| ActionName |
- Type
- string
- Properties
- Nillable
- Description
- The name of the action.
|
| BotId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the bot.
- This field is a relationship field.
- Relationship Name
- Bot
- Refers To
- BotDefinition
|
| BotSessionIdentifier |
- Type
- string
- Properties
- Nillable
- Description
- The bot session ID.
|
| ColumnHeaders |
- Type
- string
- Properties
- Nillable
- Description
- Comma-separated values of column headers of the report. Values
listed are object names, field names, and field values except where
aliases are used. For example, [Opportunity.Name, Opportunity.Type,
Opportunity.Owner.UserRole.RollupDescription,
Opportunity.Account.Name, Opportunity.Account.NumberOfEmployees,
AGE].
|
| DashboardId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the dashboard that the report was part of. For example,
01ZB0000000PmoQ.
- This is a relationship field.
- Relationship Name
- Dashboard
- Relationship Type
- Lookup
- Refers To
- Dashboard
|
| DashboardName |
- Type
- string
- Properties
- Nillable
- Description
- The title of the dashboard that the report was part of.
|
| Description |
- Type
- string
- Properties
- Nillable
- Description
- The description of the report.
|
| DisplayedFieldEntities |
- Type
- string
- Properties
- Nillable
- Description
- The API values of the fields that are displayed on the report,
including the names of the entities of the grouped column fields.
For example, [ACCOUNTS,
OWNERS].
|
| EvaluationTime |
- Type
- double
- Properties
- Nillable
- Description
- The amount of time it took to evaluate the policy in milliseconds.
This field isn’t populated until all transaction security policies
are processed for the real-time event.
|
| EventDate |
- Type
- dateTime
- Properties
- Filter, Sort
- Description
- The time when the specified report event was captured (after query
execution takes place). For example, 2020-01-20T19:12:26.965Z. Milliseconds are the most
granular setting.
|
| EventIdentifier |
- Type
- string
- Properties
- Filter, Sort
- Description
- The unique ID of the event. For example,
0a4779b0-0da1-4619-a373-0a36991dff90.
|
| EventSource |
- Type
- picklist
- Properties
- Nillable, Restricted Picklist
- Description
- The source of the event. Possible values are:
-
API—The user
generated the report from an API call.
-
Classic—The user
generated the report from the Salesforce Classic UI.
-
Lightning—The
user generated the report from Lightning Experience.
|
| ExecutionIdentifier |
- Type
- string
- Properties
- Nillable
- Description
- When report data is divided into multiple report events, use this
unique identifier to correlate the multiple data chunks. For
example, if each chunk has the same
ExecutionIdentifier of
a50a4025-84f2-425d-8af9-2c780869f3b5,you can link them together to
get all the data for the report execution. The
Sequence field contains the incremental
sequence numbers that indicate the order of the multiple events.
For more information, see Sequence.
|
| ExportFileFormat |
- Type
- string
- Properties
- Nillable
- Description
- If the user exported the report, this value indicates the format
of the exported report. Possible values are:
|
| Format |
- Type
- picklist
- Properties
- Defaulted on create, Nillable, Restricted picklist
- Description
- The format of the report. Possible values are:
- Matrix
- MultiBlock
- Summary
- Tabular
|
| GroupedColumnHeaders |
- Type
- string
- Properties
- Nillable
- Description
- Comma-separated values of grouped column fields in summary,
matrix, and joined reports. For example, [USERNAME, ACCOUNT.NAME, TYPE, DUE_DATE,
LAST_UPDATE, ADDRESS1_STATE].
|
| IsScheduled |
- Type
- boolean
- Properties
- Defaulted on create
- Description
- If TRUE, the report was scheduled. If FALSE, the report wasn’t
scheduled.
|
| LoginHistoryId |
- Type
- reference
- Properties
- Nillable
- Description
- Tracks a user session so that you can correlate user activity with
a particular series of report events. This field is also available
on the LoginEvent, AuthSession, and LoginHistory objects, making it
easier to trace events back to a user’s original authentication.
This value is null if the event that was generated was from a
dashboard refresh, a multi-block report, or a scheduled report. For
example, 0YaB000002knVQLKA2.
- This is a relationship field.
- Relationship Name
- LoginHistory
- Relationship Type
- Lookup
- Refers To
- LoginHistory
|
| LoginKey |
- Type
- string
- Properties
- Nillable
- Description
- The string that ties together all events in a given user’s
login session. The session starts with a login event and ends with either a
logout event or the user session expiring. This value is null if the event that was generated was from a
dashboard refresh, a multi-block report, or a scheduled report. For
example, lUqjLPQTWRdvRG4.
|
| Name |
- Type
- string
- Properties
- Nillable
- Description
- The display name of the report. The value is null for report
previews.
|
| NumberOfColumns |
- Type
- int
- Properties
- Nillable
- Description
- The number of columns in the report.
|
| Operation |
- Type
- picklist
- Properties
- Nillable, Restricted Picklist
- Description
- The context in which the report executed, such as from a UI
(Classic, Lightning, Mobile), through an API (synchronous,
asynchronous, Apex), or through a dashboard. Session information
contained in the fields SessionKey,
LoginKey,
SessionLevel, and
SourceIp isn’t captured in any report
resulting from an asynchronous operation. Possible values are:
-
ChartRenderedInEmbeddedAnalyticsApp—Report
executed from a rendered chart in an embedded Analytics
app.
-
ChartRenderedOnHomePage—Report executed from
a rendered chart on the home page.
-
ChartRenderedOnVisualforcePage—Report
executed from a rendered chart on a VisualForce Page.
-
DashboardComponentPreviewed—Report
executed from a Lightning dashboard component preview.
-
DashboardComponentUpdated—Report executed
when a user refreshed a dashboard component.
-
ProbeQuery—Report executed from a probe
query.
-
ReportAddedToCampaign—Report was added from
an Add to Campaign action.
-
ReportExported—Report executed from a
printable view or report export that wasn’t asynchronous nor
an API export.
-
ReportExportedAsynchronously—Report was
exported asynchronously.
-
ReportExportedUsingExcelConnector—Report
was exported using the Excel connector.
-
ReportOpenedFromMobileDashboard—Report
executed when a user clicked a dashboard component on a
mobile device and drilled down to a report.
-
ReportPreviewed—Report executed when a user
got preview results while using the report builder.
-
ReportResultsAddedToEinsteinDiscovery—Report
executed synchronously from Einstein Discovery.
-
ReportResultsAddedToWaveTrending—Report
executed when a user trended a report in CRM Analytics.
-
ReportRunAndNotificationSent—Report
executed through the notifications API.
-
ReportRunFromClassic—Report executed from
the Run Report option of Salesforce Classic.
-
ReportRunFromLightning—Report executed from
the Run option in Lightning Experience from a non-mobile
browser.
-
ReportRunFromMobile—Report executed from the
Run Report option of the mobile Salesforce app.
-
ReportRunFromReportingSnapshot—Report
executed through Snapshot Analytics.
-
ReportRunFromRestApi—Report executed from
REST API.
-
ReportRunFromSlackElevate—Report executed
from Slack Elevate.
-
ReportRunUsingApexAsynchronousApi—Report
executed from the asynchronous Apex API.
-
ReportRunUsingApexSynchronousApi—Report
executed from the synchronous Apex API.
-
ReportRunUsingAsynchronousApi—Report
executed from an asynchronous API.
-
ReportRunUsingSynchronousApi—Report
executed from a synchronous API.
-
ReportScheduled—Report was scheduled.
-
Test—Report
execution resulted from a test.
-
Unknown—Report
execution origin is unknown.
|
| OwnerId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the folder, organization, or user who owns the report.
If the report wasn’t saved, this value is the same as
UserId. For example, 005B0000001vURv.
- This is a polymorphic relationship field.
- Relationship Name
- Owner
- Relationship Type
- Lookup
- Refers To
- Folder, Organization, User
|
| PlannerId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the agent planner.
- This field is a relationship field.
- Relationship Name
- Planner
- Refers To
- GenAiPlannerDefinition
|
| PolicyId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the transaction policy associated with this event. For
example, 0NIB000000000KOOAY. This field isn’t populated until all
transaction security policies are processed for the real-time
event.
- This is a relationship field.
- Relationship Name
- Policy
- Relationship Type
- Lookup
- Refers To
- TransactionSecurityPolicy
|
| PolicyOutcome |
- Type
- picklist
- Properties
- Nillable, Restricted picklist
- Description
- The result of the transaction policy. Possible values are:
-
Block—The user
was blocked from performing the operation that triggered the
policy.
-
Error—The policy
caused an undefined error when it executed.
-
ExemptNoAction—The user is exempt from
transaction security policies, so the policy didn’t
trigger.
-
FailedInvalidPassword—The user entered an
invalid password.
-
FailedPasswordLockout—The user entered an
invalid password too many times.
-
MeteringBlock—The policy took longer than 3
seconds to process, so the user was blocked from performing
the operation.
-
MeteringNoAction—The policy took longer than
3 seconds to process, but the user wasn’t blocked from
performing the operation.
-
NoAction—The
policy didn't trigger.
-
Notified—A
notification was sent to the recipient.
-
TwoFAAutomatedSuccess—Salesforce
Authenticator approved the request for access because the
request came from a trusted location. After users enable
location services in Salesforce Authenticator, they can
designate trusted locations. When a user trusts a location
for a particular activity, that activity is approved from the
trusted location for as long as the location is trusted.
Logging in from a recognized device is an example.
-
TwoFADenied—The
user denied the approval request in the authenticator app,
such as Salesforce Authenticator.
-
TwoFAFailedGeneralError—An error caused by
something other than an invalid verification code, too many
verification attempts, or authenticator app
connectivity.
-
TwoFAFailedInvalidCode—The user provided an
invalid verification code.
-
TwoFAFailedTooManyAttempts—The user
attempted to verify identity too many times. For example, the
user entered an invalid verification code repeatedly.
-
TwoFAInitiated—Salesforce initiated identity
verification but hasn’t yet challenged the user.
-
TwoFAInProgress—Salesforce challenged the
user to verify identity and is waiting for the user to
respond or for Salesforce Authenticator to send an automated
response.
-
TwoFANoAction—The policy specifies
multi-factor authentication (formerly called two-factor
authentication) as an action, but the user is already in a
high-assurance session.
-
TwoFARecoverableError—Salesforce can’t reach
the authenticator app to verify identity, but retries.
-
TwoFAReportedDenied—The user denied the
approval request in the authenticator app, such as Salesforce
Authenticator, and flagged the approval request to report to
an administrator.
-
TwoFASucceeded—The user’s identity was
verified.
This field isn’t populated until all transaction security
policies are processed for the real-time event.
|
| QueriedEntities |
- Type
- string
- Properties
- Nillable
- Description
- The entities in the SOQL query. For example, Opportunity, Lead,
Account, or Case. Can also include custom objects. For relationship
queries, the value of this field contains all entities involved in
the query. If the query returns 0 records, then the value of this
field is null.
- Examples
-
- For SELECT Contact.FirstName,
Contact.Account.Name from Contact, the value of
QueriedEntities is
Account, Contact.
- For SELECT Account.Name, (SELECT
Contact.FirstName, Contact.LastName FROM Account.Contacts)
FROM Account, the value of
QueriedEntities is
Account, Contact.
- For SELECT Id, Name,
Account.Name FROM Contact WHERE Account.Industry =
'media', the value of
QueriedEntities is
Account, Contact.
|
| Records |
- Type
- json
- Properties
- Nillable
- Description
- A JSON string that represents the report’s data. For example,
{"totalSize":1,"rows":[{"datacells":["005B0000001vURv","001B000000fewai"]}]}.
|
| RelatedEventIdentifier |
- Type
- string
- Properties
- Nillable
- Description
- Represents the EventIdentifier of the related
event. For example, bd76f3e7-9ee5-4400-9e7f-54de57ecd79c.
This
field is populated only when the activity that this event
monitors requires extra authentication, such as multi-factor
authentication. In this case, Salesforce generates more events
and sets the RelatedEventIdentifier field
of the new events to the value of the
EventIdentifier field of the original
event. Use this field with the
EventIdentifier field to correlate all
the related events. If no extra authentication is required, this
field is blank.
|
| ReportId |
- Type
- reference
- Properties
- Nillable
- Description
- The ID of the report associated with this event. For example,
00OB00000032FHdMAM.
- This is a relationship field.
- Relationship Name
- Report
- Relationship Type
- Lookup
- Refers To
- Report
|
| RowsProcessed |
- Type
- double
- Properties
- Nillable
- Description
- The total number of rows returned in the report. When report data
is divided into multiple report events, this value is the same for
all data chunks. For more information, see
ExecutionIdentifier.
|
| Scope |
- Type
- string
- Properties
- Nillable
- Description
- Defines the scope of the data on which the user ran the report.
For example, users can run the report against all opportunities,
opportunities they own, or opportunities their team owns. Possible
values are:
-
user—User owns
the objects the report was run against.
-
team—Team owns
the objects the report was run against.
-
organization—Report was run against all
applicable objects.
|
| Sequence |
- Type
- int
- Properties
- Nillable
- Description
- Incremental sequence number that indicates the order of multiple
events that result from a given report execution.
When a report
execution returns many records, Salesforce splits this data into
chunks based on the size of the records, and then creates
separate multiple ReportEventStreams. The field values in each
of these correlated ReportEventStreams are the same, except for
Records and
Sequence. Records
contains the different data chunks.
Sequence identifies each chunk in order.
Every report execution has a unique
ExecutionIdentifier value to
differentiate it from other report executions. To view all the
data chunks from a single report execution, use the
Sequence and
ExecutionIdentifier fields in
combination.
When a report executes, we provide the first
1,000 events with data in the Records
field. Use the ReportId field to view the
full report.
For more information, see ExecutionIdentifier.
|
| SessionKey |
- Type
- string
- Properties
- Nillable
- Description
- The user’s unique session ID. Use this value to identify
all user events within a session. When a user logs out and logs in again, a new
session is started. This value is null if the event that was generated was from a
dashboard refresh, a multi-block report, or a scheduled report. For
example, vMASKIU6AxEr+Op5.
|
| SessionLevel |
- Type
- picklist
- Properties
- Nillable, Restricted picklist
- Description
- Session-level security controls user access to features that
support it, such as connected apps and reporting. Possible values are:
-
HIGH_ASSURANCE—A
high assurance session was used for resource access. For
example, when the user tries to access a resource such as a
connected app, report, or dashboard that requires a
high-assurance session level.
-
LOW—The user’s
security level for the current session meets the lowest
requirements.
This low level isn’t available, nor used, in
the Salesforce UI. User sessions through the UI are either
standard or high assurance. You can set this level using
the API, but users assigned this level experience
unpredictable and reduced functionality in their
Salesforce org.
-
STANDARD—The
user’s security level for the current session meets the
Standard requirements set in the org’s Session Security
Levels.
This value is null if the event that was generated was from a
dashboard refresh, a multi-block report, or a scheduled
report.
|
| SourceIp |
- Type
- string
- Properties
- Nillable
- Description
- The source IP address of the client that logged in. For example,
126.7.4.2.
|
| UserId |
- Type
- reference
- Properties
- Filter, Sort
- Description
- The origin user’s unique ID. For example,
005B0000001vURv.
- This is a polymorphic relationship field.
- Relationship Name
- User
- Relationship Type
- Lookup
- Refers To
- User
|
| Username |
- Type
- string
- Properties
- Nillable
- Description
- The origin username in the format of
user@company.com at the time the event was
created.
|
j