Download and configure the Splunk Add-ons for Microsoft Exchange and prerequisite add-on
The Splunk Add-ons for Microsoft Exchange collect Exchange data. When you deploy the add-ons to your Exchange Server deployment clients, the clients forward Exchange data to the central Splunk App for Microsoft Exchange indexer.
Detailed descriptions of the Splunk Add-ons for Microsoft Exchange
The following table lists the Exchange add-ons and what each add-on provides.
Add-on: | Description: |
---|---|
TA-Exchange-ClientAccess | For hosts that run Exchange Server and hold the Client Access Server role. Supports Exchange Server 2010, 2013, 2016 and 2019. |
TA-Exchange-HubTransport | For hosts that run Exchange Server and hold the Hub Transport server role. Supports Exchange Server 2010. |
TA-Exchange-MailboxStore | For hosts that run Exchange Server and hold the Mailbox Server role. Supports Exchange Server 2010, 2013, 2016 and 2019. |
TA-Windows-Exchange-IIS | For hosts that run Exchange Server 2013 and hold the Client Access Server role |
TA-SMTP-Reputation | E-mail sender reputation, requires a server that has an outbound connection to the Internet |
Download the Splunk Add-ons for Exchange and pre-requisite add-ons
The Splunk Add-ons for Exchange are available on Splunkbase.
- Download the add-on and save it to an accessible place on the deployment server.
- Download the Splunk Add-ons for Microsoft Exchange from Splunkbase.
- Click the download link to begin the download process. You might need to sign in with your Splunk account before the download starts.
- When prompted, choose an accessible location on your deployment server to save the download. Do not attempt to run the download.
- Use an archive utility such as WinZip to unarchive the file to an accessible location.
Configure the Splunk Add-ons for Exchange
New installations
For a new installation, the Splunk Add-ons for Microsoft Exchange must be configured for the version of Exchange Server that you run. See the following topics in Deploy and Use the Splunk Add-ons for Microsoft Exchange for specific configuration instructions:
- Configure TA-Exchange-ClientAccess
- Configure TA-Exchange-HubTransport
- Configure TA-Exchange-Mailbox
- Configure TA-Windows-Exchange-IIS
Install the Splunk Add-on for Microsoft Exchange Indexes on the indexer. This add-on defines all the indexes required for the Exchange App and indexes that are removed from Splunk_TA_windows.
The Deploy and Use the Splunk Add-ons for Microsoft Exchange manual is also a good place to get general background information on the updated add-ons.
If you run into performance issues, see Troubleshoot Splunk App for Microsoft Exchange performance issues.
Existing installations
If you are upgrading from an earlier version of the Splunk App for Microsoft Exchange, then you must first upgrade to version 4.0.2. See How to upgrade the Splunk App for Microsoft Exchange.
Next Step
You have downloaded the Splunk Add-ons for Microsoft Exchange. The next step involves deploying those add-ons into the deployment clients that you install on your Exchange servers.
Configure Exchange servers | Deploy the Splunk Add-on for Microsoft Exchange |
This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.5.2, 4.0.0, 4.0.2, 4.0.3
Feedback submitted, thanks!