Splunk® App for Microsoft Exchange (EOL)

Splunk App for Microsoft Exchange Reference

On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of Splunk® App for Microsoft Exchange (EOL). For documentation on the most recent version, go to the latest release.

Message Activity by IP Address

Exch 30 ipaddress.png

This page provides insight into the usage patterns of a single IP address on your Exchange network.

The page has line charts that display message rate (in messages per minute) and message volume (in kilobytes per second).

The page also has "Top Senders", "Top Recipients", "Top Sending Domains" and "Top Receiving Domains". These panels display information about a particular IP address's interactions within the Exchange network. The results that these panels display are specific to the IP address that you specify.

How to use this page

  • To specify an IP address, enter that address in the "IP Address" text box at the top of the page, set an appropriate time period using the time range picker, then click "Search". The Splunk App for Microsoft Exchange updates the page with the selected IP address's message activity.
  • If you click on a node in either of the line charts, the Splunk App for Microsoft Exchange brings up the base search that produced the events at that point in time, along with the events that occurred at that point.
  • To learn about the activity between the IP address and the addresses it exchanged e-mail with most frequently, click the e-mail address in the "Top Senders" or "Top Recipients" lists. The Splunk App for Microsoft Exchange loads the "Message Activity by User" page for the selected e-mail address.
  • To learn about the activity between the IP address and the domains it exchanged e-mail with most frequently, click the domain in the "Top Sending Domains" or "Top Receiving Domains" lists. The Splunk App for Microsoft Exchange loads the "Message Activity by Domain" page for the selected domain.
Last modified on 08 December, 2014
Message Activity by Username   Message Activity by Domain

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters