Splunk® App for Microsoft Exchange

Deploy and Use the Splunk App for Microsoft Exchange

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of MSExchange. Click here for the latest version.
Acrobat logo Download topic as PDF

Deploy the Splunk Add-on for Windows DNS

The deployment server must be made aware of the Splunk Add-on for Windows DNS before you can deploy it to deployment clients. You do this by placing the add-ons in the deployment apps directory.

This means that, during this part of the setup, you will define a new deployment class at the deployment server to deploy the add-on.

The following table describes the Splunk Add-on for Windows DNS:

Add-on: Description:
Splunk_TA_Microsoft_DNS For DNS servers that run Windows Server 2008/2008 R2 and later

Place the add-ons in the deployment apps directory on the deployment server

  1. Open a command prompt on the deployment server/indexer.
  2. Copy the Splunk Add-on for Windows DNS folders from their current location to the deployment apps directory.
    Copy-Item -Path C:\Downloads\Splunk_TA_Microsoft_DNS -Destination "C:\Program Files\Splunk\etc\deployment-apps -Recurse -Force
  3. Tell the deployment server to reload its deployment configuration.
    cd \Program Files\Splunk\bin
    .\splunk reload deploy-poll
  4. From a web browser, log into Splunk Enterprise on the deployment server.
  5. In the system bar, select Settings > Forwarder Management.
  6. Click the Apps tab. You should see the Splunk_TA_Microsoft_DNS add-on in the list of apps.

Define a new server class for Windows DNS servers

In this procedure, you will define a new server class for Windows DNS servers. In this server class, you will deploy the Splunk_TA_Microsoft_DNS add-on. Later, you will assign this server class to a deployment client that runs DNS Server.

  1. In the "Splunk_TA_Microsoft_DNS" add-on entry in the list, click Edit. The "Edit App: Splunk_TA_Microsoft_DNS" page loads.
  2. Click "+" under "Server Classes".
  3. In the pop-up that appears, click New Server Class.
  4. In the "New Server Class" dialog box that pops up, enter "DNS Servers".
  5. Click Save. Splunk Enterprise saves the class and loads the information page for the server class you just created. Note that it says you have not added any apps or clients yet. This is okay, as you have just created the class.
  6. Click Add apps. Splunk Enterprise loads the "Edit Apps" page.
  7. Locate and click the "TA_DNSServer_NT6" add-on in the "Unselected Apps" pane on the left. The add-on moves to the "Selected Apps" pane on the right.
  8. Click Save. Splunk Enterprise saves the configuration and returns you to the server class information page.

Add DNS server hosts to the server class

If you have not yet installed a universal forwarder on a DNS server that runs Windows Server 2008, do so now, using the instructions in Install a universal forwarder on each Windows host. Then continue with the following steps.

  1. In the server class information page, click Add clients. Splunk Enterprise loads the "Edit clients" page.
  2. In the "Include (whitelist)" field, enter the name of the DNS server.
  3. Click Preview. Splunk Enterprise updates the host list at the bottom and places check marks on the hosts that match what you entered in the "Include (whitelist)" field.
  4. Click Save. Splunk Enterprise adds the host to the server class and deploys the add-on to the deployment client on the DNS host.

Add DNS deployment clients to the "universal forwarder" server class

In the same way that you added the DNS deployment client to the "DNS Servers" server class to deploy the DNS add-on, you should also add the client to the "universal forwarder" server class. This does two things:

  • Deploys the Splunk Add-on for Windows to the DNS server, which enables the client to collect Windows data from the host.
  • Deploys the "send to indexer" app to the DNS deployment client, which enables the client to forward Windows and DNS data to the indexer.

To add the DNS deployment client to the "universal forwarders" server class, follow the instructions at "Add the universal forwarder to the server class."

Next Step

You have now deployed the DNS add-on onto your DNS deployment client. In the future, you can use this procedure to deploy the add-on(s) to additional client(s). Next, you will confirm that DNS data is coming into the indexer from the deployment client.

Confirm and troubleshoot DNS data collection

Last modified on 13 January, 2017
Download and configure the Splunk Add-on for Windows DNS
Confirm and troubleshoot DNS data collection

This documentation applies to the following versions of Splunk® App for Microsoft Exchange: 3.4.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters