diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 5e63f64e980..eced679bbd5 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -232,6 +232,7 @@ automatic splitting at root level, if root level element is an array. {pull}3415 - Allow parsing bytes in and bytes out as long integer in CEF processor. {issue}36100[36100] {pull}36108[36108] - Add support for registered owners and users to AzureAD entity analytics provider. {pull}36092[36092] - Added support for Okta OAuth2 provider in the httpjson input. {pull}36273[36273] +- Add support of the interval parameter in Salesforce setupaudittrail-rest fileset. {issue}35917[35917] {pull}35938[35938] *Auditbeat* diff --git a/filebeat/docs/modules/salesforce.asciidoc b/filebeat/docs/modules/salesforce.asciidoc index 05bf5d759dd..b81def57bef 100644 --- a/filebeat/docs/modules/salesforce.asciidoc +++ b/filebeat/docs/modules/salesforce.asciidoc @@ -225,6 +225,7 @@ Example config: var.user: "my.email@here.com" var.password: "password" var.url: "https://instance-url.salesforce.com" + var.interval: 1h ---- include::../include/var-paths.asciidoc[] @@ -253,6 +254,12 @@ The password used as part of the authentication flow. It is required for authent The URL of the Saleforce instance. +*`var.interval`*:: + +Period of fetching logs, i.e. 1s/1m/1h. + +Note: The default value of `var.interval` is 1h. It is important to exercise caution when reducing the interval, as it directly affects the API rate limit of the Salesforce instance. Salesforce API rate limit is ~1000 API calls per hour. Hence if user goes with lower limit of var.interval, the Salesforce API rate limit will exceed and any additional API requests beyond the limit will result in an error response from the Salesforce API. The error message will typically indicate that the rate limit has been exceeded. Please refer to the following link for the https://developer.salesforce.com/docs/atlas.en-us.salesforce_app_limits_cheatsheet.meta/salesforce_app_limits_cheatsheet/salesforce_app_limits_platform_api.htm[Salesforce API Rate Limit]. + [float] ==== `apex-rest` fileset settings diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 5733bcd6ad7..9ea0dabfb0b 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1999,7 +1999,9 @@ filebeat.modules: # URL, should include the instance_url #var.url: "https://instance_id.my.salesforce.com" - + + # Interval, should include the time interval + #var.interval: 1h #----------------------------- Google Santa Module ----------------------------- - module: santa log: diff --git a/x-pack/filebeat/module/salesforce/_meta/config.yml b/x-pack/filebeat/module/salesforce/_meta/config.yml index 07b54b43fe3..f5c6c9c7f06 100644 --- a/x-pack/filebeat/module/salesforce/_meta/config.yml +++ b/x-pack/filebeat/module/salesforce/_meta/config.yml @@ -125,3 +125,6 @@ # URL, should include the instance_url #var.url: "https://instance_id.my.salesforce.com" + + # Interval, should include the time interval + #var.interval: 1h \ No newline at end of file diff --git a/x-pack/filebeat/module/salesforce/_meta/docs.asciidoc b/x-pack/filebeat/module/salesforce/_meta/docs.asciidoc index e0bb1ea3da8..edfce0ea7ad 100644 --- a/x-pack/filebeat/module/salesforce/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/salesforce/_meta/docs.asciidoc @@ -218,6 +218,7 @@ Example config: var.user: "my.email@here.com" var.password: "password" var.url: "https://instance-url.salesforce.com" + var.interval: 1h ---- include::../include/var-paths.asciidoc[] @@ -246,6 +247,12 @@ The password used as part of the authentication flow. It is required for authent The URL of the Saleforce instance. +*`var.interval`*:: + +Period of fetching logs, i.e. 1s/1m/1h. + +Note: The default value of `var.interval` is 1h. It is important to exercise caution when reducing the interval, as it directly affects the API rate limit of the Salesforce instance. Salesforce API rate limit is ~1000 API calls per hour. Hence if user goes with lower limit of var.interval, the Salesforce API rate limit will exceed and any additional API requests beyond the limit will result in an error response from the Salesforce API. The error message will typically indicate that the rate limit has been exceeded. Please refer to the following link for the https://developer.salesforce.com/docs/atlas.en-us.salesforce_app_limits_cheatsheet.meta/salesforce_app_limits_cheatsheet/salesforce_app_limits_platform_api.htm[Salesforce API Rate Limit]. + [float] ==== `apex-rest` fileset settings diff --git a/x-pack/filebeat/modules.d/salesforce.yml.disabled b/x-pack/filebeat/modules.d/salesforce.yml.disabled index 8535b30f006..4931e8e006e 100644 --- a/x-pack/filebeat/modules.d/salesforce.yml.disabled +++ b/x-pack/filebeat/modules.d/salesforce.yml.disabled @@ -128,3 +128,6 @@ # URL, should include the instance_url #var.url: "https://instance_id.my.salesforce.com" + + # Interval, should include the time interval + #var.interval: 1h \ No newline at end of file