Event Monitoring in Salesforce

Salesforce Provides detailed info about the user activty and you could use the details to Monitor data loss, Increase adoption, Optimize performance and bulid powerful tools to either visualize the details or any automated service for User tracking etc. Event monitoring is one of many tools that Salesforce provides to help keep your data secure. It lets you see the granular details of user activity in your organization. These user activities are referred as events. You can view information about individual events or track trends in events to swiftly identify abnormal behavior and safeguard your company’s data.

Event monitoring provides tracking for more than 30 different types of events, including:

• Apex Callout
• Apex Execution
• Apex SOAP
• Apex Trigger
• API
• Async Report
• Bulk API
• Change Set Operation
• Content Distribution
• Content Document Link
• Content Transfer
• Dashboard
• Document Attachment Downloads
• Login
• Login As
• Logout
• MDAPI Operation
• Multiblock Report
• Package Install
• Queued Execution
• Report
• Report Export
• REST API
• Salesforce1 Adoption (UI Tracking)
• Sandbox
• Sites
• Time-Based Workflow
• Transaction Security
• UI Tracking
• URI
• Visualforce Request
• Wave Change
• Wave Interaction
• Wave Performance

All these events are stored in event log files. An event log file is generated when an event occurs in your organization and is available to view and download after 24 hours. The event types you can access and how long the files remain available depends on your edition.

• Developer Edition (DE) organizations have free access to all 30+ log types with one-day data retention.
• Enterprise, Unlimited, and Performance Edition organizations have free access to the login and logout log files with one-day data retention. For an extra cost, you can access all log file types with 30-day data retention.

Considerations while using Event Monitoring:

• LogDate tracks usage activity for a 24-hour period, from 12:00 a.m. to 11:59 p.m. UTC time.
• Log files are available based on CreatedDate for the last 30 days when orgs purchase User Event Monitoring or one day for Developer Edition orgs.
• In the unlikely case where no log files are generated for 24 hours, contact Salesforce.
• Log data is read-only. You can’t insert, update, or delete log data.
• Use the EventType field to determine which files were generated for your org.
• An event generates log data in real time. However, log files are generated the day after an event takes place, during nonpeak hours. Therefore, log file data is unavailable for at least one day after an event.
• CreatedDate tracks when the log file was generated.
• Log files, represented by the EventType field, are generated only if there is at least one event of that type for the day. If no events took place, the file isn’t generated for that day.
• All event monitoring logs are exposed to the API through the EventLogFile object, however there is no access through the user interface.

Event monitoring Using REST
Use the SObject Describe resource to retrieve all metadata for an object, including information about fields, URLs, and child relationships.

Query Event Monitoring Data with REST
Use the Query resource to retrieve field values from a record. Specify the fields you want to retrieve in the fields parameter and use the GET method of the resource. You can use Workbench to query event monitoring data. To retrieve event monitoring records based on LogDate and EventType

Get Event Monitoring Content from a Record
Use the SObject Blob Retrieve resource to retrieve BLOB data for a given record. You can use Workbench to retrieve BLOB data for event monitoring. In the Execute text box, use a GET request similar to this: /services/data/v32.0/sobjects/EventLogFile/0ATD000000000pyOAA/LogFile.

Download Large Event Log Files Using cURL with REST
You might have some event log files that are larger than your tool can handle. A command line tool such as cURL is one method to download files larger than 100 MB using the SObject Blob Retrieve object.
curl https://***yourInstance***.salesforce.com/services/data/v32.0/sobjects/EventLogFile/0AT30000000000uGAA/LogFile
-H "Authorization: Bearer token" -H "X-PrettyPrint:1" -o ~/downloads/outputLogFile.csv

For more details, check the Trail Head Module

follow me @ramsujesh