Splunk® Supported Add-ons

Splunk Add-on for Microsoft Exchange

Upgrade the Splunk Add-on for Microsoft Exchange

Step 1. Upgrade the Forwarders

Upgrade the forwarders with the deployment server

Prepare the new Add-ons

  1. Download the Splunk Add-on for Microsoft Exchange from Splunkbase.
  2. Extract the Splunk Add-on for Microsoft Exchange to the deployment apps directory %SPLUNK_HOME%\etc\deployment-apps on the deployment server.
  3. Within each Exchange Add-on directory in the deployment apps directory, create a local directory. For example, in %SPLUNK_HOME%\etc\deployment-apps\TA-Exchange-ClientAccess, create %SPLUNK_HOME%\etc\deployment-apps\TA-Exchange-ClientAccess\local.
  4. For each Exchange add-on, copy the inputs.conf from the default directory of the add-on to the local directory you just created.
  5. For each Exchange add-on, use a text editor to edit the inputs.conf files in the local directory and enable stanzas for the version of Exchange server that you run.
  6. If you have made any customizations to the old set of Exchange add-ons, copy and paste those configurations from the local directory of those add-ons into the local directory of the new Exchange add-ons.

Create server classes, push the new add-ons, and delete old add-ons

  1. On the deployment server, create a server class for each of the new Exchange add-ons.
  2. Assign the add-ons to the appropriate server class. For example, the TA-Exchange-HubTransport add-on should be assigned to the Exchange HubTransport server class.
  3. Assign the Windows Server, Exchange Server, and Active Directory hosts in your Exchange deployment to the appropriate server classes, depending on the roles that they perform. For example, Exchange Server hosts that hold the Hub Transport role should be assigned to the server class that has the TA-Exchange-HubTransport add-on assigned to it.
  4. Delete all of the old add-ons on the deployment server (for example: TA-DomainController-NT5, TA-Exchange-2013-Mailbox).
  5. Use the deployment server to push the new add-ons to all of the hosts in the deployment.
  6. Restart the deployment server.
  7. Restart all forwarders.

Upgrade the forwarders without the deployment server

Perform these steps on all the Exchange servers:

  1. Download the Splunk Add-on for Microsoft Exchange from Splunkbase.
  2. Stop the Splunk forwarder.
  3. Extract the Splunk Add-on for Microsoft Exchange to the apps directory %SPLUNK_HOME%\etc\apps.
  4. Start the Splunk forwarder.

Step 2. Upgrade the indexers

  1. Download the Splunk Add-on for Microsoft Exchange Indexes from Splunkbase and extract its components to the /apps folder for your deployment.
    1. For a non-indexer cluster deployment, extract to $SPLUNK_HOME/etc/apps.
    2. For the indexer-clustering deployments, extract to $SPLUNK_HOME/etc/master-apps.
  2. For indexer-clustering deployments, push the configuration bundle from the cluster master node.
  3. For non-clustered indexers, restart Splunk on each indexer.
  4. Disable maintenance mode on the cluster master node.
Last modified on 28 July, 2022
Release Notes for Splunk Add-ons for Microsoft Exchange   Overview of TA-Exchange-ClientAccess

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters