": "Obv9123BzbaxqCo1",
+ "organization_id": "00D5j000000001V",
+ "request_id": "4exLFFQZ1234xFl1cJNwOV",
+ "run_time": 1305,
+ "type": "OData",
+ "uri": "CALLOUT-LOG",
+ "uri_derived_id": "0055j000000utlPAQZB",
+ "user_id_derived": "0055j012345utlPAAQ"
+ },
+ "instance_url": "http://elastic-package-service_salesforce_1:8010"
+ },
+ "source": {
+ "geo": {
+ "city_name": "London",
+ "continent_name": "Europe",
+ "country_iso_code": "GB",
+ "country_name": "United Kingdom",
+ "location": {
+ "lat": 51.5142,
+ "lon": -0.0931
+ },
+ "region_iso_code": "GB-ENG",
+ "region_name": "England"
+ },
+ "ip": "81.2.69.142"
+ },
+ "tags": [
+ "preserve_original_event",
+ "salesforce-apex",
+ "forwarded"
+ ],
+ "user": {
+ "id": "0055j0000000001"
+ }
+}
+```
+
+**Exported fields**
+
+| Field | Description | Type | Unit | Metric Type |
+|---|---|---|---|---|
+| @timestamp | Event timestamp. | date | | |
+| data_stream.dataset | Data stream dataset. | constant_keyword | | |
+| data_stream.namespace | Data stream namespace. | constant_keyword | | |
+| data_stream.type | Data stream type. | constant_keyword | | |
+| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | |
+| error.message | Error message. | match_only_text | | |
+| event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword | | |
+| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | | |
+| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | | |
+| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | | |
+| event.duration | Duration of the event in milliseconds. If event.start and event.end are known this value should be the difference between the end and start time | long | ms | |
+| event.id | Unique ID to describe the event. | keyword | | |
+| event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` \< `event.created` \< `event.ingested`. | date | | |
+| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | |
+| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | | |
+| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | | |
+| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | |
+| event.url | URL linking to an external system to continue investigation of this event. This URL links to another system where in-depth investigation of the specific occurrence of this event can take place. Alert events, indicated by `event.kind:alert`, are a common use case for this field. | keyword | | |
+| http.request.bytes | Total size in bytes of the request (body and headers). | long | | |
+| http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | |
+| http.response.bytes | Total size in bytes of the response (body and headers). | long | | |
+| http.response.status_code | HTTP response status code. | long | | |
+| input.type | Input type. | keyword | | |
+| related.ip | All of the IPs seen on your event. | ip | | |
+| salesforce.apex.access_mode | The mode of collecting logs from Salesforce - "REST" or "Stream". | keyword | | |
+| salesforce.apex.action | Action performed by the callout. | keyword | | |
+| salesforce.apex.callout_time | Time spent waiting on webservice callouts, in milliseconds. | float | ms | gauge |
+| salesforce.apex.class_name | The Apex class name. If the class is part of a managed package, this string includes the package namespace. | keyword | | |
+| salesforce.apex.client_name | The name of the client that's using Salesforce services. This field is an optional parameter that can be passed in API calls. If blank, the caller didnt specify a client in the CallOptions header. | keyword | | |
+| salesforce.apex.cpu_time | The CPU time in milliseconds used to complete the request. | float | ms | gauge |
+| salesforce.apex.db_blocks | Indicates how much activity is occurring in the database. A high value for this field suggests that adding indexes or filters on your queries would benefit performance. | long | | gauge |
+| salesforce.apex.db_cpu_time | The CPU time in milliseconds to complete the request. Indicates the amount of activity taking place in the database layer during the request. | float | ms | gauge |
+| salesforce.apex.db_time.total | Time (in milliseconds) spent waiting for database processing in aggregate for all operations in the request. Compare this field to CPU_TIME to determine whether performance issues are occurring in the database layer or in your own code. | float | ms | gauge |
+| salesforce.apex.entity | Name of the external object being accessed. | keyword | | |
+| salesforce.apex.entity_name | The name of the object affected by the trigger. | keyword | | |
+| salesforce.apex.entry_point | The entry point for this Apex execution. | keyword | | |
+| salesforce.apex.event_type | The type of event. | keyword | | |
+| salesforce.apex.execute.ms | How long it took (in milliseconds) for Salesforce to prepare and execute the query. Available in API version 42.0 and later. | float | ms | gauge |
+| salesforce.apex.fetch.ms | How long it took (in milliseconds) to retrieve the query results from the external system. Available in API version 42.0 and later. | float | ms | gauge |
+| salesforce.apex.fields.count | The number of fields or columns, where applicable. | long | | |
+| salesforce.apex.filter | Field expressions to filter which rows to return. Corresponds to WHERE in SOQL queries. | keyword | | |
+| salesforce.apex.is_long_running_request | Indicates whether the request is counted against your org's concurrent long-running Apex request limit (true) or not (false). | keyword | | |
+| salesforce.apex.limit | Maximum number of rows to return for a query. Corresponds to LIMIT in SOQL queries. | long | | |
+| salesforce.apex.limit_usage.pct | The percentage of Apex SOAP calls that were made against the organization's limit. | float | percent | gauge |
+| salesforce.apex.login_key | The string that ties together all events in a given user's login session. It starts with a login event and ends with either a logout event or the user session expiring. | keyword | | |
+| salesforce.apex.media_type | The media type of the response. | keyword | | |
+| salesforce.apex.message | Error or warning message associated with the failed call. | keyword | | |
+| salesforce.apex.method_name | The name of the calling Apex method. | keyword | | |
+| salesforce.apex.offset | Number of rows to skip when paging through a result set. Corresponds to OFFSET in SOQL queries. | long | | |
+| salesforce.apex.organization_id | The 15-character ID of the organization. | keyword | | |
+| salesforce.apex.query | The SOQL query, if one was performed. | keyword | | |
+| salesforce.apex.quiddity | The type of outer execution associated with this event. | keyword | | |
+| salesforce.apex.request_id | The unique ID of a single transaction. A transaction can contain one or more events. Each event in a given transaction has the same REQUEST_ID. | keyword | | |
+| salesforce.apex.request_status | The status of the request for a page view or user interface action. | keyword | | |
+| salesforce.apex.rows.fetched | Number of rows fetched by the callout. Available in API version 42.0 and later. | long | | |
+| salesforce.apex.rows.processed | The number of rows that were processed in the request. | long | | |
+| salesforce.apex.rows.total | Total number of records in the result set. The value is always -1 if the custom adapter's DataSource.Provider class doesn't declare the QUERY_TOTAL_SIZE capability. | long | | |
+| salesforce.apex.run_time | The amount of time that the request took in milliseconds. | float | ms | gauge |
+| salesforce.apex.select | Comma-separated list of fields being queried. Corresponds to SELECT in SOQL queries. | keyword | | |
+| salesforce.apex.soql_queries.count | The number of SOQL queries that were executed during the event. | long | | |
+| salesforce.apex.subqueries | Reserved for future use. | keyword | | |
+| salesforce.apex.throughput | Number of records retrieved in one second. | float | | gauge |
+| salesforce.apex.trigger.id | The 15-character ID of the trigger that was fired. | keyword | | |
+| salesforce.apex.trigger.name | For triggers coming from managed packages, TRIGGER_NAME includes a namespace prefix separated with a . character. If no namespace prefix is present, the trigger is from an unmanaged trigger. | keyword | | |
+| salesforce.apex.trigger.type | The type of this trigger. | keyword | | |
+| salesforce.apex.type | The type of Apex callout. | keyword | | |
+| salesforce.apex.uri | The URI of the page that's receiving the request. | keyword | | |
+| salesforce.apex.uri_derived_id | The 18-character case-safe ID of the URI of the page that's receiving the request. | keyword | | |
+| salesforce.apex.user_agent | The numeric code for the type of client used to make the request (for example, the browser, application, or API). | keyword | | |
+| salesforce.apex.user_id_derived | The 18-character case-safe ID of the user who's using Salesforce services through the UI or the API. | keyword | | |
+| salesforce.instance_url | The Instance URL of the Salesforce instance. | keyword | | |
+| source.geo.city_name | City name. | keyword | | |
+| source.geo.continent_name | Name of the continent. | keyword | | |
+| source.geo.country_iso_code | Country ISO code. | keyword | | |
+| source.geo.country_name | Country name. | keyword | | |
+| source.geo.location | Longitude and latitude. | geo_point | | |
+| source.geo.region_iso_code | Region ISO code. | keyword | | |
+| source.geo.region_name | Region name. | keyword | | |
+| source.ip | IP address of the source (IPv4 or IPv6). | ip | | |
+| tags | List of keywords used to tag each event. | keyword | | |
+| user.id | Unique identifier of the user. | keyword | | |
+| user.name | Short name or login of the user. | keyword | | |
+| user.name.text | Multi-field of `user.name`. | match_only_text | | |
+| user.roles | Array of user roles at the time of the event. | keyword | | |
+
+
+### Login Rest
+
+This is the `login_rest` data stream. It represents events containing details about your organization's user login history.
+
An example event for `login_rest` looks as following:
```json
@@ -273,8 +471,8 @@ An example event for `login_rest` looks as following:
"name": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36"
}
}
-```
-
+```
+
**Exported fields**
| Field | Description | Type | Unit | Metric Type |
@@ -330,12 +528,12 @@ An example event for `login_rest` looks as following:
| user.id | Unique identifier of the user. | keyword | | |
| user.roles | Array of user roles at the time of the event. | keyword | | |
| user_agent.name | Name of the user agent. | keyword | | |
-
-
-### Logout Rest
-
-This is the `logout_rest` data stream. It represents events containing details about your organization's user logout history.
-
+
+
+### Logout Rest
+
+This is the `logout_rest` data stream. It represents events containing details about your organization's user logout history.
+
An example event for `logout_rest` looks as following:
```json
@@ -435,8 +633,8 @@ An example event for `logout_rest` looks as following:
"roles": "Standard"
}
}
-```
-
+```
+
**Exported fields**
| Field | Description | Type |
@@ -486,4 +684,4 @@ An example event for `logout_rest` looks as following:
| tags | List of keywords used to tag each event. | keyword |
| user.id | Unique identifier of the user. | keyword |
| user.roles | Array of user roles at the time of the event. | keyword |
-
+
diff --git a/packages/salesforce/img/salesforce-apex.png b/packages/salesforce/img/salesforce-apex.png
new file mode 100644
index 00000000000..8ca22179d88
Binary files /dev/null and b/packages/salesforce/img/salesforce-apex.png differ
diff --git a/packages/salesforce/kibana/dashboard/salesforce-59ef0af0-5749-11ec-8f0b-05e8b06e1b10-pkg.json b/packages/salesforce/kibana/dashboard/salesforce-59ef0af0-5749-11ec-8f0b-05e8b06e1b10-pkg.json
new file mode 100644
index 00000000000..67cc74215fa
--- /dev/null
+++ b/packages/salesforce/kibana/dashboard/salesforce-59ef0af0-5749-11ec-8f0b-05e8b06e1b10-pkg.json
@@ -0,0 +1,2143 @@
+{
+ "attributes": {
+ "controlGroupInput": {
+ "chainingSystem": "HIERARCHICAL",
+ "controlStyle": "oneLine",
+ "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}",
+ "panelsJSON": "{\"dab08a3b-b2d3-4b48-97ca-f299e83b3e85\":{\"order\":0,\"width\":\"large\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"salesforce.instance_url\",\"title\":\"Instance URL\",\"id\":\"dab08a3b-b2d3-4b48-97ca-f299e83b3e85\",\"enhancements\":{},\"selectedOptions\":[]}}}"
+ },
+ "description": "Apex EventLogFile Data",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "syncColors": false,
+ "syncTooltips": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-bfd4a8f4-653c-49f7-bd04-dd9efd1f9aee",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "f146890a-baa4-4bc2-8841-316fbdce1b4b",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "7c8e0bae-bd37-4967-a7d8-ca922ed86285",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "321f43f2-f769-4639-bc81-18f1ca97dd50",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "bfd4a8f4-653c-49f7-bd04-dd9efd1f9aee": {
+ "columnOrder": [
+ "9e1cad3b-eb20-4dd8-8011-94fb5c46c517",
+ "9e1cad3b-eb20-4dd8-8011-94fb5c46c517X0"
+ ],
+ "columns": {
+ "9e1cad3b-eb20-4dd8-8011-94fb5c46c517": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Calls against the organization limit",
+ "operationType": "formula",
+ "params": {
+ "formula": "count()",
+ "isFormulaBroken": false
+ },
+ "references": [
+ "9e1cad3b-eb20-4dd8-8011-94fb5c46c517X0"
+ ],
+ "scale": "ratio"
+ },
+ "9e1cad3b-eb20-4dd8-8011-94fb5c46c517X0": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Part of Calls against the organization limit",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": false
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "f146890a-baa4-4bc2-8841-316fbdce1b4b",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ },
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "7c8e0bae-bd37-4967-a7d8-ca922ed86285",
+ "key": "salesforce.apex.is_long_running_request",
+ "negate": true,
+ "params": {
+ "query": "0"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "salesforce.apex.is_long_running_request": "0"
+ }
+ }
+ },
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "321f43f2-f769-4639-bc81-18f1ca97dd50",
+ "key": "salesforce.apex.is_long_running_request",
+ "negate": false,
+ "type": "exists",
+ "value": "exists"
+ },
+ "query": {
+ "exists": {
+ "field": "salesforce.apex.is_long_running_request"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "accessor": "9e1cad3b-eb20-4dd8-8011-94fb5c46c517",
+ "colorMode": "None",
+ "layerId": "bfd4a8f4-653c-49f7-bd04-dd9efd1f9aee",
+ "layerType": "data",
+ "size": "l",
+ "textAlign": "center",
+ "titlePosition": "bottom"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsMetric"
+ },
+ "enhancements": {},
+ "hidePanelTitles": true
+ },
+ "gridData": {
+ "h": 15,
+ "i": "6b1afef8-3be5-4fca-a0c4-690a14979551",
+ "w": 16,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "6b1afef8-3be5-4fca-a0c4-690a14979551",
+ "title": "Calls against the organization limit [Logs Salesforce]]",
+ "type": "lens",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-6b3e9ab2-2d33-46c3-9575-78a6bc8af75b",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "91faad59-2e63-4430-9a75-2d15890ea72f",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "6b3e9ab2-2d33-46c3-9575-78a6bc8af75b": {
+ "columnOrder": [
+ "d70ad4b5-d399-41ce-b3c1-e1314a80da88",
+ "4cfb821a-ad49-4dc4-ada1-cd7e4317242c"
+ ],
+ "columns": {
+ "4cfb821a-ad49-4dc4-ada1-cd7e4317242c": {
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count of records",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "d70ad4b5-d399-41ce-b3c1-e1314a80da88": {
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Top 5 values of event.outcome",
+ "operationType": "terms",
+ "params": {
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "4cfb821a-ad49-4dc4-ada1-cd7e4317242c",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": true,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 5
+ },
+ "scale": "ordinal",
+ "sourceField": "event.outcome"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "91faad59-2e63-4430-9a75-2d15890ea72f",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "layers": [
+ {
+ "categoryDisplay": "default",
+ "groups": [
+ "d70ad4b5-d399-41ce-b3c1-e1314a80da88"
+ ],
+ "layerId": "6b3e9ab2-2d33-46c3-9575-78a6bc8af75b",
+ "layerType": "data",
+ "legendDisplay": "default",
+ "metric": "4cfb821a-ad49-4dc4-ada1-cd7e4317242c",
+ "nestedLegend": false,
+ "numberDisplay": "percent"
+ }
+ ],
+ "shape": "pie"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsPie"
+ },
+ "enhancements": {},
+ "hidePanelTitles": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "8039ad1b-bbc7-4d77-bcff-77ef0299a766",
+ "w": 16,
+ "x": 16,
+ "y": 0
+ },
+ "panelIndex": "8039ad1b-bbc7-4d77-bcff-77ef0299a766",
+ "title": "Distribution of request status [Logs Salesforce]",
+ "type": "lens",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-ce4e2479-29c1-4aa0-991e-0772b981e53e",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "abc33b9e-4aa6-4fd8-ba03-20a7ccfde8b7",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "ce4e2479-29c1-4aa0-991e-0772b981e53e": {
+ "columnOrder": [
+ "7941b24c-6791-4993-b363-616eafaad185",
+ "ff53120c-8fee-489f-88a7-cdac245b92dd"
+ ],
+ "columns": {
+ "7941b24c-6791-4993-b363-616eafaad185": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Apex media type",
+ "operationType": "terms",
+ "params": {
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "ff53120c-8fee-489f-88a7-cdac245b92dd",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "salesforce.apex.media_type"
+ },
+ "ff53120c-8fee-489f-88a7-cdac245b92dd": {
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Count of records",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "abc33b9e-4aa6-4fd8-ba03-20a7ccfde8b7",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "layers": [
+ {
+ "categoryDisplay": "default",
+ "groups": [
+ "7941b24c-6791-4993-b363-616eafaad185"
+ ],
+ "layerId": "ce4e2479-29c1-4aa0-991e-0772b981e53e",
+ "layerType": "data",
+ "legendDisplay": "default",
+ "metric": "ff53120c-8fee-489f-88a7-cdac245b92dd",
+ "nestedLegend": false,
+ "numberDisplay": "percent"
+ }
+ ],
+ "shape": "pie"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsPie"
+ },
+ "enhancements": {},
+ "hidePanelTitles": false
+ },
+ "gridData": {
+ "h": 15,
+ "i": "00d05ee3-74f4-4621-9dc7-04fde76b86d9",
+ "w": 16,
+ "x": 32,
+ "y": 0
+ },
+ "panelIndex": "00d05ee3-74f4-4621-9dc7-04fde76b86d9",
+ "title": "Responses by media type [Logs Salesforce]",
+ "type": "lens",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-197919f5-ef5b-4ae9-8432-cd2a91e337d2",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "8cf2e123-a161-4fcd-8462-53803d77c032",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "197919f5-ef5b-4ae9-8432-cd2a91e337d2": {
+ "columnOrder": [
+ "61308466-190f-4872-9976-8e5320f6eee6",
+ "b00acfd3-e92b-4b7c-bf69-86e3ebf49971",
+ "d856470e-3075-4c79-a99b-77cb8fd0f5ea"
+ ],
+ "columns": {
+ "61308466-190f-4872-9976-8e5320f6eee6": {
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Top 10 values of salesforce.apex.trigger.name",
+ "operationType": "terms",
+ "params": {
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "d856470e-3075-4c79-a99b-77cb8fd0f5ea",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": true,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "salesforce.apex.trigger.name"
+ },
+ "b00acfd3-e92b-4b7c-bf69-86e3ebf49971": {
+ "dataType": "date",
+ "isBucketed": true,
+ "label": "@timestamp",
+ "operationType": "date_histogram",
+ "params": {
+ "dropPartials": false,
+ "includeEmptyRows": true,
+ "interval": "auto"
+ },
+ "scale": "interval",
+ "sourceField": "@timestamp"
+ },
+ "d856470e-3075-4c79-a99b-77cb8fd0f5ea": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Apex Trigger",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "8cf2e123-a161-4fcd-8462-53803d77c032",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "layers": [
+ {
+ "accessors": [
+ "d856470e-3075-4c79-a99b-77cb8fd0f5ea"
+ ],
+ "layerId": "197919f5-ef5b-4ae9-8432-cd2a91e337d2",
+ "layerType": "data",
+ "position": "top",
+ "seriesType": "line",
+ "showGridlines": false,
+ "splitAccessor": "61308466-190f-4872-9976-8e5320f6eee6",
+ "xAccessor": "b00acfd3-e92b-4b7c-bf69-86e3ebf49971"
+ }
+ ],
+ "legend": {
+ "isVisible": true,
+ "position": "right"
+ },
+ "preferredSeriesType": "line",
+ "title": "Empty XY chart",
+ "valueLabels": "hide"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsXY"
+ },
+ "enhancements": {},
+ "hidePanelTitles": false
+ },
+ "gridData": {
+ "h": 17,
+ "i": "0a33a409-0f61-42be-82ca-7ef8b8ec052f",
+ "w": 48,
+ "x": 0,
+ "y": 15
+ },
+ "panelIndex": "0a33a409-0f61-42be-82ca-7ef8b8ec052f",
+ "title": "Top 10 apex triggers over time [Logs Salesforce]",
+ "type": "lens",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "enhancements": {},
+ "hidePanelTitles": false,
+ "savedVis": {
+ "data": {
+ "aggs": [],
+ "searchSource": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "description": "",
+ "params": {
+ "expression": ".es(q=\"event.dataset:salesforce.apex* AND salesforce.apex.run_time:*\",index=logs-*,metric=count,kibana=true).label(\"Request count\").bars(width=10).yaxis(label=\"Request count\",position=left).legend(position=ne).color(green),\r\n.es(q=\"event.dataset:salesforce.apex*\",index=logs-*,metric=avg:salesforce.apex.run_time,kibana=true).label(\"Average run time\").lines(width=3).yaxis(label=\"Average run time (ms)\",position=right).yaxis(2).legend(position=ne).color(red)",
+ "interval": "auto"
+ },
+ "title": "",
+ "type": "timelion",
+ "uiState": {}
+ }
+ },
+ "gridData": {
+ "h": 15,
+ "i": "198253e0-7684-4fa0-92ce-6addad9d2494",
+ "w": 48,
+ "x": 0,
+ "y": 32
+ },
+ "panelIndex": "198253e0-7684-4fa0-92ce-6addad9d2494",
+ "title": "Apex performance over time [Logs Salesforce]",
+ "type": "visualization",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "enhancements": {},
+ "hidePanelTitles": false,
+ "savedVis": {
+ "data": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "SOQL queries",
+ "emptyAsNull": false
+ },
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "4",
+ "params": {
+ "customLabel": "Entry point",
+ "excludeIsRegex": true,
+ "field": "salesforce.apex.entry_point",
+ "includeIsRegex": true,
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 10
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "searchSource": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ },
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "key": "event.action",
+ "negate": false,
+ "params": {
+ "query": "apex-execution"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.action": "apex-execution"
+ }
+ }
+ }
+ ],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "description": "",
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "filter": true,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {},
+ "type": "category"
+ }
+ ],
+ "detailedTooltip": true,
+ "grid": {
+ "categoryLines": true,
+ "valueAxis": "ValueAxis-1"
+ },
+ "labels": {
+ "show": false
+ },
+ "legendPosition": "right",
+ "legendSize": "auto",
+ "maxLegendLines": 1,
+ "palette": {
+ "name": "default",
+ "type": "palette"
+ },
+ "radiusRatio": 0,
+ "seriesParams": [
+ {
+ "circlesRadius": 3,
+ "data": {
+ "id": "1",
+ "label": "SOQL queries"
+ },
+ "drawLinesBetweenPoints": true,
+ "interpolate": "linear",
+ "lineWidth": 2,
+ "mode": "stacked",
+ "show": true,
+ "showCircles": true,
+ "type": "histogram",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "thresholdLine": {
+ "color": "#E7664C",
+ "show": false,
+ "style": "full",
+ "value": 10,
+ "width": 1
+ },
+ "times": [],
+ "truncateLegend": true,
+ "type": "histogram",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "SOQL queries"
+ },
+ "type": "value"
+ }
+ ]
+ },
+ "title": "",
+ "type": "histogram",
+ "uiState": {}
+ }
+ },
+ "gridData": {
+ "h": 16,
+ "i": "4387ebfc-dcbf-4363-9990-fc38a60ea1f7",
+ "w": 48,
+ "x": 0,
+ "y": 47
+ },
+ "panelIndex": "4387ebfc-dcbf-4363-9990-fc38a60ea1f7",
+ "title": "Top 10 SOQL queries per entry point [Logs Salesforce]",
+ "type": "visualization",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-70a83117-8122-47eb-80e0-dc92fc2602bb",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "1449f86c-ce10-4ec1-a35a-28d5c8c84387",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "70a83117-8122-47eb-80e0-dc92fc2602bb": {
+ "columnOrder": [
+ "bb7f05fd-4314-447c-87c9-7be78c2e3e71",
+ "369b52fb-dcd6-4e19-bef8-adf4a5c73242",
+ "71d2e21f-621b-457b-b574-c8be7fb58b72"
+ ],
+ "columns": {
+ "369b52fb-dcd6-4e19-bef8-adf4a5c73242": {
+ "dataType": "date",
+ "isBucketed": true,
+ "label": "@timestamp",
+ "operationType": "date_histogram",
+ "params": {
+ "dropPartials": false,
+ "includeEmptyRows": true,
+ "interval": "auto"
+ },
+ "scale": "interval",
+ "sourceField": "@timestamp"
+ },
+ "71d2e21f-621b-457b-b574-c8be7fb58b72": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Trigger count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "bb7f05fd-4314-447c-87c9-7be78c2e3e71": {
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Top 10 values of salesforce.apex.trigger.type",
+ "operationType": "terms",
+ "params": {
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "71d2e21f-621b-457b-b574-c8be7fb58b72",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": true,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "salesforce.apex.trigger.type"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "1449f86c-ce10-4ec1-a35a-28d5c8c84387",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "axisTitlesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "fittingFunction": "None",
+ "gridlinesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "labelsOrientation": {
+ "x": 0,
+ "yLeft": 0,
+ "yRight": 0
+ },
+ "layers": [
+ {
+ "accessors": [
+ "71d2e21f-621b-457b-b574-c8be7fb58b72"
+ ],
+ "layerId": "70a83117-8122-47eb-80e0-dc92fc2602bb",
+ "layerType": "data",
+ "position": "top",
+ "seriesType": "line",
+ "showGridlines": false,
+ "splitAccessor": "bb7f05fd-4314-447c-87c9-7be78c2e3e71",
+ "xAccessor": "369b52fb-dcd6-4e19-bef8-adf4a5c73242"
+ }
+ ],
+ "legend": {
+ "isVisible": true,
+ "position": "right"
+ },
+ "preferredSeriesType": "line",
+ "tickLabelsVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "valueLabels": "hide",
+ "xTitle": "Trigger type"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsXY"
+ },
+ "enhancements": {},
+ "hidePanelTitles": false
+ },
+ "gridData": {
+ "h": 16,
+ "i": "36b2995c-f5ba-4699-b660-f5546cefd2a6",
+ "w": 24,
+ "x": 0,
+ "y": 63
+ },
+ "panelIndex": "36b2995c-f5ba-4699-b660-f5546cefd2a6",
+ "title": "Trigger trends over time [Logs Salesforce]",
+ "type": "lens",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-70a83117-8122-47eb-80e0-dc92fc2602bb",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "42e28c4b-3f85-4503-9609-e9c5a2d54a37",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "70a83117-8122-47eb-80e0-dc92fc2602bb": {
+ "columnOrder": [
+ "fa79fcac-32b6-4a66-8ead-cc5bf315c3ab",
+ "71d2e21f-621b-457b-b574-c8be7fb58b72"
+ ],
+ "columns": {
+ "71d2e21f-621b-457b-b574-c8be7fb58b72": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Trigger count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "fa79fcac-32b6-4a66-8ead-cc5bf315c3ab": {
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Filters",
+ "operationType": "filters",
+ "params": {
+ "filters": [
+ {
+ "input": {
+ "language": "kuery",
+ "query": "salesforce.apex.trigger.type : *Update*"
+ },
+ "label": "Updates"
+ },
+ {
+ "input": {
+ "language": "kuery",
+ "query": "salesforce.apex.trigger.type : *Insert*"
+ },
+ "label": "Inserts"
+ },
+ {
+ "input": {
+ "language": "kuery",
+ "query": "salesforce.apex.trigger.type : *Delete*"
+ },
+ "label": "Deletes"
+ }
+ ]
+ },
+ "scale": "ordinal"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "42e28c4b-3f85-4503-9609-e9c5a2d54a37",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "axisTitlesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "layers": [
+ {
+ "accessors": [
+ "71d2e21f-621b-457b-b574-c8be7fb58b72"
+ ],
+ "layerId": "70a83117-8122-47eb-80e0-dc92fc2602bb",
+ "layerType": "data",
+ "position": "top",
+ "seriesType": "bar_horizontal",
+ "showGridlines": false,
+ "xAccessor": "fa79fcac-32b6-4a66-8ead-cc5bf315c3ab"
+ }
+ ],
+ "legend": {
+ "isVisible": true,
+ "position": "right"
+ },
+ "preferredSeriesType": "bar_horizontal",
+ "title": "Empty XY chart",
+ "valueLabels": "hide",
+ "xTitle": "Trigger type"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsXY"
+ },
+ "enhancements": {},
+ "hidePanelTitles": false
+ },
+ "gridData": {
+ "h": 16,
+ "i": "ac98a6ec-c930-45a7-b1aa-0877e2f8d281",
+ "w": 24,
+ "x": 24,
+ "y": 63
+ },
+ "panelIndex": "ac98a6ec-c930-45a7-b1aa-0877e2f8d281",
+ "title": "Number of triggers by type [Logs Salesforce]",
+ "type": "lens",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-0c3855f9-23b4-460b-9127-4ddcacbeaf97",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "1667b510-e572-4643-9806-290f0a5a7c47",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "0c3855f9-23b4-460b-9127-4ddcacbeaf97": {
+ "columnOrder": [
+ "1d579c7b-dca3-47eb-b48d-2f4d597d4767",
+ "f954088d-720b-41b9-89c1-4c686fee1d1a"
+ ],
+ "columns": {
+ "1d579c7b-dca3-47eb-b48d-2f4d597d4767": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "User type",
+ "operationType": "terms",
+ "params": {
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "f954088d-720b-41b9-89c1-4c686fee1d1a",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": true,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "user.roles"
+ },
+ "f954088d-720b-41b9-89c1-4c686fee1d1a": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Requests count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "1667b510-e572-4643-9806-290f0a5a7c47",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "layers": [
+ {
+ "accessors": [
+ "f954088d-720b-41b9-89c1-4c686fee1d1a"
+ ],
+ "layerId": "0c3855f9-23b4-460b-9127-4ddcacbeaf97",
+ "layerType": "data",
+ "position": "top",
+ "seriesType": "bar",
+ "showGridlines": false,
+ "xAccessor": "1d579c7b-dca3-47eb-b48d-2f4d597d4767"
+ }
+ ],
+ "legend": {
+ "isVisible": true,
+ "position": "right"
+ },
+ "preferredSeriesType": "bar",
+ "title": "Empty XY chart",
+ "valueLabels": "hide"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsXY"
+ },
+ "enhancements": {},
+ "hidePanelTitles": false
+ },
+ "gridData": {
+ "h": 16,
+ "i": "5bbe083c-eff1-4abd-b3a2-012303c07523",
+ "w": 24,
+ "x": 0,
+ "y": 79
+ },
+ "panelIndex": "5bbe083c-eff1-4abd-b3a2-012303c07523",
+ "title": "Requests per user type [Logs Salesforce]",
+ "type": "lens",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-0c3855f9-23b4-460b-9127-4ddcacbeaf97",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "a838d20b-0fc6-4ae2-a0c9-40708a572bca",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "0c3855f9-23b4-460b-9127-4ddcacbeaf97": {
+ "columnOrder": [
+ "1d579c7b-dca3-47eb-b48d-2f4d597d4767",
+ "f954088d-720b-41b9-89c1-4c686fee1d1a"
+ ],
+ "columns": {
+ "1d579c7b-dca3-47eb-b48d-2f4d597d4767": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "User agent",
+ "operationType": "terms",
+ "params": {
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "f954088d-720b-41b9-89c1-4c686fee1d1a",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": true,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "secondaryFields": [],
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "salesforce.apex.user_agent"
+ },
+ "f954088d-720b-41b9-89c1-4c686fee1d1a": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Response count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "a838d20b-0fc6-4ae2-a0c9-40708a572bca",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "layers": [
+ {
+ "accessors": [
+ "f954088d-720b-41b9-89c1-4c686fee1d1a"
+ ],
+ "layerId": "0c3855f9-23b4-460b-9127-4ddcacbeaf97",
+ "layerType": "data",
+ "position": "top",
+ "seriesType": "bar",
+ "showGridlines": false,
+ "xAccessor": "1d579c7b-dca3-47eb-b48d-2f4d597d4767"
+ }
+ ],
+ "legend": {
+ "isVisible": true,
+ "position": "right"
+ },
+ "preferredSeriesType": "bar",
+ "title": "Empty XY chart",
+ "valueLabels": "hide"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsXY"
+ },
+ "enhancements": {},
+ "hidePanelTitles": false
+ },
+ "gridData": {
+ "h": 16,
+ "i": "97d94d13-e382-434e-99cb-dbff367cce72",
+ "w": 24,
+ "x": 24,
+ "y": 79
+ },
+ "panelIndex": "97d94d13-e382-434e-99cb-dbff367cce72",
+ "title": "Responses per user agent [Logs Salesforce]",
+ "type": "lens",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-5e5e7f82-ace7-426a-975b-c01a009ccc21",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "a8044d67-8dc4-4f69-87ca-1454fb17f1fe",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "5e5e7f82-ace7-426a-975b-c01a009ccc21": {
+ "columnOrder": [
+ "ffc42d57-84ce-42a8-966d-53b68f384ffd",
+ "67d65022-1482-4a0c-b68f-f9b134807989",
+ "30970875-b396-4f47-9b79-1defd279743f"
+ ],
+ "columns": {
+ "30970875-b396-4f47-9b79-1defd279743f": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Apex trigger name",
+ "operationType": "unique_count",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "salesforce.apex.trigger.name"
+ },
+ "67d65022-1482-4a0c-b68f-f9b134807989": {
+ "dataType": "date",
+ "isBucketed": true,
+ "label": "@timestamp",
+ "operationType": "date_histogram",
+ "params": {
+ "dropPartials": false,
+ "includeEmptyRows": true,
+ "interval": "auto"
+ },
+ "scale": "interval",
+ "sourceField": "@timestamp"
+ },
+ "ffc42d57-84ce-42a8-966d-53b68f384ffd": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Entity name",
+ "operationType": "terms",
+ "params": {
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "30970875-b396-4f47-9b79-1defd279743f",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": true,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "salesforce.apex.entity_name"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "a8044d67-8dc4-4f69-87ca-1454fb17f1fe",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "axisTitlesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "fittingFunction": "None",
+ "gridlinesVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "labelsOrientation": {
+ "x": 0,
+ "yLeft": 0,
+ "yRight": 0
+ },
+ "layers": [
+ {
+ "accessors": [
+ "30970875-b396-4f47-9b79-1defd279743f"
+ ],
+ "layerId": "5e5e7f82-ace7-426a-975b-c01a009ccc21",
+ "layerType": "data",
+ "position": "top",
+ "seriesType": "bar_stacked",
+ "showGridlines": false,
+ "splitAccessor": "ffc42d57-84ce-42a8-966d-53b68f384ffd",
+ "xAccessor": "67d65022-1482-4a0c-b68f-f9b134807989"
+ }
+ ],
+ "legend": {
+ "isVisible": true,
+ "position": "right"
+ },
+ "preferredSeriesType": "bar_stacked",
+ "tickLabelsVisibilitySettings": {
+ "x": true,
+ "yLeft": true,
+ "yRight": true
+ },
+ "valueLabels": "hide"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsXY"
+ },
+ "enhancements": {},
+ "hidePanelTitles": false
+ },
+ "gridData": {
+ "h": 16,
+ "i": "04f06541-b6cf-4a31-865e-361ff701a4c0",
+ "w": 24,
+ "x": 0,
+ "y": 95
+ },
+ "panelIndex": "04f06541-b6cf-4a31-865e-361ff701a4c0",
+ "title": "Triggers by entity categorization [Logs Salesforce]",
+ "type": "lens",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-df249e19-0f2d-4700-96d3-0521bfff6614",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "5d25abf5-261a-4442-8ef2-a83b853b7e47",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "df249e19-0f2d-4700-96d3-0521bfff6614": {
+ "columnOrder": [
+ "cb7add83-b77d-41a2-9600-55954e7d271e",
+ "4d47a9d2-3346-4cca-9381-817a87cfe236",
+ "afe5af6d-6f9f-41e5-92e5-ea6a5f3adc21",
+ "7f9ac6d2-92e2-462a-b4e6-73de4de38bd0"
+ ],
+ "columns": {
+ "4d47a9d2-3346-4cca-9381-817a87cfe236": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Request count",
+ "operationType": "count",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "___records___"
+ },
+ "7f9ac6d2-92e2-462a-b4e6-73de4de38bd0": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Max run time (ms)",
+ "operationType": "max",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "salesforce.apex.run_time"
+ },
+ "afe5af6d-6f9f-41e5-92e5-ea6a5f3adc21": {
+ "customLabel": true,
+ "dataType": "number",
+ "isBucketed": false,
+ "label": "Average run time (ms)",
+ "operationType": "average",
+ "params": {
+ "emptyAsNull": true
+ },
+ "scale": "ratio",
+ "sourceField": "salesforce.apex.run_time"
+ },
+ "cb7add83-b77d-41a2-9600-55954e7d271e": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Entry point",
+ "operationType": "terms",
+ "params": {
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "4d47a9d2-3346-4cca-9381-817a87cfe236",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": false,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "salesforce.apex.entry_point"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "5d25abf5-261a-4442-8ef2-a83b853b7e47",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "columns": [
+ {
+ "columnId": "cb7add83-b77d-41a2-9600-55954e7d271e"
+ },
+ {
+ "columnId": "4d47a9d2-3346-4cca-9381-817a87cfe236"
+ },
+ {
+ "columnId": "afe5af6d-6f9f-41e5-92e5-ea6a5f3adc21"
+ },
+ {
+ "columnId": "7f9ac6d2-92e2-462a-b4e6-73de4de38bd0",
+ "isTransposed": false
+ }
+ ],
+ "headerRowHeight": "auto",
+ "layerId": "df249e19-0f2d-4700-96d3-0521bfff6614",
+ "layerType": "data",
+ "rowHeight": "auto",
+ "sorting": {
+ "columnId": "afe5af6d-6f9f-41e5-92e5-ea6a5f3adc21",
+ "direction": "desc"
+ }
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsDatatable"
+ },
+ "enhancements": {},
+ "hidePanelTitles": false
+ },
+ "gridData": {
+ "h": 16,
+ "i": "a2b4090c-077d-495a-b002-0aceddb498c7",
+ "w": 24,
+ "x": 24,
+ "y": 95
+ },
+ "panelIndex": "a2b4090c-077d-495a-b002-0aceddb498c7",
+ "title": "Top 10 entry points by request count [Logs Salesforce]",
+ "type": "lens",
+ "version": "8.4.1"
+ },
+ {
+ "embeddableConfig": {
+ "attributes": {
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "indexpattern-datasource-layer-d0976ec2-a99a-4fb6-b537-d6822e644ebb",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "ee831647-737a-4737-9157-8f7c991aa9b0",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "f8bbf481-5cdd-4394-b891-20535b763ad9",
+ "type": "index-pattern"
+ }
+ ],
+ "state": {
+ "datasourceStates": {
+ "indexpattern": {
+ "layers": {
+ "d0976ec2-a99a-4fb6-b537-d6822e644ebb": {
+ "columnOrder": [
+ "35da24b7-398e-433a-85d9-49e7862e0813",
+ "2128b4e0-6345-485e-a410-87fa7ed6e610",
+ "20bb0e74-5ce7-4e96-9840-bb8cb4dd08c0",
+ "fc521fd6-0696-4f71-bdd7-371cd87c0169",
+ "2b4a5fc5-a0ac-4b56-8543-677eb5793a5b"
+ ],
+ "columns": {
+ "20bb0e74-5ce7-4e96-9840-bb8cb4dd08c0": {
+ "customLabel": true,
+ "dataType": "string",
+ "filter": {
+ "language": "kuery",
+ "query": "salesforce.apex.action: *"
+ },
+ "isBucketed": false,
+ "label": "Action",
+ "operationType": "last_value",
+ "params": {
+ "sortField": "@timestamp"
+ },
+ "scale": "ordinal",
+ "sourceField": "salesforce.apex.action"
+ },
+ "2128b4e0-6345-485e-a410-87fa7ed6e610": {
+ "customLabel": true,
+ "dataType": "date",
+ "filter": {
+ "language": "kuery",
+ "query": "@timestamp: *"
+ },
+ "isBucketed": false,
+ "label": "Timestamp",
+ "operationType": "last_value",
+ "params": {
+ "sortField": "@timestamp"
+ },
+ "scale": "ratio",
+ "sourceField": "@timestamp"
+ },
+ "2b4a5fc5-a0ac-4b56-8543-677eb5793a5b": {
+ "customLabel": true,
+ "dataType": "string",
+ "filter": {
+ "language": "kuery",
+ "query": "salesforce.apex.throughput: *"
+ },
+ "isBucketed": false,
+ "label": "Throughput",
+ "operationType": "last_value",
+ "params": {
+ "sortField": "@timestamp"
+ },
+ "scale": "ordinal",
+ "sourceField": "salesforce.apex.throughput"
+ },
+ "35da24b7-398e-433a-85d9-49e7862e0813": {
+ "customLabel": true,
+ "dataType": "string",
+ "isBucketed": true,
+ "label": "Entity",
+ "operationType": "terms",
+ "params": {
+ "missingBucket": false,
+ "orderBy": {
+ "columnId": "fc521fd6-0696-4f71-bdd7-371cd87c0169",
+ "type": "column"
+ },
+ "orderDirection": "desc",
+ "otherBucket": true,
+ "parentFormat": {
+ "id": "terms"
+ },
+ "secondaryFields": [],
+ "size": 10
+ },
+ "scale": "ordinal",
+ "sourceField": "salesforce.apex.entity"
+ },
+ "fc521fd6-0696-4f71-bdd7-371cd87c0169": {
+ "customLabel": true,
+ "dataType": "number",
+ "filter": {
+ "language": "kuery",
+ "query": "salesforce.apex.execute.ms: *"
+ },
+ "isBucketed": false,
+ "label": "Execute time (ms)",
+ "operationType": "last_value",
+ "params": {
+ "sortField": "@timestamp"
+ },
+ "scale": "ratio",
+ "sourceField": "salesforce.apex.execute.ms"
+ }
+ },
+ "incompleteColumns": {}
+ }
+ }
+ }
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "ee831647-737a-4737-9157-8f7c991aa9b0",
+ "key": "event.action",
+ "negate": false,
+ "params": {
+ "query": "apex-external-custom-callout"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.action": "apex-external-custom-callout"
+ }
+ }
+ },
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "f8bbf481-5cdd-4394-b891-20535b763ad9",
+ "key": "event.dataset",
+ "negate": false,
+ "params": {
+ "query": "salesforce.apex"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "event.dataset": "salesforce.apex"
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "visualization": {
+ "columns": [
+ {
+ "alignment": "center",
+ "columnId": "35da24b7-398e-433a-85d9-49e7862e0813",
+ "isTransposed": false
+ },
+ {
+ "alignment": "center",
+ "columnId": "20bb0e74-5ce7-4e96-9840-bb8cb4dd08c0",
+ "isTransposed": false
+ },
+ {
+ "alignment": "center",
+ "columnId": "fc521fd6-0696-4f71-bdd7-371cd87c0169",
+ "isTransposed": false
+ },
+ {
+ "alignment": "center",
+ "columnId": "2b4a5fc5-a0ac-4b56-8543-677eb5793a5b",
+ "isTransposed": false
+ },
+ {
+ "alignment": "center",
+ "columnId": "2128b4e0-6345-485e-a410-87fa7ed6e610",
+ "isTransposed": false
+ }
+ ],
+ "headerRowHeight": "auto",
+ "layerId": "d0976ec2-a99a-4fb6-b537-d6822e644ebb",
+ "layerType": "data",
+ "paging": {
+ "enabled": true,
+ "size": 10
+ },
+ "rowHeight": "auto"
+ }
+ },
+ "title": "",
+ "type": "lens",
+ "visualizationType": "lnsDatatable"
+ },
+ "enhancements": {},
+ "hidePanelTitles": false
+ },
+ "gridData": {
+ "h": 14,
+ "i": "1304595e-5a54-471b-9a24-9bb9e42e0a76",
+ "w": 48,
+ "x": 0,
+ "y": 111
+ },
+ "panelIndex": "1304595e-5a54-471b-9a24-9bb9e42e0a76",
+ "title": "Top 10 external calls [Logs Salesforce]",
+ "type": "lens",
+ "version": "8.4.1"
+ }
+ ],
+ "refreshInterval": {
+ "pause": true,
+ "value": 0
+ },
+ "timeFrom": "now-7d/d",
+ "timeRestore": true,
+ "timeTo": "now",
+ "title": "[Logs Salesforce] Apex Dashboard",
+ "version": 1
+ },
+ "coreMigrationVersion": "8.4.1",
+ "id": "salesforce-59ef0af0-5749-11ec-8f0b-05e8b06e1b10-pkg",
+ "migrationVersion": {
+ "dashboard": "8.4.0"
+ },
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "6b1afef8-3be5-4fca-a0c4-690a14979551:indexpattern-datasource-layer-bfd4a8f4-653c-49f7-bd04-dd9efd1f9aee",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "6b1afef8-3be5-4fca-a0c4-690a14979551:f146890a-baa4-4bc2-8841-316fbdce1b4b",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "6b1afef8-3be5-4fca-a0c4-690a14979551:7c8e0bae-bd37-4967-a7d8-ca922ed86285",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "6b1afef8-3be5-4fca-a0c4-690a14979551:321f43f2-f769-4639-bc81-18f1ca97dd50",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "8039ad1b-bbc7-4d77-bcff-77ef0299a766:indexpattern-datasource-layer-6b3e9ab2-2d33-46c3-9575-78a6bc8af75b",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "8039ad1b-bbc7-4d77-bcff-77ef0299a766:91faad59-2e63-4430-9a75-2d15890ea72f",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "00d05ee3-74f4-4621-9dc7-04fde76b86d9:indexpattern-datasource-layer-ce4e2479-29c1-4aa0-991e-0772b981e53e",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "00d05ee3-74f4-4621-9dc7-04fde76b86d9:abc33b9e-4aa6-4fd8-ba03-20a7ccfde8b7",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "0a33a409-0f61-42be-82ca-7ef8b8ec052f:indexpattern-datasource-layer-197919f5-ef5b-4ae9-8432-cd2a91e337d2",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "0a33a409-0f61-42be-82ca-7ef8b8ec052f:8cf2e123-a161-4fcd-8462-53803d77c032",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "4387ebfc-dcbf-4363-9990-fc38a60ea1f7:kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "4387ebfc-dcbf-4363-9990-fc38a60ea1f7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "4387ebfc-dcbf-4363-9990-fc38a60ea1f7:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "36b2995c-f5ba-4699-b660-f5546cefd2a6:indexpattern-datasource-layer-70a83117-8122-47eb-80e0-dc92fc2602bb",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "36b2995c-f5ba-4699-b660-f5546cefd2a6:1449f86c-ce10-4ec1-a35a-28d5c8c84387",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "ac98a6ec-c930-45a7-b1aa-0877e2f8d281:indexpattern-datasource-layer-70a83117-8122-47eb-80e0-dc92fc2602bb",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "ac98a6ec-c930-45a7-b1aa-0877e2f8d281:42e28c4b-3f85-4503-9609-e9c5a2d54a37",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "5bbe083c-eff1-4abd-b3a2-012303c07523:indexpattern-datasource-layer-0c3855f9-23b4-460b-9127-4ddcacbeaf97",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "5bbe083c-eff1-4abd-b3a2-012303c07523:1667b510-e572-4643-9806-290f0a5a7c47",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "97d94d13-e382-434e-99cb-dbff367cce72:indexpattern-datasource-layer-0c3855f9-23b4-460b-9127-4ddcacbeaf97",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "97d94d13-e382-434e-99cb-dbff367cce72:a838d20b-0fc6-4ae2-a0c9-40708a572bca",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "04f06541-b6cf-4a31-865e-361ff701a4c0:indexpattern-datasource-layer-5e5e7f82-ace7-426a-975b-c01a009ccc21",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "04f06541-b6cf-4a31-865e-361ff701a4c0:a8044d67-8dc4-4f69-87ca-1454fb17f1fe",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "a2b4090c-077d-495a-b002-0aceddb498c7:indexpattern-datasource-layer-df249e19-0f2d-4700-96d3-0521bfff6614",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "a2b4090c-077d-495a-b002-0aceddb498c7:5d25abf5-261a-4442-8ef2-a83b853b7e47",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "1304595e-5a54-471b-9a24-9bb9e42e0a76:indexpattern-datasource-layer-d0976ec2-a99a-4fb6-b537-d6822e644ebb",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "1304595e-5a54-471b-9a24-9bb9e42e0a76:ee831647-737a-4737-9157-8f7c991aa9b0",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "1304595e-5a54-471b-9a24-9bb9e42e0a76:f8bbf481-5cdd-4394-b891-20535b763ad9",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "controlGroup_dab08a3b-b2d3-4b48-97ca-f299e83b3e85:optionsListDataView",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/packages/salesforce/manifest.yml b/packages/salesforce/manifest.yml
index 9e206eab41d..97d8659cecd 100644
--- a/packages/salesforce/manifest.yml
+++ b/packages/salesforce/manifest.yml
@@ -1,14 +1,14 @@
format_version: 1.0.0
name: salesforce
title: Salesforce
-version: 0.2.1
+version: 0.3.0
license: basic
description: Collect logs from Salesforce with Elastic Agent.
type: integration
categories:
- crm
conditions:
- kibana.version: ^8.4.0
+ kibana.version: ^8.5.0
screenshots:
- src: /img/salesforce-login.png
title: Salesforce Login Dashboard
@@ -18,6 +18,10 @@ screenshots:
title: Salesforce Logout Dashboard
size: 1366x1912
type: image/png
+ - src: /img/salesforce-apex.png
+ title: Salesforce Apex Dashboard
+ size: 1366x1912
+ type: image/png
icons:
- src: /img/salesforce.svg
title: Salesforce