Splunk® App for Microsoft Exchange (EOL)

Deploy and Use the Splunk App for Microsoft Exchange

Acrobat logo Download manual as PDF


On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of Splunk® App for Microsoft Exchange (EOL). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

How to upgrade the Splunk App for Microsoft Exchange

Upgrade overview

There are two upgrade scenarios available for the Splunk App for Microsoft Exchange:

  • From a previous (2.x) version of the app to this version.
  • From version 3.0.x to this version.

Upgrade from version 2.x to version 3.0.2

There is no direct upgrade path from the previous version of the Splunk App for Microsoft Exchange to this version. There is, however, a recommend process to follow that depends on:

  • The version of Splunk Enterprise that you currently run.
  • The versions of the Splunk App(s) for Microsoft Exchange, Active Directory, and Windows that you currently run.

Follow the instructions in the table below based on the scenario that best applies to your situation:

Scenario Action
  • You run Splunk Enterprise 6.1 or later AND
  • You run Splunk App for Microsoft Exchange v2.x or earlier
 You must upgrade to the Splunk App for Microsoft Exchange v3.0 to continue to receive support.

1. Install the Splunk App for Microsoft Exchange v3.0.

2. Allow the app to find and use your existing data.

Important: You might be subject to pricing restrictions when you upgrade. Speak with your Sales associate for specific details.

  • You run Splunk Enterprise 6.x or later AND
  • You run Splunk App for Windows v5.x and earlier AND/OR
  • You run Splunk App for Active Directory v1.x and earlier
 You must upgrade to the Splunk App for Windows Infrastructure v1.0.x to continue to receive support.

1. Install the Splunk App for Windows iInfrastructure v1.0.x.

2. Allow the app to find and use your existing data.

3. Once you have confirmed that the Splunk App for Windows Infrastructure sees your data, remove the legacy Splunk Apps for Windows and Active Directory.

  • You run Splunk Enterprise 6.0 or earlier AND
  • You plan to upgrade to version 6.1 or later AND
  • You run the Splunk App for Microsoft Exchange v2.x or earlier
 When you upgrade to Splunk Enterprise v6.1, you must upgrade to the Splunk App for Microsoft Exchange v3.0 to continue to receive support.

1. Update Splunk Enterprise to version 6.x.

2. Install the Splunk App for Microsoft Exchange v3.0.

3. Allow the app to find and use your existing data.

4. Once you have confirmed that the Splunk App for Microsoft Exchange sees your data, remove the legacy Splunk App for Microsoft Exchange.

Important: You might be subject to pricing restrictions when you upgrade. Speak with your Sales associate for specific details.

  • You run Splunk Enterprise 5.x or earlier AND
  • You plan to upgrade to version 6.0 or later AND
  • You run the Splunk App for Windows version 5.x or earlier, AND/OR
  • You run the Splunk App for Active Directory version 1.x or earlier
 When you upgrade to Splunk Enterprise v6.0, you must upgrade to the Splunk App for Windows Infrastructure to continue to receive support.

1. Update Splunk Enterprise to version 6.x.

2. Install the Splunk App for Windows Infrastructure v1.0.

3. Allow the app to find and use your existing data.

4. Once you have confirmed that the Splunk App for Windows Infrastructure sees your data, remove the Splunk App for Windows and/or the Splunk App for Active Directory.

  • You run Splunk Enterprise 5.x or earlier AND
  • You have no plans to upgrade to version 6.x or later AND
  • You run the Splunk App for Microsoft Exchange v2.x or earlier AND/OR
  • You run the Splunk App for Windows version 5.x or earlier, AND/OR
  • You run the Splunk App for Active Directory version 1.x or earlier
 You do not need to do anything right now. You can continue to run any or all of these apps in your existing environment.

Important: The legacy apps will no longer be available on Splunk Apps once the new apps ship. If you need versions of the legacy apps, open a support case.

How to upgrade

To upgrade the Splunk App for Microsoft Exchange:

1. Install this version of the app onto the same Splunk Enterprise instance as the previous version of the app.

The applications use different directories by default, so there is no issue with having both apps on the same instance. See "How to deploy the Splunk App for Microsoft Exchange" for specific installation instructions.

2. Run the app and allow it to detect existing Exchange, Windows, and Active Directory data.

3. Confirm that the new app sees all of your data. You can do this by using the Search menu.

4. Once you have confirmed that the new app sees all of your data, you can remove the legacy version.

Caution: Do not attempt to install this version of the Splunk App for Microsoft Exchange into the same directory as the previous version. This is not supported, and will cause both versions of the app to not work.

Upgrade from version 3.0.x to version 3.0.2

If you have already installed version 3.0.x of the Splunk App for Microsoft Exchange, upgrade the app by installing it directly over the previous version. You can do this from within Splunk Web or from the command line.

How to upgrade from Splunk Web

To upgrade the Splunk App for Microsoft Exchange from within Splunk Web:

1. In the upper left corner, click "Apps > Manage Apps."

2. Locate the Splunk App for Microsoft Exchange in the list, and check the "Version" column. If an upgrade is available, Splunk Enterprise provides the opportunity to do the upgrade by displaying "Update to 3.0.2."

3. Click the "Update to 3.0.2" link. Splunk Enterprise loads the "App Update Available" page.

4. Click "Update." Splunk Enterprise loads the "Login required" page.

5. Enter your splunk.com login credentials, then click "Login." Splunk Enterprise upgrades the app, then presents the "Restart" page.

6. Click "Restart". Splunk Enterprise restarts, then returns you to the "Manage Apps" page.

7. In the upper left corner, click "Apps > Splunk App for Microsoft Exchange." Splunk Enterprise loads the updated app, then begins the first-time run process.

How to upgrade from the command line

To upgrade the Splunk App for Microsoft Exchange from the command line:

1. Download the updated Splunk App for Microsoft Exchange from Splunk Apps.

Note: The package downloads as a .tar.gz or .tgz file. Do not attempt to run this file.

2. On the Splunk Enterprise instance that runs the Splunk App for Microsoft Exchange, unpack the archive directly over the existing Splunk App for Microsoft Exchange directory: 

tar xvzf splunk_app_microsoft_exchange_302.tar.gz -C $SPLUNK_HOME/etc/apps

Note: On Windows systems, use a file archive tool such as WinZip to extract the files.

3. Restart Splunk Enterprise on the instance that runs the app.

4. Log into Splunk.

5. In the upper left corner, click "Apps > Splunk App for Microsoft Exchange." Splunk Enterprise loads the updated app, then begins the first-time run process.

Troubleshoot permissions issues after an upgrade

When you upgrade the Splunk App for Microsoft Exchange to version 3.0.2, the app installs a new user role, exchange-admin. The Splunk user that uses the Splunk App for Microsoft Exchange must have this role, otherwise the app will not function correctly.

If, during the first time process, you see that the app does not find any data and you know that the data exists (such as in the case of an upgrade), be sure to add the exchange-admin role to the user that uses the app, as described in the troubleshooting page.

Last modified on 04 September, 2014
PREVIOUS
Install the central Splunk for Microsoft Exchange app instance 		  NEXT
Log in and get started

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.0.2, 3.0.3

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters