About the Content Pack for Microsoft Exchange
The Content Pack for Microsoft Exchange provides the elements necessary to collect data from the hosts in your Microsoft Exchange server environment. Use the content pack to monitor your Microsoft Exchange services such as database, transport, and performance metrics. The content pack provides preconfigured services with Key Performance Indicators (KPIs) that monitor critical functions. The content pack also includes a default entity type to help you group and analyze Microsoft Exchange entities in your ITSI environment.
Content pack features
The Content Pack for Microsoft Exchange is a robust collection of dashboards and their knowledge objects for you to manage your Microsoft Exchange environment.
Services & KPIs
The content pack includes 64 Microsoft Exchange services with over 400 KPIs configured with best practices from Microsoft and the Splunk platform. You can disable or delete any services you don't plan to use.
For a full list of services, see the KPI reference for the Content Pack for Microsoft Exchange.
Entity Type and Vital Metrics
The content pack includes a custom Microsoft Exchange Host entity type which associates all Microsoft Exchange entities with each other. You can use this association to visualize and troubleshoot Microsoft Exchange entities.
The Microsoft Exchange Host entity type contains a set of vital metrics which describe the overall performance of entities of that type, including average CPU processor time, average network utilization, and average available memory. You can view these metrics on the Entity Health page and drill down further into individual Microsoft Exchange entities.
The content pack includes a preconfigured Service Analyzer view called Exchange Service Analyzer, which provides a visual representation of your Microsoft Exchange services and the dependencies between them. You can use this custom view to see the KPIs, entities, and critical episodes associated with a service.
Some services in the content pack are configured to generate notable events when aggregate KPI threshold values reach specific levels. ITSI then aggregates these events into meaningful groups or episodes. Episode Review provides a unified view of all your service-impacting episodes. You can drill down into individual episodes to perform more granular root cause analysis, such as viewing the timeline of an event or examining common fields.
The content pack includes several glass tables dividing services into distinct groups such as mailbox, availability, and performance.
Use the dashboards included in the content pack to perform the following actions:
- Monitor the performance of all servers throughout your Exchange environment
- Track messages throughout your messaging environment
- Monitor client usage, including mobility usage with ActiveSync or Outlook Anywhere
- Monitor security events, such as virus outbreaks and anomalous logons
- Track administrative changes to the environment
- Analyze long-term mail operations trends
- Plan for capacity expansion
- Monitor your organization's outbound email sender reputation
For detailed descriptions of each dashboard, see the Dashboard reference for the Content Pack for Microsoft Exchange.
The Content Pack for Microsoft Exchange and the Splunk App for Microsoft Exchange contain identical knowledge objects that cause a conflict when installed on the same search head deployment. To avoid conflict, don't install both apps on the same search head.
Migrate from the Splunk App for Microsoft Exchange to the Content Pack for Microsoft Exchange
If you are using Splunk App for Microsoft Exchange, you can migrate to the Content Pack for Microsoft Exchange for enhanced features and functionality. Refer to the following table to compare the features of the app versus the content pack:
|Feature||Splunk App for Microsoft Exchange||Splunk Content Pack for Microsoft Exchange|
|Installation and Configuration||Manual||Automatic with Splunk App for Content Packs|
|Built-in Microsoft Best Practices||No||Yes|
For detailed steps to migrate to the content pack, see Migrate from Splunk App for Microsoft Exchange to the Content Pack for Microsoft Exchange.
You can install the Content Pack for Microsoft Exchange after installing the Splunk App for Content Packs. Install the content pack on the same search head where you installed ITSI or IT Essentials Work. For installation instructions, see Install and configure the Content Pack for Microsoft Exchange.
Use the following table to ensure you are running the correct version of the Content Pack for Microsoft Exchange, ITSI, IT Essentials Work, the Splunk App for Content Packs, and the Splunk Add-on for Microsoft Exchange:
|Content pack version||ITSI version||IT Essentials Work version||Splunk App for Content Packs version||Splunk Add-on for Microsoft Exchange|
|1.4.3||4.9.0 and higher||4.9.0 and higher||1.3.0||4.0.2|
KPI reference for the Content Pack for Microsoft 365
Release notes for the Content Pack for Microsoft Exchange
This documentation applies to the following versions of Splunk® Content Packs for ITSI and IT Essentials Work: current