Splunk® Supported Add-ons

Splunk Add-on for Microsoft Exchange

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

TA-Exchange-HubTransport inputs

The TA-Exchange-HubTransport add-on collects performance and Windows host monitoring data from Windows hosts that run Exchange Server and hold the Hub Transport role. See Configure TA-Exchange-HubTransport to learn how to configure the add-on for your version of Exchange Server prior to deploying it to Exchange Server hosts.

The add-on includes the following data inputs:

####Common Stanzas - Start####
[WinHostMon://Processes]
[WinHostMon://Services]
[perfmon://Total_Processor_Time]
[perfmon://Processor]
[perfmon://System]
[perfmon://Available_Memory]
[perfmon://Memory]
[perfmon://DotNET_CLR_Memory]
[perfmon://Network_Utilization]
[perfmon://TCPv4]
[perfmon://TCPv6]
[perfmon://Disk]
[perfmon://MSExchange_Control_Panel]
[perfmon://MSExchange_Queue_Lengths]
[perfmon://MSExchange_Transport_Dumpster]
[perfmon://MSExchange_Store_Driver]
[perfmon://MSExchange_SmtpReceive]
[perfmon://MSExchange_SmtpSend]
[perfmon://MSExchange_Extensibility_Agents]
####Common Stanzas - End####

####Exchange Server 2010 - Start####
[monitor://C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking]
[script://.\bin\exchangepowershell.cmd v14 read-audit-logs_2010.ps1]
[script://.\bin\exchangepowershell.cmd v14 get-hoststats_2007_2010.ps1]
####Exchange Server 2010 - End####

###From Exchange app/add-on version 3.5.2,support for exchange server 2007 has ended.###
####Exchange Server 2007 - Start####
[monitor://C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\MessageTracking]
[script://.\bin\exchangepowershell.cmd v8.0 get-hoststats_2007_2010.ps1]
####Exchange Server 2007 - End####

For the admin audit log data collection, the PowerShell script saves the checkpoint (date) when this data was previously collected. Saving this checkpoint creates and uses splunk-msexchange-auditfile.clixml, which uses %TEMP% as a location and C:\Windows\Temp as a path for the NT Authority\SYSTEM account.

Last modified on 28 July, 2022
PREVIOUS
Overview of TA-Exchange-HubTransport
  NEXT
Configure TA-Exchange-HubTransport

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters