Splunk® App for Microsoft Exchange (EOL)

Deploy and Use the Splunk App for Microsoft Exchange

Acrobat logo Download manual as PDF


On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of Splunk® App for Microsoft Exchange (EOL). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Release notes

This topic contains information on new features, known issues, and updates as we version the Splunk App and Technology Add-ons for Microsoft Exchange.

The latest version of the Splunk App for Microsoft Exchange was released on Tuesday, April 5, 2016.

What's new

Here's what's new in the latest version of the Splunk App for Microsoft Exchange:

Publication date Defect number Description
2015-2-29 N/A Bug fixes.

Current known issues

The Splunk App for Microsoft Exchange has the following known issues:

-
Publication date Defect number Description
2016-5-20 EXC-1971 Exchange overview and Dashboard> Views display is blank under IE11. IE11 Debugger console shows error: "Object doesn't support property or method 'startsWith' . Related to %SPLUNK_HOME%\etc\apps\splunk_app_microsoft_exchange\appserver\templates\navredirect.tmpl Contact Support for updated navredirect.tmpl
2016-2-29 TAG-10770 When you upgrade to Splunk Enterprise 6.3.3 or later, Splunk Enterprise generates the following messages on startup:

Invalid key in stanza [ui] in /opt/splunk/etc/apps/splunk_app_microsoft_exchange/default/app.conf, line 15: attribution_link (value: app.attributions). Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'

These messages can be safely ignored.

2016-2-29 TAG-10754 The PowerShell script within the TA-DomainController-2012R2 add-on does not exit after execution.
2016-2-29 TAG-10742 The app displays a 404 error during first-time setup even though data that the app needs is available and can be searched with the Search and Reporting app.
2016-2-29 TAG-10622 Some of the lookup files in the app are empty and this causes Splunk Enterprise to throw errors in splunkd.log such as WARN SearchResults - D:\Splunk\etc\apps\splunk_app_microsoft_exchange\ lookups\windows_processes_process.csv is empty, multi-line header is missing matching quotation, or could not parse CSV header.
2016-2-29 TAG-10588 The app incorrectly counts Kerberos events (such as Event Log ID 4768) as failed authentication events.
2016-2-29 TAG-10497 The msad-nt6-disabled-logons event type looks for Event Log ID 4625 events with status code C000006E (which translates to "invalid user name or bad password") instead of the correct status code C000006D.
2016-2-29 TAG-10484 The app menu bar does not appear regardless of browser; the app logs a message like the following in splunkd.log: appnav:379 - An unknown view name "setup" is referenced in the navigation definition for "splunk_app_windows_infrastructure".
2015-11-12 TAG-9913 The "User" panel of the "Account Lockout Activity" page only shows the latest entry for a user lockout regardless of the number of lockouts a user might have.
2015-11-12 TAG-9555 The split_ldapgroup macro does not split out the member list correctly. This affects the member list panel in the Active Directory > Groups > Group Audit dashboard.
2015-11-12 TAG-9508 The app causes search heads that run Hunk to generate errors because Hunk attempts to search both real and virtual indexes.

Change log (what's been fixed)

Publication date Defect number Description
2016-2-29 TAG-10792 The search that powers the "Account Unlock Actions" panel in the "Administrator Audit" dashboard has been fixed to use the correct event type.
2016-2-29 TAG-10755, SPL-114034 App searches have been updated so that they work with the latest version of Splunk Enterprise.
Last modified on 20 May, 2016
PREVIOUS
Best practices guide
  NEXT
Known Issue: Disable Transport Handling and Mailbox components in Service Analyzer for Exchange Server 2007 and Server 2010 environments

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.2.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters