What a Splunk App for Microsoft Exchange deployment looks like
This topic discusses the overall architecture of a Splunk App for Microsoft Exchange deployment.
Overview
At a minimum, the Splunk App for Microsoft Exchange is made up of a "central" Splunk instance (containing the index and running Splunk Web that users will access to view the app) and some number of universal forwarders--one for each Exchange server you want to include in the deployment.
Each of the universal forwarders is configured with a Splunk for Microsoft Exchange technology add-on that collects the data for the Exchange server role(s) performed by the Exchange server it is running on. This data is forwarded to the central Splunk instance that is running the app.
About the Splunk for Microsoft Exchange technology add-ons
New for version 1.1 of the Splunk App for Microsoft Exchange, all forwarder application components have been replaced with technology add-ons (TAs).
Each TA is a folder that contains files needed by the Splunk App for Microsoft Exchange to transform data for a specific Exchange server role. The TA is specific to the Splunk App for Microsoft Exchange. Each TA is named according to the Exchange version and server role that it was designed for, and all begin with TA-.
The TAs are located within %SPLUNK_HOME%\etc\apps\Splunk_for_Exchange\appserver\addons.
Example Deployment
| Other deployment considerations | How to deploy the Splunk App for Microsoft Exchange |
This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 1.1, 1.1.1, 1.1.4, 1.1.5, 1.1.6
Download manual
Feedback submitted, thanks!