| ColumnHeaders |
- Type
- string
- Properties
- Nillable
- Description
- Comma-separated values of column headers of the report. For
example, [USERNAME, ACCOUNT.NAME, TYPE, DUE_DATE, LAST_UPDATE,
ADDRESS1_STATE].
|
| DashboardId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the dashboard that the report was part of. For example,
01ZB0000000PmoQ.
|
| DashboardName |
- Type
- string
- Properties
- Nillable
- Description
- The title of the dashboard that the report was part of.
|
| Description |
- Type
- string
- Properties
- Nillable
- Description
- The description of the report.
|
| EvaluationTime |
- Type
- double
- Properties
- Nillable
- Description
- The amount of time it took to evaluate the policy in
milliseconds.
|
| EventDate |
- Type
- dateTime
- Properties
- Filter, Sort
- Description
- The time when the specified report event was captured (after query
execution takes place). For example, 2020-01-20T19:12:26.965Z. Milliseconds are the most granular setting.
|
| EventIdentifier |
- Type
- string
- Properties
- Filter, Sort
- Description
- The unique ID of the event. For example,
0a4779b0-0da1-4619-a373-0a36991dff90.
|
| EventSource |
- Type
- picklist
- Properties
- Nillable, Restricted Picklist
- Description
- The source of the event. Possible values are:
-
API—The user
generated the report from an API call.
-
Classic—The user
generated the report from the Salesforce Classic UI.
-
Lightning—The
user generated the report from Lightning Experience.
|
| ExecutionIdentifier |
- Type
- string
- Properties
- Nillable
- Description
- When report data is divided into multiple report events, use this
unique identifier to correlate the multiple data chunks. For
example, each chunk might have the same
ExecutionIdentifier of
a50a4025-84f2-425d-8af9-2c780869f3b5, enabling you to link them
together to get all the data for the report execution. The
Sequence field contains the incremental
sequence numbers that indicate the order of the multiple events.
For more information, see Sequence.
|
| ExportFileFormat |
- Type
- string
- Properties
- Nillable
- Description
- If the user exported the report, this value indicates the format
of the exported report. Possible values are:
|
| Format |
- Type
- picklist
- Properties
- Defaulted on create, Nillable, Restricted picklist
- Description
- The format of the report. Possible values are:
- Matrix
- MultiBlock
- Summary
- Tabular
|
| IsScheduled |
- Type
- boolean
- Properties
- Defaulted on create
- Description
- If TRUE, the report was scheduled. If FALSE, the report wasn’t
scheduled.
|
| LoginHistoryId |
- Type
- reference
- Properties
- Nillable
- Description
- Tracks a user session so you can correlate user activity with a
particular series of report events. This field is also available on
the LoginEvent, AuthSession, and LoginHistory objects, making it
easier to trace events back to a user’s original authentication.
This value is null if the event that was generated was from a
dashboard refresh, a multi-block report, or a scheduled report. For
example, 0YaB000002knVQLKA2.
|
| LoginKey |
- Type
- string
- Properties
- Nillable
- Description
- The string that ties together all events in a given user’s
login session. The session starts with a login event and ends with either a
logout event or the user session expiring. This value is null if the event that was generated was from a
dashboard refresh, a multi-block report, or a scheduled report. For
example, lUqjLPQTWRdvRG4.
|
| Name |
- Type
- string
- Properties
- Nillable
- Description
- The display name of the report. The value is null for report
previews.
|
| NumberOfColumns |
- Type
- int
- Properties
- Nillable
- Description
- The number of columns in the report.
|
| Operation |
- Type
- picklist
- Properties
- Nillable, Restricted Picklist
- Description
- The context in which the report executed, such as from a UI
(Classic, Lightning, Mobile), through an API (synchronous,
asynchronous, Apex), or through a dashboard. Possible values are:
-
ChartRenderedInEmbeddedAnalyticsApp: Report
executed from a rendered chart in an embedded Analytics
app.
-
ChartRenderedOnHomePage: Report executed from a
rendered chart on the home page.
-
ChartRenderedOnVisualforcePage: Report executed
from a rendered chart on a VisualForce Page.
-
DashboardComponentPreviewed: Report executed
from a Lightning dashboard component preview.
-
DashboardComponentUpdated: Report executed when
a user refreshed a dashboard component. Because the report
resulted from an asynchronous operation, session information
(contained in the fields SessionKey,
LoginKey,
SessionLevel, and
SourceIp) isn’t captured.
-
ProbeQuery: Report
executed from a probe query.
-
ReportAddedToCampaign:
Report was added from an Add to Campaign action.
-
ReportExported: Report
executed from a printable view or report export that was not
asynchronous nor an API export.
-
ReportExportedAsynchronously: Report was
exported asynchronously.
-
ReportExportedUsingExcelConnector: Report was
exported using the Excel connector.
-
ReportOpenedFromMobileDashboard: Report executed
when a user clicked a dashboard component on a mobile device
and drilled down to a report.
-
ReportPreviewed: Report
executed when a user got preview results while using the
report builder.
-
ReportResultsAddedToEinsteinDiscovery: Report
executed synchronously from Einstein Discovery.
-
ReportResultsAddedToWaveTrending: Report
executed when a user trended a report in Einstein Analytics.
-
ReportRunAndNotificationSent: Report executed
through the notifications API.
-
ReportRunFromClassic:
Report executed from the Run Report option of Salesforce
Classic.
-
ReportRunFromLightning:
Report executed from the Run option in Lightning Experience
from a non-mobile browser.
-
ReportRunFromMobile:
Report executed from the Run Report option of the mobile
Salesforce app.
-
ReportRunFromReportingSnapshot: Report executed
through Snapshot Analytics.
-
ReportRunFromRestApi:
Report executed from the REST API.
-
ReportRunUsingApexAsynchronousApi: Report
executed from the asynchronous Apex API.
-
ReportRunUsingApexSynchronousApi: Report
executed from the synchronous Apex API.
-
ReportRunUsingAsynchronousApi: Report executed
from an asynchronous API.
-
ReportRunUsingSynchronousApi: Report executed
from a synchronous API.
-
ReportScheduled: Report
was scheduled.
-
Test: Report execution
resulted from a test.
-
Unknown: Report
execution origin is unknown.
|
| OwnerId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the folder, organization, or user who owns the report.
If the report wasn’t saved, this value is the same as
UserId. For example,
005B0000001vURvIAM.
|
| PolicyId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the transaction policy associated with this event. For
example, 0NIB000000000KOOAY.
|
| PolicyOutcome |
- Type
- picklist
- Properties
- Nillable, Restricted picklist
- Description
- The result of the transaction policy. Possible values are:
-
Block - The user was
blocked from performing the operation that triggered the
policy.
-
Error - The policy
caused an undefined error when it executed.
-
FailedInvalidPassword -
The user entered an invalid password.
-
FailedPasswordLockout -
The user entered an invalid password too many times.
-
NoAction - The policy
didn't trigger.
-
Notified - A
notification was sent to the recipient.
-
TwoFAAutomatedSuccess -
Salesforce Authenticator approved the request for access
because the request came from a trusted location. After users
enable location services in Salesforce Authenticator, they
can designate trusted locations. When a user trusts a
location for a particular activity, such as logging in from a
recognized device, that activity is approved from the trusted
location for as long as the location is trusted.
-
TwoFADenied - The user
denied the approval request in the authenticator app, such as
Salesforce Authenticator.
-
TwoFAFailedGeneralError
- An error caused by something other than an invalid
verification code, too many verification attempts, or
authenticator app connectivity.
-
TwoFAFailedInvalidCode
- The user provided an invalid verification code.
-
TwoFAFailedTooManyAttempts - The user attempted
to verify identity too many times. For example, the user
entered an invalid verification code repeatedly.
-
TwoFAInitiated -
Salesforce initiated identity verification but hasn’t yet
challenged the user.
-
TwoFAInProgress -
Salesforce challenged the user to verify identity and is
waiting for the user to respond or for Salesforce
Authenticator to send an automated response.
-
TwoFANoAction - The
policy specifies two factor authentication as an action, but
the user is already in a high-assurance session.
-
TwoFARecoverableError -
Salesforce can’t reach the authenticator app to verify
identity, but will retry.
-
TwoFAReportedDenied -
The user denied the approval request in the authenticator
app, such as Salesforce Authenticator, and also flagged the
approval request to report to an administrator.
-
TwoFASucceeded - The
user’s identity was verified.
|
| QueriedEntities |
- Type
- string
- Properties
- Nillable
- Description
- The entities in the SOQL query. For example, Opportunity, Lead,
Account, or Case. Can also include custom objects. For relationship
queries, the value of this field contains all entities involved in
the query. If the query returns 0 records, then the value of this
field is null.
- Examples
-
- For SELECT Contact.FirstName,
Contact.Account.Name from Contact, the value of
QueriedEntities is
Account, Contact.
- For SELECT Account.Name, (SELECT
Contact.FirstName, Contact.LastName FROM Account.Contacts)
FROM Account, the value of
QueriedEntities is
Account, Contact.
- For SELECT Id, Name,
Account.Name FROM Contact WHERE Account.Industry =
'media', the value of
QueriedEntities is
Account, Contact.
|
| Records |
- Type
- json
- Properties
- Nillable
- Description
- A JSON string that represents the report’s data. For example,
{"totalSize":1,"rows":[{"datacells":["005B0000001vURv","001B000000fewai"]}]}.
|
| RelatedEventIdentifier |
- Type
- string
- Properties
- Nillable
- Description
- Represents the EventIdentifier of the related
event. For example, bd76f3e7-9ee5-4400-9e7f-54de57ecd79c.
This
field is populated only when the activity that this event
monitors requires extra authentication, such as two-factor
authentication. In this case, Salesforce generates more events
and sets the RelatedEventIdentifier field
of the new events to the value of the
EventIdentifier field of the original
event. Use this field with the
EventIdentifier field to correlate all
the related events. If no extra authentication is required, this
field is blank.
|
| ReportId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the report associated with this event. For example,
00OB00000032FHdMAM.
|
| RowsProcessed |
- Type
- double
- Properties
- Nillable
- Description
- The total number of rows returned in the report. When report data
is divided into multiple report events, this value is the same for
all data chunks. For more information, see
ExecutionIdentifier.
|
| Scope |
- Type
- string
- Properties
- Nillable
- Description
- Defines the scope of the data on which the user ran the report. For example, users can
run the report against all opportunities, opportunities
they own, or opportunities their team owns. Possible
values are:
-
user - User owns the objects the report was run
against.
-
team - Team
owns the objects the report was run against.
-
organization - Report was run against
all applicable objects.
|
| Sequence |
- Type
- int
- Properties
- Nillable
- Description
- Incremental sequence number that indicates the order of multiple
events that result from a given report execution.
When a report
execution returns many records, Salesforce splits this data into
chunks based on the size of the records, and then creates
separate multiple ReportEventStreams. The field values in each
of these correlated ReportEventStreams are the same, except for
Records, which contains the different
data chunks, and Sequence, which identifies
each chunk in order. Every report execution has a unique
ExecutionIdentifier value to
differentiate it from other report executions. To view all the
data chunks from a single report execution, use the
Sequence and
ExecutionIdentifier fields in
combination.
When a report executes, we provide the
first 1000 events with data in the
Records field. Use the
ReportId field to view the full
report.
For more information, see ExecutionIdentifier.
|
| SessionKey |
- Type
- string
- Properties
- Nillable
- Description
- The user’s unique session ID. Use this value to identify
all user events within a session. When a user logs out and logs in again, a new
session is started. This value is null if the event that was generated was from a
dashboard refresh, a multi-block report, or a scheduled report. For
example, vMASKIU6AxEr+Op5.
|
| SessionLevel |
- Type
- picklist
- Properties
- Nillable, Restricted picklist
- Description
- Session-level security controls user access to features that
support it, such as connected apps and reporting. Possible values are:
-
HIGH_ASSURANCE - A high
assurance session was used for resource access. For example,
when the user tries to access a resource such as a connected
app, report, or dashboard that requires a high-assurance
session level.
-
LOW - The user’s
security level for the current session meets the lowest
requirements.
This low level is not available, nor
used, in the Salesforce UI. User sessions through the UI
are either standard or high assurance. You can set this
level using the API, but users assigned this level
experience unpredictable and reduced functionality in
their Salesforce org.
-
STANDARD - The user’s
security level for the current session meets the Standard
requirements set in the org’s Session Security Levels.
This value is null if the event that was generated was from a
dashboard refresh, a multi-block report, or a scheduled
report.
|
| SourceIp |
- Type
- string
- Properties
- Nillable
- Description
- The source IP address of the client that logged in. For example,
126.7.4.2.
|
| UserId |
- Type
- reference
- Properties
- Nillable
- Description
- The origin user’s unique ID. For example,
005000000000123.
|
| Username |
- Type
- string
- Properties
- Nillable
- Description
- The origin username in the format of
user@company.com at the time the event was
created.
|