Splunk® App for Microsoft Exchange (EOL)

Splunk App for Microsoft Exchange Reference

On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of Splunk® App for Microsoft Exchange (EOL). For documentation on the most recent version, go to the latest release.

Track a Message

Exch 30 trackmsg.png

This page allows you to find a single message among all messages that have passed through the Exchange system. It then allows you to find all events that concern the message.

How to use this page

  • To begin tracking a message, enter as much detail as possible into the "Sender / From," "Recipient / To," and/or "Message Subject" fields above. To specify all of a certain category, use '*' (asterisk).
  • Next, select an appropriate time period using the time range picker, then click "Search." The Splunk App for Microsoft Exchange displays the matching results below.
  • Then, to track a matching message, click on it in the "Matching Messages" list. The Splunk App for Microsoft Exchange takes you to the "Message Routing" page, where it displays a full trace of the message through the Exchange system in the "Message Trace" panel, based on its message ID.

If you know a message's Message ID, you can enter it into the "Message ID" field on this page, select an appropriate date and time range using the time range picker, and click Search. The Splunk App for Microsoft Exchange displays the trace of the updated message.

If you click on a trace event in the Message Trace panel, the Splunk App for Microsoft Exchange brings up the base search that produced the event.

Last modified on 07 September, 2016
Message Overview   Inbound Messages

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters