What a Splunk App for Microsoft Exchange deployment looks like
This topic discusses the overall architecture of a Splunk App for Microsoft Exchange deployment.
A Splunk App for Microsoft Exchange deployment consists of a Splunk Enterprise instance (that contains the index and runs Splunk Web, and that users access to view the app) and a number of universal forwarders--one for each Exchange, Active Directory, or Windows server you want to include in the deployment.
This manual guides you through the install of nearly all components on one host. This means that:
- The host acts as the indexer to receive incoming data from forwarders.
- The host acts as a deployment server to manage forwarders and deploy apps and configurations.
- The host acts as a search head to host the app and view the incoming data.
Only the universal forwarders in this deployment are on different hosts. This helps reduce confusion on what components need to be installed where.
After you gain an understanding of how the app and its components work, see Size a Splunk App for Microsoft Exchange deployment for information on how to scale your Exchange App deployment for increased performance on larger environments.
How it comes together
The diagram below depicts an example Splunk App for Microsoft Exchange deployment.
In this deployment:
- You set up a Splunk Enterprise instance that acts as the indexer.
- You configure the instance to be a deployment server. The deployment server handles apps, add-ons, and other configurations for universal forwarders that connect to it (deployment clients).
- You install a universal forwarder on each Windows, Exchange, and Active Directory host in your environment. You tell the forwarder to connect to the deployment server.
- You configure the deployment server to install the add-on which collects the appropriate data for the role that server plays in the Exchange deployment. The universal forwarder then sends that data to the indexer.
If you're using TA-Windows version 6.0.0 or later, you don't need TA_AD and TA_DNS. TA_AD and TA_DNS are merged with TA-Windows version 6.0.0.
The next page details the installation of the first piece of your Splunk App for Microsoft Exchange deployment: setting up the indexer that will act as the hub for the entire operation.
What data the Splunk App for Microsoft Exchange collects
How to deploy the Splunk App for Microsoft Exchange
This documentation applies to the following versions of Splunk® App for Microsoft Exchange: 4.0.0, 4.0.1, 4.0.2, 4.0.3