Splunk® App for Microsoft Exchange

Deploy and Use the Splunk Add-ons for Microsoft Exchange

Download manual as PDF

Download topic as PDF

Configure TA-SMTP-Reputation

The Splunk Add-ons for Microsoft Exchange must be configured before you can deploy them to Exchange Server hosts. This is because you must specifically enable support for the version of Exchange Server and Windows Server that you run.

Each add-on within the Splunk Add-ons for Microsoft Exchange package includes an inputs.conf file that has all of the data inputs that are necessary to get Exchange Server data. These inputs are disabled by default.

To get a reputation for a particular VM then the user has to add VM IP in reputation.conf.

Download and unpack the TA-Exchange-SMTP-Reputation add-on

  1. Download the Splunk Add-ons for Microsoft Exchange package from Splunkbase.
  2. Unpack the add-on bundle to an accessible location.

Create and edit inputs.conf

  1. Open a PowerShell window, command prompt, or Explorer window.
  2. Create a local directory within the TA-SMTP-Reputation add-on.
  3. Copy inputs.conf from the TA-SMTP-Reputation\default directory to the TA-SMTP-Reputation\local directory.
  4. Use a text editor such as Notepad to open the TA-SMTP-Reputation\local\inputs.conf file for editing.
  5. Modify the inputs.conf file so that the common data inputs that you run are enabled. Do this by changing disabled = true to disabled = false for all input stanzas<c/ode>. See the example inputs.conf later in this topic.
  6. After you update the inputs.conf file, save it and close it.

Distribute the add-ons

If you do not have a deployment server to distribute apps and add-ons, set one up. A deployment server greatly reduces the overhead in distributing apps and add-ons to hosts. You can make one change on the deployment server and push that change to all universal forwarders in your Splunk App for Microsoft Exchange deployment. The Splunk App for Microsoft Exchange manual uses deployment server extensively in its setup instructions.

  1. Copy the TA-SMTP-Reputation add-on to the %SPLUNK_HOME%\etc\deployment-apps directory on the deployment server.
  2. Push the add-on to all hosts in this server class.

Last modified on 30 April, 2019
PREVIOUS
TA-SMTP-Reputation inputs
  NEXT
Troubleshoot TA-SMTP-Reputation

This documentation applies to the following versions of Splunk® App for Microsoft Exchange: 3.5.2, 4.0.0, 4.0.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters