I'd like to install the Splunk App for Salesforce in my test environment. I have a search head cluster, indexer cluster and heavy forwarders to deploy on (perhaps). Does anyone know what goes where?
I tried deploying to my indexer cluster first, since there are indexes defined in the included indexes.conf, but I get a bunch of these messages during the deploy. So I'm doing something wrong but I don't know what it is. Can anyone throw me a rope?
; Invalid key in stanza [sfdc_event_log://EventLog] in /opt/splunk/etc/master-apps/splunk-app-sfdc/default/inputs.conf, line 3: limit (value: 1000).
; Invalid key in stanza [sfdc_event_log://EventLog] in /opt/splunk/etc/master-apps/splunk-app-sfdc/default/inputs.conf, line 5: start_date (value: ).
; Invalid key in stanza [sfdc_event_log://EventLog] in /opt/splunk/etc/master-apps/splunk-app-sfdc/default/inputs.conf, line 9: compression (value: 1).
; Invalid key in stanza [sfdc_object://LoginHistory] in /opt/splunk/etc/master-apps/splunk-app-sfdc/default/inputs.conf, line 14: query (value: SELECT ApiType, ApiVersion, Application, Browser, ClientVersion, Id, LoginTime, LoginType, LoginUrl, Platform, SourceIp, Status, UserId FROM LoginHistory).
+ 23 more messages like these...
↧