About the Content Pack for Microsoft Exchange
The Content Pack for Microsoft Exchange provides the elements necessary to collect data from the hosts in your Microsoft Exchange server environment. Use the content pack to monitor the health and performance of your Microsoft Exchange environment from Edge and Hub Transport servers to Client Access Servers and the Mailbox Store.
The content pack provides preconfigured services with Key Performance Indicators (KPIs) that monitor critical functions. The content pack also includes a default entity type to help you group and analyze Microsoft Exchange entities.
Content pack features
The Content Pack for Microsoft Exchange is a robust collection of dashboards and their knowledge objects. The dashboards leverage data collected using the Splunk Add-on for Microsoft Exchange.
Services and KPIs
The content pack includes 64 Microsoft Exchange services with over 400 KPIs configured with best practices from Microsoft and the Splunk platform. You can disable or delete any services you don't plan to use.
For a full list of services, see the KPI reference for the Content Pack for Microsoft Exchange.
Entity searches
The content pack includes one (1) entity search. You can enable entity searches manually or through the guided installation experience of the content pack. See Install the Content Pack for Microsoft Exchange for steps to enable entity searches.
Entity Type and Vital Metrics
The content pack includes a custom Microsoft Exchange Host entity type which associates all Microsoft Exchange entities with each other. You can use this association to visualize and troubleshoot Microsoft Exchange entities.
The Microsoft Exchange Host entity type contains a set of vital metrics which describe the overall performance of entities of that type, including average CPU processor time, average network utilization, and average available memory. You can view these metrics on the Entity Health page and drill down further into individual Microsoft Exchange entities.
Service Analyzer
The content pack includes a preconfigured service analyzer view called the Exchange Service Analyzer. This view provides a visual representation of your Microsoft Exchange services and the dependencies between them. You can use this custom view to see the KPIs, entities, and critical episodes associated with a service.
Episode Review
Some services in the content pack are configured to generate notable events when aggregate KPI threshold values reach specific levels. ITSI then aggregates these events into meaningful groups or episodes. Episode Review provides a unified view of all your service-impacting episodes. You can drill down into individual episodes to perform more granular root cause analysis, such as viewing the timeline of an event or examining common fields.
Glass Tables
The content pack includes several Glass Tables dividing services into distinct groups such as mailbox, availability, and performance.
Dashboards
Use the dashboards included in the content pack to perform the following actions:
- Monitor the performance of all servers throughout your Exchange environment
- Track messages throughout your messaging environment
- Monitor client usage, including mobility usage with ActiveSync or Outlook Anywhere
- Monitor security events, such as virus outbreaks and anomalous logons
- Track administrative changes to the environment
- Analyze long-term mail operations trends
- Plan for capacity expansion
- Monitor your organization's outbound email sender reputation
For detailed descriptions of each dashboard, see the Dashboard reference for the Content Pack for Microsoft Exchange.
Installation
The Splunk App for Content Packs contains the Content Pack for Microsoft Exchange. The content pack is automatically available once you install the Splunk App for Content Packs. See Install the Splunk App for Content Packs.
Deployment requirements
Use the following table to ensure you are running the correct version of the Content Pack for Microsoft Exchange, ITSI, IT Essentials Work (ITE Work), the Splunk App for Content Packs, and the Splunk Add-on for Microsoft Exchange:
Content Pack for Microsoft Exchange version | ITSI version | ITE Work version | Splunk App for Content Packs version | Splunk Add-on for Microsoft Exchange version |
---|---|---|---|---|
1.7.0 | 4.17.x, 4.18.x | 4.17.x, 4.18.x | 2.1.0 | 4.0.2 or 4.0.3 |
1.6.1 | 4.17.x, 4.18.x | 4.17.x, 4.18.x | 2.0.1 | 4.0.2 or 4.0.3 |
1.6.0 | 4.17.x, 4.18.x | 4.17.x, 4.18.x | 2.0.0 | 4.0.2 or 4.0.3 |
1.5.2 | 4.15.x, 4.16.x, 4.17.x, 4.18.x | 4.15.x, 4.16.x, 4.17.x, 4.18.x | 1.9.1 | 4.0.2 or 4.0.3 |
1.5.1 | 4.11.3 and higher | 4.11.3 and higher | 1.6.0 and higher | 4.0.2 or 4.0.3 |
1.5.0 | 4.9.6 or 4.11.3 and higher | 4.9.6 or 4.11.3 and higher | 1.5.0 | 4.0.2 or 4.0.3 |
1.4.3 | 4.9.0 and higher | 4.9.0 and higher | 1.3.0 and 1.4.0 | 4.0.2 |
Migrate from the Splunk App for Microsoft Exchange to the Content Pack for Microsoft Exchange
If you are using the Splunk App for Microsoft Exchange, you can migrate to the Content Pack for Microsoft Exchange for enhanced features and functionality.
For detailed steps to migrate to the content pack, see Migrate from the Splunk App for Microsoft Exchange to the Content Pack for Microsoft Exchange.
On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to the Content Pack for Microsoft Exchange.
Additional resources
- For ITSI deployment guidelines, see Plan your ITSI deployment in the Splunk IT Service Intelligence Install and Upgrade Manual.
- For ITSI version compatibility with Splunk Enterprise versions, see the Splunk products version compatibility matrix.
Release Notes for the Content Pack for Microsoft Exchange |
This documentation applies to the following versions of Content Pack for Microsoft Exchange: 1.7.0
Feedback submitted, thanks!