Case Study: Salesforce achieves real-time user activity visibility and stronger security with Elastic

Salesforce - Customer Case Study

Salesforce, a leading enterprise cloud platform, needed better visibility into rapidly growing volumes of apps, users, and sensitive customer data so security, compliance, and product teams could understand real user behavior. CISOs and analysts required an easy, scalable way to audit activity, detect issues, and drive adoption from raw Event Log Files (ELF) without heavy engineering overhead.

Salesforce launched Event Monitoring as part of Salesforce Shield and exposed 32 event types via the ELF API (30-day retention, ~1-day availability), then integrated ELF with the Elastic Stack—building a Logstash input plugin, Dockerized ELK setup, and Kibana dashboards (code and docs on GitHub). The solution made user-behavior logs accessible to business analysts, speeding audits, performance tuning, and governance workflows, and led to a PoC, open-source tooling, and a roadmap for packaged dashboards and cloud deployment.

Salesforce

Adam Torman

Product Manager