Splunk® App for Microsoft Exchange

Deploy and Use the Splunk App for Microsoft Exchange

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of MSExchange. Click here for the latest version.
Acrobat logo Download topic as PDF

Install a universal forwarder on each Windows host

Installing and configuring a universal forwarder on each Windows host in your environment is the first step toward getting data into the indexer that you set up earlier.

What is universal forwarder?

The universal forwarder is a version of Splunk Enterprise whose only purpose is to collect data from a host and send it somewhere else. Unlike full Splunk Enterprise, the universal forwarder has extremely limited capability to transform or change the data it collects in any way. This allows for fast collection and dispatching of data with little impact on system and network resources.

In this application, you install universal forwarder on a Windows host to collect the data it contains. You then forward this data to the Splunk indexer, which indexes and stores the data and makes it available for the Splunk App for Microsoft Exchange.

Install universal forwarder

In order to begin the data collection and forwarding process, you must install a universal forwarder on every Windows host that you to send data.

As Microsoft Exchange runs only on Windows, you can only install Windows universal forwarders.

For detailed procedures on installing a universal forwarder on a Windows host, see Install the universal forwarder onto the Windows host in the Universal Forwarder manual.

  1. Confirm that your Windows host meets the minimum requirements for a Splunk universal forwarder installation. See System requirements in the Universal Forwarder manual.
  2. Download the appropriate universal forwarder for your version of Windows.
  3. Double-click the universal forwarder installer to run it.
  4. In the first universal forwarder installer dialog box, check the box to accept the license agreement.
  5. Click Customize Options to customize the installation options.
  6. Click Next to advance through the "Destination Folder" dialog.
  7. Click Next to advance through the "Certificate Information" dialog.
  8. In the "User selection" dialog, make sure "Local System" is selected and click Next
  9. In the "Enable Windows inputs" dialog, make sure no inputs have been enabled (all must be disabled) and click Next.
  10. In the "Specify a Deployment Server" dialog, enter the host name or IP address of the deployment server you just set up in the "Hostname or IP" field and enter "8089" in the second field. Then click Next.
  11. Click Next to advance through the "Receiving Indexer" dialog.
  12. Click Install to accept these configurations and install the universal forwarder.
  13. After installation completes, confirm that the universal forwarder service runs.

You can check the splunkforwarder service in the Services control panel or use a PowerShell window (by going to the %SPLUNK_HOME%\bin directory and typing in .\splunk status).

Next step

You have installed and configured a universal forwarder on at least one Windows machine. Next, you will confirm that deployment server sees the forwarder and add the forwarder to the server class you defined earlier.

Add the universal forwarder to the server class

Last modified on 13 January, 2017
PREVIOUS
Set up a deployment server and create a server class
  NEXT
Add the universal forwarder to the server class

This documentation applies to the following versions of Splunk® App for Microsoft Exchange: 3.4.1


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters