Loading

FAQs for Salesforce Real-time Event Monitoring

Дата публикации: Jan 9, 2026
Описание

This article provides answers to FAQs about Salesforce Real-time Event Monitoring functionality. Learn about log retention periods, key differences from standard Event Monitoring, Transaction Security Policy troubleshooting, and required user permissions for viewing event data. This knowledge helps users and administrators to effectively monitor and manage security incidents and user activity.

Решение

Frequently Asked Questions (FAQ)

How long are the logs retained?
What are the differences between Real-time Event Monitoring and Event Monitoring?
What is Event Manager?
Why are few events displayed in Event Manager?
Transaction Security Policy Use Cases
When Transaction Security Policies Do Not Work

 


 

How long are the logs retained?

Log retention varies based on your subscription:Streaming Data: Logs are available for 3 days.Stored Data: Logs are retained for 6 months or 10 years if you have a Salesforce Shield or Salesforce Event Monitoring add-on subscription.

 

 

What are the differences between Real-time Event Monitoring and Event Monitoring?

The two features serve different purposes and store data differently.
- Event Monitoring: Primarily intended for storing event logs related to event occurrence, errors, and performance analysis. These logs are stored in the EventLogFile object. 
- Real-time Event Monitoring: Intended for real-time storage of logs related to access and security incidents. Logs are not stored in the EventLogFile object.

For detailed information on the logs captured by each:

Event Monitoring: Event Types Supported by EventLogFile.
Real-time Event Monitoring: Data Streaming for Real-Time Event Monitoring and Data Storage for Real-Time Event Monitoring Note: You can use Real-time Event Monitoring logs to create Transaction Security policies using the Condition Builder (point-and-click tool) or Apex code to monitor and control user activity immediately.

 

 

 

What is Event Manager?

To view and manage Real-Time Event Monitoring events, from Setup, enter "Event Manager" in the Quick Find box, then select Event Manager.
 
In Event Manager, you can enable streaming or storage for each event object to track events via the API (version 46.0 and later).


 

Why are few events displayed in Event Manager?

Verify that the "View Real-Time Event Monitoring Data" permission is assigned.
Note: If this permission is not visible, you may not have a Salesforce Shield or Salesforce Event Monitoring add-on subscription. Please contact your account executive to discuss subscription options.



 

Transaction Security Policy Use Cases

For examples such as "monitoring when a user views more than 2,000 rows in a report" or "monitoring user logins from specific IP addresses," please refer to the following:
 

Build a Transaction Security Policy with Condition Builder

Condition Builder Examples

Tip: Using the "NOT" Logical Operator in "Custom Condition Logic Is Met"
In Condition Builder, you can use "NOT" in addition to "AND" and "OR" to create logic for when conditions are not met.
For example, to trigger a policy when the first and second conditions are met but the third is not, enter "1 AND 2 AND NOT 3".

 

 

When Transaction Security Policies Do Not Work

If a policy does not behave as expected, the conditions added may not be appropriate.
For troubleshooting, see Test and Troubleshoot Your New Policy.

 

Дополнительные ресурсы

Event Monitoring
FAQs for Salesforce Event Monitoring

Номер статьи базы знаний

000396594

 
Загрузка
Salesforce Help | Article