Use Data Cloud Event Monitoring for Security, Performance, and Adoption

5
(3)

This blog post highlights the Data Cloud functionalities currently available in Shield Event Monitoring, which is part of the Salesforce Shield suite of products. As we work on adding new functionalities to this integration, customers can use these existing functionalities to observe and monitor their Data Cloud implementation. 

Overview of Event Monitoring

Shield: Event Monitoring is a Salesforce add-on product that helps customers with security, observability, and product intelligence. It lets you see the granular details of user activity in an organization. With Event Monitoring, you can access nearly 80 different event types and detailed performance, security, and usage data in Salesforce to monitor critical business data, understand user adoption across apps, and troubleshoot and optimize application performance. 

More than 60 event types are available through a feature called event log files, which publishes hourly and 24-hour CSV files that are API accessible. Event log files are stored for up to one year and can be downloaded in the UI using the Event Log File Browser. With the Event Monitoring Analytics app, you can create reports and dashboards for select event types in CRM Analytics.

An additional 20 event types can be monitored and detected in near real-time using Salesforce Real-Time Event Monitoring. These events are streamed in near real-time via the Streaming API and stored for six months to 10 years for auditing or reporting purposes. You can create transaction security policies using Condition Builder‌ — ‌a point-and-click tool‌ — ‌or Apex code. Also part of Real-Time Event Monitoring is a feature called Threat Detection that uses machine learning to identify anomalous threats and potentially malicious activities.

Shield Event Monitoring is focused on four key use cases:

  • Data Loss Prevention — Protect sensitive data from internal and external threats using custom security policies
  • Performance Monitoring — Get real-time performance insights on page load times, API usage, and granular execution data
  • User and Application Visibility — Monitor and audit behavior for governance and compliance regulations
  • Product Intelligence and Adoption — Improve user productivity and adoption by analyzing workflows and removing bottlenecks.

Observe and Monitor Data Cloud with Event Monitoring

The following Event Monitoring event log file event types can be used to observe and monitor Data Cloud for the above use cases.

  • Lightning Page View Event Type – Lightning Page View events represent information about the page in Data Cloud on which the event occurred in Lightning Experience. A Lightning Page View event tracks the Data Cloud page a user visited on the Data Cloud app, how long the user spent on the page, and the load time for the page. 
  • Lightning Interaction Event Type – Lightning Interaction events track user actions in Lightning Experience, such as the user clicking, tapping, or scrolling on a page. 
  • Report Event Type – Report events contain information about what happened when a user ran a report. This event type includes all activity that is in the Report Export event type, and more. For example, it has user activity for reports exported as both Formatted Report and Details Only output.
  • Wave Interaction Event Type – Wave Interaction events represent route or page changes made in the CRM Analytics user interface. A Wave Interaction event is captured when a tab is closed. It also collates the interaction statistics over the life of the tab, including total open time, read time, and so on.

From a Real-Time Event Monitoring perspective, the following Data Cloud-related events can be tracked. 

  • LightningUriEventStream – Detects when a user creates, accesses, updates, or deletes a record in Lightning Experience only. 
  • ApiEventStream – Tracks these user-initiated read-only API calls: query(), queryMore(), and count(). Captures API requests through SOAP API and Bulk API for the Enterprise and Partner WSDLs.
  • ApiAnomalyEvent – Tracks anomalies in how users make API calls.
  • ReportAnomalyEvent – Tracks anomalies in how users run or export reports, including unsaved reports. 

For example, below is an example output from the Streaming Monitor app, which displays Real-Time Event Monitoring events. (Note: This app is not part of Event Monitoring; it is available on the AppExchange).

Screenshot of the Streaming Monitor app showing login events and an example payload for one such event.
Screenshot of the Streaming Monitor app showing login events and an example payload for one such event.

Any Data Cloud features that are available in the Data Cloud lightning UI can be monitored using Event Monitoring, i.e. features like Data Explorer, Calculated Insights, and Identity resolution. A screenshot from Analytics Studio regarding who’s used Calculated Insights on what date and time is attached below.

Access Event Logs

Once Event Monitoring is enabled in Data Cloud, you can access the events in Setup by searching for Event Monitoring. From the Event Log File Browser, you can select a date range and view events. For example, you might search for all Lightning Page view events for a specific day. You can also view these logs through other tools like Visual Studio Code.

The Event Log File Browser UI in Setup.

You can also download events for further analysis. 

A spreadsheet showing the event type, timestamp, user ID, app name, and other key data for several LightningPageView events.

Query Log Data with Event Log Objects (Beta)

In the Summer ’24 release, Event Monitoring includes a new Beta feature called Event Log Objects, which enables you to run analytical queries using SOQL or the API on 30+ event types. Data is available in Event Log Objects 15 minutes after it is logged, significantly reducing the time needed to access and analyze log data in both CRM Analytics and the API. For example, you can use the following SOQL query to identify how many data rows users are accessing via Salesforce Reports:

SELECT SUM(RowCount) FROM ReportEventLog Group By UserIdentifier 

Integrate Event Monitoring with Third-Party Systems

Since Event Monitoring data is API accessible, it is possible to export the data to third-party log analytics tools or SIEMs such as Splunk or Datadog. This is especially useful if you use a third-party tool to observe all of your technology systems, including those outside Salesforce. The following table lists some of the most popular third-party tools that integrate with Event Monitoring.

NameEvent Log File (ELF) SupportReal-Time Event Monitoring SupportLink
SplunkYesYesELF Add-OnSplunk Add-on for Salesforce Streaming API
DatadogYesYesMonitor Salesforce Logs With Datadog
DynatraceNoYesDynatrace
New RelicYesYesSalesforce event logs Integration BlogObserve and Optimize Salesforce with New Relic
Sumo LogicYesNoSumo Logic Salesforce
AWS App FabricYesNoApp Fabric Support for Salesforce

Create Reports and Dashboards

The Event Monitoring Analytics app in CRM Analytics can help admins or security agents perform forensic analysis of application performance issues or security incidents. Visualizations of Event Monitoring data in CRM Analytics can help you improve application performance, audit user actions, and analyze adoption of Salesforce. For example, you can analyze which Data Cloud lightning pages are viewed the most. 

You can also use Event Monitoring Plus, a free, open-source CRM Analytics templated app, to create dashboards using Event Monitoring data, including dashboards specific to Data Cloud usage. A few use cases for this app include a top-to-bottom view of UI interactions, Apex performance, Apex exceptions, and page performance. The app provides business and IT groups with a common view of adoption and how it relates to business metrics, and it helps groups identify and measure technical debt and its impact on the business.

A screenshot of the Event Monitoring Plus app showing a graph of how many users interact with various components.

Conclusion

As the product team works on building new features to enable Event Monitoring for Data Cloud for security, performance, adoption, and other use cases, you can use existing capabilities to get started with event monitoring on Data Cloud, for example by creating dashboards and reports to ensure your systems are secure and performing optimally.

Resources 

Event Monitoring Trailhead
Data Cloud Trailhead

How useful was this post?

Click on a star to rate useful the post is!

Written by


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.