Migrate from the Splunk App for Microsoft Exchange to the Content Pack for Microsoft Exchange
The Content Pack for Microsoft Exchange replicates the dashboards and reports available in the Splunk App for Microsoft Exchange. Users of ITSI version 4.9.0 or higher, or IT Essentials Work version 4.9.0 or higher can migrate from the legacy app to the content pack to take advantage of a consolidated experience. In addition, migrating means you can upgrade all content packs by upgrading the one app, the Splunk App for Content Packs.
Refer to the following table to compare the features of the app versus the content pack:
| Feature | Splunk App for Microsoft Exchange | Splunk Content Pack for Microsoft Exchange |
|---|---|---|
| Installation and Configuration | Manual | Automatic with Splunk App for Content Packs |
| Built-in Microsoft Best Practices | No | Yes |
| Dashboards | 48 | 48 |
| Glass Tables | 0 | 3 |
| KPIs | 22 | 440 |
| Services | 11 | 64 |
On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to the Content Pack for Microsoft Exchange.
If you are currently using the Splunk App for Microsoft Exchange your deployment might look like the following image:
| Exchange forwarder | Indexer | Search head | |
|---|---|---|---|
| Splunk Add-on for Microsoft Exchange | ✓ | ✓ | |
| Splunk Add-on for Windows | ✓ | ✓ | ✓ |
| Splunk App for Microsoft Exchange | ✓ | ||
| Splunk Supporting Add-on for Active Directory | ✓ |
You can review the dashboards included in the Content Pack for Microsoft Exchange before you migrate. See, Dashboard reference for the Content Pack for Microsoft Exchange.
Migration options
You have two options for migrating to the Content Pack for Microsoft Exchange:
- One option is to disable the Splunk App for Microsoft Exchange to use the same environment. This migration option is fastest but results in an interruption of user access to your associated dashboards and knowledge objects.
- Your second option is to configure the Content Pack for Microsoft Exchange in a new environment. Choose this option to avoid an interruption of user access to your associated dashboards and knowledge objects.
If you choose the option of using the same environment, you must disable the Splunk App for Microsoft Exchange before installing the Content Pack for Microsoft Exchange. Both the app and content pack use the same knowledge objects, with the same definitions, and cannot be on the same search head.
Disable the Splunk App for Microsoft Exchange to use the same environment
The first option for migrating from the Splunk App for Microsoft Exchange to the Content Pack for Microsoft Exchange is to disable the Splunk App for Microsoft Exchange to use the same environment. Failure to first disable the Splunk App for Microsoft Exchange can cause knowledge object conflicts.
Disable the legacy app and install the Splunk App for Content Packs
Follow these steps to use your existing Splunk App for Microsoft Exchange environment search heads to install the Content Pack for Microsoft Exchange:
- On all search heads where the Splunk App for Microsoft Exchange is located, go to Apps > Manage Apps.
- Locate the Splunk App for Microsoft Exchange and select Disable. After disabling the app, associated dashboards and knowledge objects won't be accessible, and the knowledge objects won't run or perform any action.
- Install IT Service Intelligence (ITSI) or IT Essentials Work on the same search head with Exchange data according to your type of deployment. Refer to these topics in the Splunk IT Service Intelligence Install and Upgrade Manual:
- Install the Splunk App for Content Packs according to your type of deployment:
After following the previous steps, the deployment looks like the following image:
| Exchange forwarder | Indexer | Search head | |
|---|---|---|---|
| Splunk Add-on for Microsoft Exchange | ✓ | ✓ | |
| Splunk Add-on for Windows | ✓ | ✓ | |
| Splunk App for Microsoft Exchange | Disabled | ||
| ITSI or IT Essentials Work | ✓ | ✓ | |
| Splunk App for Content Packs | ✓ |
Install and configure the content pack
You can now install the content pack and make configurations:
- Make sure that the Exchange data collected using Splunk Add-on for Microsoft Exchange is searchable from the search head where you installed the Splunk App for Content Packs.
- Install and configure the Content Pack for Microsoft Exchange.
Access the dashboards in the content pack
You can now access the dashboards from the content pack:
- In Splunk Web, open ITSI or IT Essentials Work.
- From the main navigation bar choose Dashboards > Dashboards.
- From the list of dashboards, those with the suffix - Microsoft Exchange are from the Content Pack for Microsoft Exchange. Select the dashboard title to open the dashboard.
Configure the Content Pack for Microsoft Exchange in a new environment
The second option for migrating from the Splunk App for Microsoft Exchange to the Content Pack for Microsoft Exchange is to configure the content pack in a new environment.
To configure the content pack in a new environment, create a test environment and perform these steps to set up the Content Pack for Microsoft Exchange:
- After installing the Splunk App for Content Packs, install the content pack in your test environment.
- Once you complete testing the content pack in your test environment, install the content pack in your production environment.
To learn how to install the content pack, see Install and configure the Content Pack for Microsoft Exchange.
| Install and configure the Content Pack for Microsoft Exchange | Use the Content Pack for Microsoft Exchange |
This documentation applies to the following versions of Content Pack for Microsoft Exchange: 1.4.3, 1.5.0
Download manual
Feedback submitted, thanks!