Use Data Cloud Event Monitoring for Security, Performance, and Adoption
This blog post highlights the Data Cloud functionalities currently available in Shield Event Monitoring, which is part of the Salesforce Shield suite of products. As we work on adding new functionalities to this integration, customers can use these existing functionalities to observe and monitor their Data Cloud implementation.
Overview of Event Monitoring
Shield: Event Monitoring is a Salesforce add-on product that helps customers with security, observability, and product intelligence. It lets you see the granular details of user activity in an organization. With Event Monitoring, you can access nearly 80 different event types and detailed performance, security, and usage data in Salesforce to monitor critical business data, understand user adoption across apps, and troubleshoot and optimize application performance.
More than 60 event types are available through a feature called event log files, which publishes hourly and 24-hour CSV files that are API accessible. Event log files are stored for up to one year and can be downloaded in the UI using the Event Log File Browser. With the Event Monitoring Analytics app, you can create reports and dashboards for select event types in CRM Analytics.
An additional 20 event types can be monitored and detected in near real-time using Salesforce Real-Time Event Monitoring. These events are streamed in near real-time via the Streaming API and stored for six months to 10 years for auditing or reporting purposes. You can create transaction security policies using Condition Builder — a point-and-click tool — or Apex code. Also part of Real-Time Event Monitoring is a feature called Threat Detection that uses machine learning to identify anomalous threats and potentially malicious activities.
Shield Event Monitoring is focused on four key use cases:
- Data Loss Prevention — Protect sensitive data from internal and external threats using custom security policies
- Performance Monitoring — Get real-time performance insights on page load times, API usage, and granular execution data
- User and Application Visibility — Monitor and audit behavior for governance and compliance regulations
- Product Intelligence and Adoption — Improve user productivity and adoption by analyzing workflows and removing bottlenecks.
Observe and Monitor Data Cloud with Event Monitoring
The following Event Monitoring event log file event types can be used to observe and monitor Data Cloud for the above use cases.
- Lightning Page View Event Type – Lightning Page View events represent information about the page in Data Cloud on which the event occurred in Lightning Experience. A Lightning Page View event tracks the Data Cloud page a user visited on the Data Cloud app, how long the user spent on the page, and the load time for the page.
- Lightning Interaction Event Type – Lightning Interaction events track user actions in Lightning Experience, such as the user clicking, tapping, or scrolling on a page.
- Report Event Type – Report events contain information about what happened when a user ran a report. This event type includes all activity that is in the Report Export event type, and more. For example, it has user activity for reports exported as both Formatted Report and Details Only output.
- Wave Interaction Event Type – Wave Interaction events represent route or page changes made in the CRM Analytics user interface. A Wave Interaction event is captured when a tab is closed. It also collates the interaction statistics over the life of the tab, including total open time, read time, and so on.
From a Real-Time Event Monitoring perspective, the following Data Cloud-related events can be tracked.
- LightningUriEventStream – Detects when a user creates, accesses, updates, or deletes a record in Lightning Experience only.
- ApiEventStream – Tracks these user-initiated read-only API calls: query(), queryMore(), and count(). Captures API requests through SOAP API and Bulk API for the Enterprise and Partner WSDLs.
- ApiAnomalyEvent – Tracks anomalies in how users make API calls.
- ReportAnomalyEvent – Tracks anomalies in how users run or export reports, including unsaved reports.
For example, below is an example output from the Streaming Monitor app, which displays Real-Time Event Monitoring events. (Note: This app is not part of Event Monitoring; it is available on the AppExchange).
Access Event Logs
Once Event Monitoring is enabled in Data Cloud, you can access the events in Setup by searching for Event Monitoring. From the Event Log File Browser, you can select a date range and view events. For example, you might search for all Lightning Page view events for a specific day. You can also view these logs through other tools like Visual Studio Code.
You can also download events for further analysis.
Query Log Data with Event Log Objects (Beta)
In the Summer ’24 release, Event Monitoring includes a new Beta feature called Event Log Objects, which enables you to run analytical queries using SOQL or the API on 30+ event types. Data is available in Event Log Objects 15 minutes after it is logged, significantly reducing the time needed to access and analyze log data in both CRM Analytics and the API. For example, you can use the following SOQL query to identify how many data rows users are accessing via Salesforce Reports:
SELECT SUM(RowCount) FROM ReportEventLog Group By UserIdentifier Integrate Event Monitoring with Third-Party Systems
Since Event Monitoring data is API accessible, it is possible to export the data to third-party log analytics tools or SIEMs such as Splunk or Datadog. This is especially useful if you use a third-party tool to observe all of your technology systems, including those outside Salesforce. The following table lists some of the most popular third-party tools that integrate with Event Monitoring.
| Name | Event Log File (ELF) Support | Real-Time Event Monitoring Support | Link |
|---|---|---|---|
| Splunk | Yes | Yes | ELF Add-OnSplunk Add-on for Salesforce Streaming API |
| Datadog | Yes | Yes | Monitor Salesforce Logs With Datadog |
| Dynatrace | No | Yes | Dynatrace |
| New Relic | Yes | Yes | Salesforce event logs Integration BlogObserve and Optimize Salesforce with New Relic |
| Sumo Logic | Yes | No | Sumo Logic Salesforce |
| AWS App Fabric | Yes | No | App Fabric Support for Salesforce |
Create Reports and Dashboards
The Event Monitoring Analytics app in CRM Analytics can help admins or security agents perform forensic analysis of application performance issues or security incidents. Visualizations of Event Monitoring data in CRM Analytics can help you improve application performance, audit user actions, and analyze adoption of Salesforce. For example, you can analyze which Data Cloud lightning pages are viewed the most.
You can also use Event Monitoring Plus, a free, open-source CRM Analytics templated app, to create dashboards using Event Monitoring data, including dashboards specific to Data Cloud usage. A few use cases for this app include a top-to-bottom view of UI interactions, Apex performance, Apex exceptions, and page performance. The app provides business and IT groups with a common view of adoption and how it relates to business metrics, and it helps groups identify and measure technical debt and its impact on the business.
Conclusion
As the product team works on building new features to enable Event Monitoring for Data Cloud for security, performance, adoption, and other use cases, you can use existing capabilities to get started with event monitoring on Data Cloud, for example by creating dashboards and reports to ensure your systems are secure and performing optimally.
Resources
Event Monitoring Trailhead
Data Cloud Trailhead
Written by
