What a Splunk App for Microsoft Exchange deployment looks like
This topic discusses the overall architecture of a Splunk App for Microsoft Exchange deployment.
Overview
At a minimum, a Splunk App for Microsoft Exchange deployment is made up of a "central" Splunk instance (that contains the index and runs Splunk Web, and that users will access to view the app) and a number of universal forwarders--one for each Exchange server you want to include in the deployment.
The deployment can additionally contain a full Splunk instance configured as a heavy forwarder, with an outbound connection to the Internet, for the SMTP-Reputation technology add-on.
Each of the universal forwarders in the deployment is configured with a Splunk for Microsoft Exchange technology add-on that collects the data for the Exchange server role(s) that the Exchange server performs. The universal forwarder sends that data to the central Splunk App for Microsoft Exchange instance.
About the Splunk for Microsoft Exchange technology add-ons
Each TA is a folder that contains files needed by the Splunk App for Microsoft Exchange to transform data for a specific Exchange server role. The TA is specific to the Splunk App for Microsoft Exchange. Each TA is named according to the Exchange version and server role that it was designed for, and all begin with TA-.
The TAs are located within %SPLUNK_HOME%\etc\apps\Splunk_for_Exchange\appserver\addons.
Example Deployment
| Other deployment considerations | How to deploy the Splunk App for Microsoft Exchange |
This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 2.0, 2.1, 2.1.1, 2.1.2
Download manual
Feedback submitted, thanks!