My org has had a problem for awhile now where our Splunk logs pulled from SF are delayed between 1-2 hours. We are using the Splunk Add-On for Salesforce and the delayed logs are coming from ApexCalloutEvent. From speaking to SF and Splunk we were given a few options which I detail below:
1. Research if SF can stream events from the logs to the Splunk HTTP event collector (push).
2. Get with our dev teams and have them take a copy of the Splunk Add-On and customize the parameters for monitoring from hourly to minutes.
I am open to any ideas. I just have not found much on this in forums or the Splunk community.
... View more