About the Splunk Add-on for Microsoft Exchange
The Splunk Add-ons for Microsoft Exchange let you collect Exchange data from the hosts in your Exchange Server environment. The add-ons have been designed to work with the Splunk App for Microsoft Exchange, but are now available as a separate download from Splunkbase. You can use them with the app or to provide knowledge objects for Splunk Enterprise dashboards that you design by yourself.
Get the add-ons
The Splunk Add-ons for Microsoft Exchange are available on Splunkbase.
Install the add-ons
The add-ons require configuration before they can be used. Each add-on must be configured for the version of Exchange Server or Windows Server (for TA-Windows-Exchange-IIS) that you run in your Exchange Server environment. See the "Configure" topics in the chapter for each add-on for installation instructions.
See Where to install Splunk add-ons and Install an add-on in a distributed Splunk Enterprise deployment in the Add-ons Overview manual for more information about deploying the Splunk Add-on for Microsoft Exchange.
Prerequisites
- Ensure that the SplunkForwarder service is running as a domain user account and that the account has Records Management and Organization Management roles assigned.
- Download the Splunk Add-on for Microsoft Exchange Indexes from Splunkbase for required index definitions to store the data.
Add-on package contents
The Splunk Add-ons for Microsoft Exchange come in a bundle and include the following:
The Exchange server versions 2008, 2010, 2013 are all End of Life (EOL). The Add-on is only supported with 2016 and 2019.
TA-Exchange-ClientAccess
This add-on collects Exchange data from Exchange Server hosts that hold the Client Access Server role. See Overview of TA-Exchange-ClientAccess.
TA-Exchange-Mailbox
This add-on collects Exchange data from Exchange Server hosts that hold the Mailbox Store/Mailbox Server roles. See Overview of TA-Exchange-Mailbox.
TA-Windows-Exchange-IIS
This add-on collects Internet Information Server (IIS) data from Exchange Server hosts that hold the Client Access Server role. It must be configured for the version of Windows Server that the Exchange Client Access Server hosts run. See Overview of TA-Windows-Exchange-IIS.
Splunk Add-on for Microsoft Exchange Component Installation Locations
The table below lists what components to install and where to install them:
Add-on | Indexer | Universal Forwarder | Heavy Forwarder |
---|---|---|---|
TA-Exchange-ClientAccess | X | ||
TA-Exchange-Mailbox | X | ||
TA-Windows-Exchange-IIS | X | ||
TA-SMTP-Reputation | X | ||
Splunk Add-on for Microsoft Exchange Indexes | X |
Release Notes for Splunk Add-ons for Microsoft Exchange |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!