Splunk® Supported Add-ons

Splunk Add-on for Microsoft Exchange

TA-Exchange-ClientAccess inputs

The TA-Exchange-ClientAccess add-on collects performance and Windows host monitoring data from Windows hosts that run Exchange Server and hold the Client Access Server role. See Configure TA-Exchange-ClientAccess to learn how to configure the add-on for your version of Exchange Server prior to deploying it to Exchange Server hosts.

The add-on includes the following data inputs:

Common data inputs

[WinHostMon://Processes]
[WinHostMon://Services]
[perfmon://Total_Processor_Time]
[perfmon://Processor]
[perfmon://System]
[perfmon://Available_Memory]
[perfmon://Memory]
[perfmon://DotNET_CLR_Memory]
[perfmon://Network_Utilization]
[perfmon://TCPv4]
[perfmon://TCPv6]
[perfmon://MSExchange_Control_Panel]
[perfmon://MSExchangePop3]
[perfmon://MSExchangeImap4]
[perfmon://MSExchange_Availability_Service]
[perfmon://MSExchange_FDS_OAB]
[perfmon://MSExchangeAutodiscover]
[perfmon://MSExchangeWS]
[perfmon://Web_Service]

Exchange Server 2010 data inputs (Not supported)

[perfmon://OWA_2010]
[perfmon://ActiveSync_2010]
[perfmon://MSExchange_Throttling_2010]
[monitor://C:\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access]
[script://.\bin\exchangepowershell.cmd v14 get-hoststats_2007_2010.ps1]
[script://.\bin\exchangepowershell.cmd v14 get-throttling-policies_2010_2013.ps1]
[script://.\bin\exchangepowershell.cmd v14 read-audit-logs_2010_2013.ps1]

Exchange Server 2013, 2016, and 2019 data inputs

[perfmon://MSExchange_Throttling_2013]
[perfmon://MSExchange_Authentication]
[perfmon://MSExchange_SmtpReceive]
[perfmon://MSExchange_SmtpSend]
[monitor://C:\Program Files\Microsoft\Exchange Server\V15\Logging\RPC Client Access]
[script://.\bin\exchangepowershell.cmd v15 get-hoststats_2013.ps1]
[script://.\bin\exchangepowershell.cmd v15 get-throttling-policies_2010_2013.ps1]
[script://.\bin\exchangepowershell_clientaccess2016.cmd v15 read-audit-logs_2016.ps1]

For the admin audit log data collection, the PowerShell script saves the checkpoint (date) when this data was previously collected. Saving this checkpoint creates and uses splunk-msexchange-auditfile.clixml, which uses %TEMP% as a location and C:\Windows\Temp as a path for the user account that SplunkForwarder services is running.

Last modified on 16 July, 2024
Overview of TA-Exchange-ClientAccess   Configure TA-Exchange-ClientAccess

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters