Message Activity by IP Address

This page provides insight into the usage patterns of a single IP address on your Exchange network.

The page has line charts that display message rate (in messages per minute) and message volume (in kilobytes per second).

The page also has "Top Senders", "Top Recipients", "Top Sending Domains" and "Top Receiving Domains". These panels display information about a particular IP address's interactions within the Exchange network. The results that these panels display are specific to the IP address that you specify.

How to use this page

• To specify an IP address, enter that address in the "IP Address" text box at the top of the page, set an appropriate time period using the time range picker, then click "Search". The Splunk App for Microsoft Exchange updates the page with the selected IP address's message activity.
• If you click on a node in either of the line charts, the Splunk App for Microsoft Exchange brings up the base search that produced the events at that point in time, along with the events that occurred at that point.
• To learn about the activity between the IP address and the addresses it exchanged e-mail with most frequently, click the e-mail address in the "Top Senders" or "Top Recipients" lists. The Splunk App for Microsoft Exchange loads the "Message Activity by User" page for the selected e-mail address.
• To learn about the activity between the IP address and the domains it exchanged e-mail with most frequently, click the domain in the "Top Sending Domains" or "Top Receiving Domains" lists. The Splunk App for Microsoft Exchange loads the "Message Activity by Domain" page for the selected domain.