Splunk® App for Microsoft Exchange (EOL)

Splunk App for Microsoft Exchange Reference

On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of Splunk® App for Microsoft Exchange (EOL). For documentation on the most recent version, go to the latest release.

Anomalous Logons

Exch 30 anomalouslogons.png

This page displays anomalous logons into the Exchange network, including:

  • Failed logons by IP address.
  • Failed logons by username.
  • A list of users who log in from multiple countries or regions.
  • A list of the top 10 server accesses by locked out users over the last 24 hours.
  • The event codes that Exchange logged when those users attempted to connect to the system.

How to use this page

  • Set the desired time range by choosing the time range picker.
  • Click "Search' to see anomalous logons and other activities that have occurred in the time range you specified.
  • In any of the panels, click a link to see the base search that returned the result you clicked.
Last modified on 08 December, 2014
Administrator Audit   Distribution Lists

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters