Splunk® App for Microsoft Exchange (EOL)

Splunk App for Microsoft Exchange Reference

Acrobat logo Download manual as PDF


On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of Splunk® App for Microsoft Exchange (EOL). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

MSExchange Messaging data model

The Splunk App for Microsoft Exchange comes with data models that facilitate and improve the efficiency of searches within the app.

The fields and tags in the MSExchange_Messaging data model describe various aspects of Microsoft Exchange operation, such as message tracking, message volume, and number of messages per second.

This data model is designed to improve the performance of the following panels of the Exchange Overview dashboard.

  • Message Volume
  • Message Per Second

Constraints for the Message Tracking event object

The following constraints for the Message Tracking event object identify events as relevant to this data model.

Object name Constraint
Message Tracking eventtype=msexchange-msgtrack

Fields for Message Tracking event objects

The following table lists the extracted and calculated fields for the event objects in the model. Note that it does not include any inherited fields.

Object name Field name Data type Description Example values
Message_Tracking eventtype string Event type of the message Msexchange-msgtrack
Message_Tracking message_id string A message identifier that is assigned by the Exchange Server server that is currently processing the message. A specific message's value of internal-message-id is different in the message tracking log of every server that is involved in the delivery of the message.
Message_Tracking recipient string A multi-valued field containing the list of recipients.
Message_Tracking sender string The e-mail address specified in the Sender: header field, or the From: header field if Sender: is not present. sample@splunk.com
Message_Tracking total_bytes string The number of bytes in the message.
Last modified on 10 April, 2017
PREVIOUS
Microsoft Exchange data model 		 

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.4.2, 3.4.3, 3.4.4, 3.5.0, 3.5.1, 3.5.2, 4.0.0, 4.0.1, 4.0.2, 4.0.3

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters