Splunk® App for Microsoft Exchange (EOL)

Deploy and Use the Splunk App for Microsoft Exchange

On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of Splunk® App for Microsoft Exchange (EOL). For documentation on the most recent version, go to the latest release.

Confirm and troubleshoot AD data collection

Note: If you are using TA-Windows version 6.0.0 or later then you don't need TA_AD and TA_DNS, as they are merged with TA-Windows. To configure TA-Windows v6.0.0, Please refer to Deploy and configure the Splunk Add-on for Windows version 6.0.0 or later.

Check the indexer for data

After you configure and deploy the Splunk Add-on for Microsoft Active Directory into your domain controller deployment client, check the deployment server to see that data has arrived.

  1. In the system bar, click Apps > Search & Reporting. Splunk Enterprise loads the Search & Reporting app.
  2. Click Data Summary. Splunk brings up the data summary page with the "Hosts" tab active.
  3. Scan through the list of host names for the name of your domain controller deployment client.
    • If you do not see the deployment client host name, then there is a problem occurring between the client at the indexer. Confirm that:
      • You have properly configured receiving on the indexer.
      • You have properly configured the "send to indexer" app to forward data to the indexer.
      • No network issue exists between the deployment client and the indexer.
  4. Click the host name in the list. Splunk Enterprise brings up a search window that displays all events associated with the deployment client host name.
  5. Search through the data to see that Active Directory data has been sent to the indexer. See Sample Active Directory searches and dashboards for a list of example searches.
    • If you do not see the events you expect, try these steps:
      • Confirm that you have placed the add-on in the deployment apps directory and reloaded the deployment server.
      • Confirm that the deployment client does not have errors attempting to collect the data.
      • More troubleshooting steps are available in the Splunk Troubleshooting manual.

Next Step

You have configured and deployed the Splunk Add-on for Microsoft Active Directory to your domain controller deployment clients. This now means that Active Directory data is present on your Splunk App for Microsoft Exchange indexer.

Get Domain Name Service DNS data in: Configure Windows Domain Name Server

Last modified on 18 October, 2019
Deploy the Splunk Add-on for Microsoft Active Directory   Sample searches and dashboards

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 4.0.0, 4.0.1, 4.0.2, 4.0.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters