Splunk® App for Microsoft Exchange

Deploy and Use the Splunk Add-ons for Microsoft Exchange

Acrobat logo Download manual as PDF


On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of MSExchange. Click here for the latest version.
Acrobat logo Download topic as PDF

Configure TA-SMTP-Reputation

The Splunk Add-ons for Microsoft Exchange must be configured before you can deploy them to Exchange Server hosts. This is because you must specifically enable support for the version of Exchange Server and Windows Server that you run.

Each add-on within the Splunk Add-ons for Microsoft Exchange package includes an inputs.conf file that has all of the data inputs that are necessary to get Exchange Server data. These inputs are disabled by default.

To get a reputation for a particular VM then the user has to add VM IP in reputation.conf.

Download and unpack the TA-Exchange-SMTP-Reputation add-on

  1. Download the Splunk Add-ons for Microsoft Exchange package from Splunkbase.
  2. Unpack the add-on bundle to an accessible location.

Create and edit inputs.conf

  1. Open a PowerShell window, command prompt, or Explorer window.
  2. Create a local directory within the TA-SMTP-Reputation add-on.
  3. Copy inputs.conf from the TA-SMTP-Reputation\default directory to the TA-SMTP-Reputation\local directory.
  4. Use a text editor such as Notepad to open the TA-SMTP-Reputation\local\inputs.conf file for editing.
  5. Modify the inputs.conf file so that the common data inputs that you run are enabled. Do this by changing disabled = true to disabled = false for all input stanzas<c/ode>. See the example inputs.conf later in this topic.
  6. After you update the inputs.conf file, save it and close it.

Distribute the add-ons

If you do not have a deployment server to distribute apps and add-ons, set one up. A deployment server greatly reduces the overhead in distributing apps and add-ons to hosts. You can make one change on the deployment server and push that change to all universal forwarders in your Splunk App for Microsoft Exchange deployment. The Splunk App for Microsoft Exchange manual uses deployment server extensively in its setup instructions.

  1. Copy the TA-SMTP-Reputation add-on to the %SPLUNK_HOME%\etc\deployment-apps directory on the deployment server.
  2. Push the add-on to all hosts in this server class.

Last modified on 30 April, 2019
PREVIOUS
TA-SMTP-Reputation inputs
  NEXT
Troubleshoot TA-SMTP-Reputation

This documentation applies to the following versions of Splunk® App for Microsoft Exchange: 3.5.2, 4.0.0, 4.0.1, 4.0.2, 4.0.3


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters