Confirm and troubleshoot Exchange data collection

Check the indexer for data

After you configure and deploy the Splunk Add-ons for Microsoft Exchange into your Exchange deployment clients, check the indexer/deployment server to see that data has arrived.

1. In the system bar, click Apps > Search & Reporting. Splunk Enterprise loads the Search & Reporting app.
2. Click Data Summary. Splunk brings up the data summary page with the "Hosts" tab active.
3. Scan through the list of host names for the name of your Exchange deployment client.
   
   • If you do not see the deployment client host name, then there is a communication problem between the client and the indexer. Confirm that:
     • You have properly configured receiving on the indexer.
     • You have properly configured the "send to indexer" app to forward data to the indexer.
     • No network issue exists between the deployment client and the indexer.
4. Click the host name in the list. A search window appears and displays all events associated with the deployment client host name.
5. Search through the data to see that all of the events you configured in the Splunk Add-on for Windows DNS have been sent to the indexer. See Sample Exchange searches and dashboards.
   
   • If you do not see the events you expect, try these steps:
     • Confirm that you have placed the add-on in the deployment apps directory and reloaded the deployment server.
     • Confirm that the deployment client does not have errors attempting to collect the data.
     • More troubleshooting steps are available in the Splunk Troubleshooting manual.

Next Step

You have configured and deployed the Splunk Add-on for Microsoft Exchange to your Exchange deployment clients. This now means that Exchange data is present on your Splunk App for Microsoft Exchange indexer. This is the last piece of the data puzzle. The next step is to complete setup by finishing a few more required tasks.

Install the Splunk App for Microsoft Exchange on the search head