Skip to main content
Question

Issues with ingesting Salesforce logs into SecOps

  • March 4, 2026
  • 1 reply
  • 64 views
chaitravimore
Forum|alt.badge.img

Hey all,

Has anyone faced issues ingesting Salesforce logs into Google SecOps using the OAuth JWT grant method?

We’re currently seeing authentication failures when configuring the feed using JWT (all required credentials provided as per Google documentation).

When switching to OAuth Password Grant, the configuration fails with:

No such column 'Interval' on entity 'EventLogFile'

From our research, the Interval field appears to require Salesforce Shield / Event Monitoring, but the customer only has Salesforce Enterprise Edition. The Google documentation mentions Enterprise and above should be sufficient.

Just checking:

  • Is Shield/Event Monitoring mandatory for this integration?

  • Has anyone successfully used JWT grant without Shield?

  • Any common causes for JWT authentication failure in this setup?

Appreciate any insights 🙏

Thanks!

1 reply

bweidel
Staff
Forum|alt.badge.img+1
  • bweidel
  • Staff
  • March 11, 2026

Hello, 

We believe Salesforce Shield or the standalone Salesforce Event Monitoring add-on, are required for this integration. 

https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_eventlogfile.htm

 

The SecOps documentation does explicitly state further down the prerequisite list that Salesforce Shield is required for the log feed to actually function.

https://docs.cloud.google.com/chronicle/docs/ingestion/default-parsers/salesforce

 

Once the licensing issue is addressed, here is the exact setup guide for configuring the JWT bearer flow using the modern External Client App framework. It walks through uploading your digital certificate, configuring the OAuth settings, and granting the correct profiles/permission sets. (This is the recommended new method, replacing the legacy OAuth Password Grant method)

https://help.salesforce.com/s/articleView?id=xcloud.remoteaccess_oauth_jwt_flow.htm&type=5

 

When setting up that External Client App, ensure you have selected the Manage user data via APIs (api) and Perform requests on your behalf at any time (refresh_token, offline_access) OAuth scopes.

 

    Terms & ConditionsCookie settingsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.