Salesforce Developer Event Monitoring Downloading

salesforce-developer-event-monitoring

// Event Monitoring - Downloading Event Logs:

You can download event log files in several ways, including:

1. Direct download via the Event Log File browser application
2. cURL script
3. Python script

To Download Logs from Your Browser:

1. Log in to your Trailhead DE organization.
2. Navigate to the event log file browser application.
   https://salesforce-elf.herokuapp.com/
3. Click Production Login.
4. Enter a date range for your search.
5. Enter an event type for your search.
6. Click Apply.

If your organization doesn’t have any events in the specified date range or 
type, the page displays an error.

The list shows the same event log files that you see when you query the 
EventLogFile object using the REST Explorer in Workbench. You can’t open the 
files in the browser application, but you can directly download them or use a 
script. Let’s look at the direct download method.

Click the The direct download button. button to download a log to a 
comma-separated value (.csv) file. The ugly string of text that you saw in the 
REST Explorer is transformed into a format that’s easily readable in a 
spreadsheet application, like Microsoft Excel or Google Sheets. Each file 
contains all the events of a particular type that occurred in your organization 
in the past 24 hours.

Download the ReportExport log file. Open it in a spreadsheet.  That looks much 
better! Now we can finally figure out how that confidential information got 
leaked. Let’s say that our lead report’s ID is 00O30000008a3De. The URI field 
contains the ID of the report that was exported, and the USER_ID field contains 
the ID of the user who exported that report. All this information helps you 
pinpoint the culprit.

To determine the name of the user who download the report, just go to 
/USERID.  To determine the name of the report that was downloaded, just go to
/REPORTID

Although using cURL is more complicated than the first method, it provides 
additional flexibility in working with event log files. Rather than manually 
downloading log files, you can schedule when to run the script so that you 
always have the most recent event log files for your organization. You can also 
transform your data so that it’s in a format that you want. If your organization 
has an integration specialist you can pass off these scripts to kickstart 
automation efforts.

Using a cURL script to download your event log files requires the following:

1. Providing your Salesforce credentials
2. Logging in using oAuth and getting an access token
3. Using a REST query to specify which logs you’re looking for

If you’re scheduling a recurring download, this step is important. You can use 
something like this query to filter events by the current day:

https://${instance}.salesforce.com/services/data/v34.0/query?q=
Select+Id+,+EventType+,+LogDate+From+EventLogFile+Where+LogDate+=+${day}

Parsing the results of the query so that you can do things like create a 
date-based file structure—you can perform any transformations on your data that 
you want.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License