Content Pack for Microsoft Exchange

Content Pack for Microsoft Exchange

About the Content Pack for Microsoft Exchange

The Content Pack for Microsoft Exchange provides the elements necessary to collect data from the hosts in your Microsoft Exchange server environment. Use the content pack to monitor the health and performance of your Microsoft Exchange environment from Edge and Hub Transport servers to Client Access Servers and the Mailbox Store.

The content pack provides preconfigured services with Key Performance Indicators (KPIs) that monitor critical functions. The content pack also includes a default entity type to help you group and analyze Microsoft Exchange entities.

This image shows an example of a pre-configured view included with the content pack called the Exchange Service Analyzer. This view provides a visual representation of your Exchange services and the dependencies between them.

Content pack features

The Content Pack for Microsoft Exchange is a robust collection of dashboards and their knowledge objects. The dashboards leverage data collected using the Splunk Add-on for Microsoft Exchange.

Services and KPIs

The content pack includes 64 Microsoft Exchange services with over 400 KPIs configured with best practices from Microsoft and the Splunk platform. You can disable or delete any services you don't plan to use.

For a full list of services, see the KPI reference for the Content Pack for Microsoft Exchange.


Entity searches

The content pack includes one (1) entity search. You can enable entity searches manually or through the guided installation experience of the content pack. See Install the Content Pack for Microsoft Exchange for steps to enable entity searches.

Entity Type and Vital Metrics

The content pack includes a custom Microsoft Exchange Host entity type which associates all Microsoft Exchange entities with each other. You can use this association to visualize and troubleshoot Microsoft Exchange entities.

The Microsoft Exchange Host entity type contains a set of vital metrics which describe the overall performance of entities of that type, including average CPU processor time, average network utilization, and average available memory. You can view these metrics on the Entity Health page and drill down further into individual Microsoft Exchange entities.

Service Analyzer

The content pack includes a preconfigured service analyzer view called the Exchange Service Analyzer. This view provides a visual representation of your Microsoft Exchange services and the dependencies between them. You can use this custom view to see the KPIs, entities, and critical episodes associated with a service.

Episode Review

Some services in the content pack are configured to generate notable events when aggregate KPI threshold values reach specific levels. ITSI then aggregates these events into meaningful groups or episodes. Episode Review provides a unified view of all your service-impacting episodes. You can drill down into individual episodes to perform more granular root cause analysis, such as viewing the timeline of an event or examining common fields.

Glass Tables

The content pack includes several Glass Tables dividing services into distinct groups such as mailbox, availability, and performance.

Dashboards

Use the dashboards included in the content pack to perform the following actions:

  • Monitor the performance of all servers throughout your Exchange environment
  • Track messages throughout your messaging environment
  • Monitor client usage, including mobility usage with ActiveSync or Outlook Anywhere
  • Monitor security events, such as virus outbreaks and anomalous logons
  • Track administrative changes to the environment
  • Analyze long-term mail operations trends
  • Plan for capacity expansion
  • Monitor your organization's outbound email sender reputation

For detailed descriptions of each dashboard, see the Dashboard reference for the Content Pack for Microsoft Exchange.

Installation

The Splunk App for Content Packs contains the Content Pack for Microsoft Exchange. The content pack is automatically available once you install the Splunk App for Content Packs. See Install the Splunk App for Content Packs.

Deployment requirements

Use the following table to ensure you are running the correct version of the Content Pack for Microsoft Exchange, ITSI, IT Essentials Work (ITE Work), the Splunk App for Content Packs, and the Splunk Add-on for Microsoft Exchange:

Content Pack for Microsoft Exchange version ITSI version ITE Work version Splunk App for Content Packs version Splunk Add-on for Microsoft Exchange version
1.8.0 4.17.x, 4.18.x, 4.19.x 4.17.x, 4.18.x, 4.19.x 2.2.0 4.0.2 or 4.0.3
1.7.0 4.17.x, 4.18.x, 4.19.x 4.17.x, 4.18.x, 4.19.x 2.1.0 4.0.2 or 4.0.3
1.6.1 4.17.x, 4.18.x, 4.19.x 4.17.x, 4.18.x, 4.19.x 2.0.1 4.0.2 or 4.0.3
1.6.0 4.17.x, 4.18.x, 4.19.x 4.17.x, 4.18.x, 4.19.x 2.0.0 4.0.2 or 4.0.3
1.5.2 4.15.x, 4.16.x, 4.17.x, 4.18.x 4.15.x, 4.16.x, 4.17.x, 4.18.x 1.9.1 4.0.2 or 4.0.3
1.5.1 4.11.3 and higher 4.11.3 and higher 1.6.0 and higher 4.0.2 or 4.0.3
1.5.0 4.9.6 or 4.11.3 and higher 4.9.6 or 4.11.3 and higher 1.5.0 4.0.2 or 4.0.3
1.4.3 4.9.0 and higher 4.9.0 and higher 1.3.0 and 1.4.0 4.0.2

Migrate from the Splunk App for Microsoft Exchange to the Content Pack for Microsoft Exchange

If you are using the Splunk App for Microsoft Exchange, you can migrate to the Content Pack for Microsoft Exchange for enhanced features and functionality.

For detailed steps to migrate to the content pack, see Migrate from the Splunk App for Microsoft Exchange to the Content Pack for Microsoft Exchange.

On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to the Content Pack for Microsoft Exchange.

Additional resources

Last modified on 04 June, 2024
  Release Notes for the Content Pack for Microsoft Exchange

This documentation applies to the following versions of Content Pack for Microsoft Exchange: 1.8.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters