Salesforce Real time events Monitoring using Elasticsearch

Hello Team,

Wanted to understand if Salesforce integration in Kibana can monitor real time events from salesforce (Not the EventLogFile object). I can see in “Kibana > Integrations > Salesforce > Overview tab” that it is discussed to enable real time monitoring setting in Salesforce. However, I wanted to understand is it the same config file we have to use in elastic-agent.yml to fetch the real time event logs. Or is there a different way altogether to monitor real time events from salesforce

Pasted the sample config that I found in integration’s tab in Kibana:

inputs:
  # Collect Salesforce Logs: Collect logs from Salesforce instances using REST API.
  - id: salesforce-salesforce
    type: salesforce
    streams:
      # Salesforce Apex logs: Collect Salesforce Apex logs.
      - id: salesforce-salesforce.apex
        data_stream:
          dataset: salesforce.apex
          type: logs
        version: 56
        auth.oauth2:
          user_password_flow:
            enabled: true
            client.id: null
            client.secret: null
            token_url: 'https://login.salesforce.com'
            username: username
            password: password
        url: 'https://instance-url.salesforce.com'
        event_monitoring_method:
          event_log_file:
            enabled: true
            interval: 1h
            query:
              default: >-
                SELECT Id,CreatedDate,LogDate,LogFile FROM EventLogFile WHERE
                LogDate > [[ (formatTime (now.Add (parseDuration "-168h"))
                "2006-01-02T15:04:05.000Z0700") ]] AND Interval = 'Hourly' AND
                (EventType = 'ApexCallout' OR EventType = 'ApexExecution' OR
                EventType = 'ApexRestApi' OR EventType = 'ApexSoap' OR EventType
                = 'ApexTrigger' OR EventType = 'ExternalCustomApexCallout')
                ORDER BY LogDate ASC NULLS FIRST
              value: >-
                SELECT Id,CreatedDate,LogDate,LogFile FROM EventLogFile WHERE
                Interval = 'Hourly' AND CreatedDate > [[
                .cursor.event_log_file.last_event_time ]] AND (EventType =
                'ApexCallout' OR EventType = 'ApexExecution' OR EventType =
                'ApexRestApi' OR EventType = 'ApexSoap' OR EventType =
                'ApexTrigger' OR EventType = 'ExternalCustomApexCallout') ORDER
                BY LogDate ASC NULLS FIRST
            cursor:
              field: CreatedDate
        tags:
          - preserve_original_event
          - salesforce-apex
        processors:
          - add_fields:
              target: salesforce
              fields:
                instance_url: 'https://instance-url.salesforce.com'
      # Salesforce Login logs: Collect Salesforce Login logs.
      - id: salesforce-salesforce.login
        data_stream:
          dataset: salesforce.login
          type: logs
        version: 56
        auth.oauth2:
          user_password_flow:
            enabled: true
            client.id: null
            client.secret: null
            token_url: 'https://login.salesforce.com'
            username: username
            password: password
        url: 'https://instance-url.salesforce.com'
        event_monitoring_method:
          event_log_file:
            enabled: true
            interval: 1h
            query:
              default: >-
                SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE
                LogDate > [[ (formatTime (now.Add (parseDuration "-168h"))
                "2006-01-02T15:04:05.000Z0700") ]] AND Interval = 'Hourly' AND
                EventType = 'Login' ORDER BY LogDate ASC NULLS FIRST
              value: >-
                SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE
                Interval = 'Hourly' AND EventType = 'Login' AND CreatedDate > [[
                .cursor.event_log_file.last_event_time ]] ORDER BY LogDate ASC
                NULLS FIRST
            cursor:
              field: CreatedDate
          object:
            enabled: true
            interval: 5m
            query:
              default: >-
                SELECT FIELDS(STANDARD) FROM LoginEvent WHERE EventDate > [[
                (formatTime (now.Add (parseDuration "-168h"))
                "2006-01-02T15:04:05.000Z0700") ]]
              value: >-
                SELECT FIELDS(STANDARD) FROM LoginEvent WHERE EventDate > [[
                .cursor.object.first_event_time ]]
            cursor:
              field: EventDate
        tags:
          - preserve_original_event
          - salesforce-login
        processors:
          - add_fields:
              target: salesforce
              fields:
                instance_url: 'https://instance-url.salesforce.com'
      # Salesforce Logout logs: Collect Salesforce Logout logs.
      - id: salesforce-salesforce.logout
        data_stream:
          dataset: salesforce.logout
          type: logs
        version: 56
        auth.oauth2:
          user_password_flow:
            enabled: true
            client.id: null
            client.secret: null
            token_url: 'https://login.salesforce.com'
            username: username
            password: password
        url: 'https://instance-url.salesforce.com'
        event_monitoring_method:
          event_log_file:
            enabled: true
            interval: 1h
            query:
              default: >-
                SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE
                LogDate > [[ (formatTime (now.Add (parseDuration "-168h"))
                "2006-01-02T15:04:05.000Z0700") ]] AND Interval = 'Hourly' AND
                EventType = 'Logout' ORDER BY LogDate ASC NULLS FIRST
              value: >-
                SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE
                Interval = 'Hourly' AND EventType = 'Logout' AND CreatedDate >
                [[ .cursor.event_log_file.last_event_time ]] ORDER BY LogDate
                ASC NULLS FIRST
            cursor:
              field: CreatedDate
          object:
            enabled: true
            interval: 5m
            query:
              default: >-
                SELECT FIELDS(STANDARD) FROM LogoutEvent WHERE EventDate > [[
                (formatTime (now.Add (parseDuration "-168h"))
                "2006-01-02T15:04:05.000Z0700") ]]
              value: >-
                SELECT FIELDS(STANDARD) FROM LogoutEvent WHERE EventDate > [[
                .cursor.object.first_event_time ]]
            cursor:
              field: EventDate
        tags:
          - preserve_original_event
          - salesforce-logout
        processors:
          - add_fields:
              target: salesforce
              fields:
                instance_url: 'https://instance-url.salesforce.com'
      # Salesforce SetupAuditTrail logs: Collect Salesforce SetupAuditTrail logs.
      - id: salesforce-salesforce.setupaudittrail
        data_stream:
          dataset: salesforce.setupaudittrail
          type: logs
        version: 56
        auth.oauth2:
          user_password_flow:
            enabled: true
            client.id: null
            client.secret: null
            token_url: 'https://login.salesforce.com'
            username: username
            password: password
        url: 'https://instance-url.salesforce.com'
        event_monitoring_method:
          object:
            enabled: true
            interval: 1h
            query:
              default: >-
                SELECT FIELDS(STANDARD) FROM SetupAuditTrail WHERE CreatedDate >
                [[ (formatTime (now.Add (parseDuration "-168h"))
                "2006-01-02T15:04:05.000Z0700") ]] ORDER BY CreatedDate ASC
                NULLS FIRST
              value: >-
                SELECT FIELDS(STANDARD) FROM SetupAuditTrail WHERE CreatedDate >
                [[ .cursor.object.last_event_time ]] ORDER BY CreatedDate ASC
                NULLS FIRST
            cursor:
              field: EventDate
        tags:
          - preserve_original_event
          - salesforce-setupaudittrail
        processors:
          - add_fields:
              target: salesforce
              fields:
                instance_url: 'https://instance-url.salesforce.com'

Thank you in advance