Platform and hardware requirements
This topic discusses the underlying requirements for running the Splunk App for Microsoft Exchange in production.
Hardware and Operating System requirements
A Splunk App for Microsoft Exchange deployment includes multiple components (described in more detail in "What a Splunk App for Microsoft Exchange deployment looks like" in this manual).
The deployment is generally divided into two separate areas: The central Splunk instance and the other instances of Splunk that send data to this instance.
- For details about supported OSes for Splunk, refer to "System requirements" in the core Splunk product documentation.
Caution: Do not install a full instance of Splunk on a server performing any Exchange server role. Both full Splunk and Exchange have individual system requirements that preclude sharing services on the same computer. You can, however, install universal forwarders onto Exchange servers.
The "central Splunk instance"
The Splunk instance that runs the Splunk App for Microsoft Exchange and indexes the data is known as the "central Splunk instance," and can run on any OS that is currently supported by Splunk.
The hardware requirements for your central Splunk instance depend highly on the volume of data coming from the Exchange server(s) you are monitoring. Your Splunk Sales Engineer can help you estimate how much hardware and license capacity you will need.
- For guidance on scaling your deployment, check out "Capacity planning" in the core Splunk product documentation.
The other Splunk instances
The other Splunk instances collect data from the various Exchange servers and forward it to the central Splunk instance. Since they are not indexing any data, this means that the hardware requirements for these components are less stringent than for the central Splunk instance.
Make sure you download the correct platform and architecture (32- or 64-bit) of Splunk for your hardware.
What versions of Microsoft Exchange are supported?
- Exchange 2007 (requires Windows Server 2003 SP1 or 2003 R2 RTM or later)
- Exchange 2010 SP1 and earlier (requires Windows Server 2008 SP2 or 2008 R2 SP1 or later)
- Exchange 2013 (requires Windows Server 2012 RTM or later)
Caveats
The Splunk App for Microsoft Exchange requires PowerShell management extension support, which is not included with Microsoft Exchange 2010 Service Pack 2 (SP2). Review "Issues with Splunk App for Microsoft Exchange and MS Exchange 2010 SP2" for additional information.
Exchange 2003 is not supported because it does not have the level of logging capabilities that Exchange 2007 and 2010 do. The logging format for Exchange 2003 is also different from later versions of the product.
Exchange 2000 is also not supported.
What versions of Splunk are supported?
The Splunk App for Microsoft Exchange supports the following Splunk versions based on the role that Splunk performs within the deployment:
- On indexers and search heads in the deployment, the app supports Splunk versions 4.2.5 and later.
- The app supports only the following versions of Splunk universal forwarder:
- 4.2.5 and
- 4.3 to 4.3.5 inclusive.
Additional requirements
The Splunk App for Microsoft Exchange v2.0 requires the following additional components:
- Supporting add-on for Active Directory must be installed on the central Splunk instance for this app. You can download the Supporting Add-on for Active Directory from Splunkbase.
- Sideview Utils v1.2.5 or later must be installed on the central Splunk instance for this app. You can download Sideview Utils from Splunkbase.
- Google Maps v1.1 or later must also be installed on the central Splunk instance for this app. You can download Google Maps from Splunkbase.
How to get support and find more information about Splunk | What data the Splunk App for Microsoft Exchange collects |
This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 2.0
Feedback submitted, thanks!