About the Splunk Add-on for Microsoft Exchange
The Splunk Add-ons for Microsoft Exchange let you collect Exchange data from the hosts in your Exchange Server environment. The add-ons have been designed to work with the Splunk App for Microsoft Exchange, but are now available as a separate download from Splunkbase. You can use them with the app or to provide knowledge objects for Splunk Enterprise dashboards that you design by yourself.
Get the add-ons
The Splunk Add-ons for Microsoft Exchange are available on Splunkbase.
Install the add-ons
The add-ons require configuration before they can be used. Each add-on must be configured for the version of Exchange Server or Windows Server (for TA-Windows-Exchange-IIS) that you run in your Exchange Server environment. See the "Configure" topics in the chapter for each add-on for installation instructions.
See Where to install Splunk add-ons and Install an add-on in a distributed Splunk Enterprise deployment in the Add-ons Overview manual for more information about deploying the Splunk Add-on for Microsoft Exchange.
Prerequisites
- Ensure that the SplunkForwarder service is running as a local system account.
- Download the Splunk Add-on for Microsoft Exchange Indexes from Splunkbase for required index definitions to store the data.
Here's how to run the SplunkForwarder service as a local system account:
- Navigate to Services.
- Right click SplunkForwarder Service.
- Click Properties.
- Navigate to the Log On tab.
- Select Local System Account.
- Click Apply.
- Restart the SplunkForwarder service.
Add-on package contents
The Splunk Add-ons for Microsoft Exchange come in a bundle and include the following:
TA-Exchange-ClientAccess
This add-on collects Exchange data from Exchange Server hosts that hold the Client Access Server role. It has support for Exchange Server 2010, 2013, 2016, 2019. See Overview of TA-Exchange-ClientAccess.
TA-Exchange-Mailbox
This add-on collects Exchange data from Exchange Server hosts that hold the Mailbox Store/Mailbox Server roles. It has support for Exchange Server 2010, 2013, 2016, and 2019. See Overview of TA-Exchange-Mailbox.
TA-Exchange-HubTransport
This add-on collects Exchange data from Exchange Server hosts that hold the Hub Transport role. It has support for Exchange Server 2010. Exchange Server versions 2013, 2016 and 2019 do not have this role. See Overview of TA-HubTransport.
TA-Windows-Exchange-IIS
This add-on collects Internet Information Server (IIS) data from Exchange Server hosts that hold the Client Access Server role. It has support for Windows Server2008 R2, 2012 R2, 2016 and 2019 and must be configured for the version of Windows Server that the Exchange Client Access Server hosts run. See Overview of TA-Windows-Exchange-IIS.
Splunk Add-on for Microsoft Exchange Component Installation Locations
The table below lists what components to install and where to install them:
| Add-on | Indexer | Universal Forwarder | Heavy Forwarder |
|---|---|---|---|
| TA-Exchange-ClientAccess | X | ||
| TA-Exchange-HubTransport | X | ||
| TA-Exchange-Mailbox | X | ||
| TA-Windows-Exchange-IIS | X | ||
| TA-SMTP-Reputation | X | ||
| Splunk Add-on for Microsoft Exchange Indexes | X |
If you run into performance issues, see Troubleshoot Splunk App for Microsoft Exchange performance issues.
| Release Notes for Splunk Add-ons for Microsoft Exchange |
This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.5.2, 4.0.0, 4.0.2, 4.0.3
Download manual
Feedback submitted, thanks!