Splunk® App for Microsoft Exchange (EOL)

Splunk App for Microsoft Exchange Reference

Acrobat logo Download manual as PDF

On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of MSExchange. Click here for the latest version.
Acrobat logo Download topic as PDF

Administrator Audit

Exch 30 adminaudit.png

This page allows you to search for change events initiated by administrators in your environment. Whenever an admin makes a change to a user, mailbox, database, or other resource on your Exchange servers, Exchange logs this information and the Splunk App for Microsoft Exchange displays it here.

Exchange does not log read events and the Splunk App for Microsoft Exchange does not display them.

This dashboard is only valid on Exchange Server 2010 environments.

How to use this page

  • To begin auditing, enter as much detail as possible into the "Host" "Administrator," "Command," and/or "Parameters" fields above. To specify all of a certain category, use '*' (asterisk).
  • Next, select an appropriate time period using the time range picker, then click "Search." The Splunk App for Microsoft Exchange displays the matching results below.
  • Then, to find out additional information about the activity, click on it in the list. The Splunk App for Microsoft Exchange takes you to the base search that returned the audit.
Last modified on 04 April, 2017
User Counts and Mailbox Sizes
Anomalous Logons

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.4.2, 3.4.3, 3.4.4, 3.5.0, 3.5.1, 3.5.2, 4.0.0, 4.0.1, 4.0.2, 4.0.3

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters