Splunk® App for Microsoft Exchange (EOL)

Deploy and Use the Splunk App for Microsoft Exchange

On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of Splunk® App for Microsoft Exchange (EOL). For documentation on the most recent version, go to the latest release.

Download and configure the Splunk Add-ons for Active Directory

This topic discusses how to download and configure the Splunk Add-ons for Active Directory and deploy them to your deployment clients so that they forward Active Directory to the Splunk App for Microsoft Exchange indexer.

The Splunk App for Microsoft Exchange download package comes with a suite of add-ons that collect Active Directory data (as well as other data types, that this manual will explain later.) When you deploy the add-ons to your deployment clients, the clients collect Active Directory data and forward it to the central Splunk App for Microsoft Exchange indexers.

More information about the Active Directory add-ons

The following table lists the Active Directory add-ons that come with the Splunk App for Microsoft Exchange, and what each add-on provides.

Add-on: Description:
TA-DomainController-NT5 For Active Directory domain controllers running Windows Server 2003/2003 R2 and earlier
TA-DomainController-NT6 For Active Directory domain controllers running Windows Server 2008/2008 R2 and later
TA-DomainController-2012r2 For Active Directory domain controllers running Windows Server 2012 R2 and later. Requires the Splunk Add-on for PowerShell.

Download the Splunk Add-ons for Active Directory

The Splunk Add-ons for Active Directory come with the Splunk App for Microsoft Exchange installation package. You can download the Splunk App for Microsoft Exchange from Splunk Apps.

Download the app and save it to an accessible place on the deployment server:

1. In a web browser, proceed to the Splunk App for Microsoft Exchange download page.

2. Click the download link to begin the download process.

  • Make sure you download the latest version of the app.
  • You might need to sign in with your Splunk account before the download starts.

3. When prompted, choose an accessible location on your deployment server to save the download. Do not attempt to run the download.

4. Use an archive utility such as WinZip to unarchive the file to an accessible location.

Configure the Splunk Add-ons for Active Directory

The Splunk Add-ons for Active Directory do not require any configuration edits by default. When you deploy them onto the Active Directory domain controllers, they immediately begin collecting data as long as you have configured audit policy.

What's next?

You have downloaded the Splunk App for Microsoft Exchange and located the Splunk Add-ons for Active Directory. The next step involves deploying those add-ons into the deployment clients that you install on your Active Directory domain controllers.

Last modified on 11 December, 2014
Configure PowerShell Execution policy in Active Directory   Deploy the Splunk Add-ons for Active Directory

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters