Splunk® App for Microsoft Exchange (EOL)

Deploy and Use the Splunk App for Microsoft Exchange

Acrobat logo Download manual as PDF

On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
Acrobat logo Download topic as PDF

About the Splunk App for Microsoft Exchange


The Splunk App for Microsoft Exchange gives you visibility into the health and performance of your Microsoft Exchange environment, from Edge and Hub Transport servers to the Client Access servers and the Mailbox Store itself.

The Splunk App for Microsoft Exchange includes components that let you monitor system availability and client activity. It helps you immediately answer the eternal question facing every Exchange admin: "what happened to my email?".

Use the Splunk App for Microsoft Exchange to:

  • Identify infrastructure problems, such as non-running services and load issues
  • Monitor the performance of all servers throughout your Exchange environment
  • Track messages throughout your messaging environment
  • Monitor client usage, including mobility usage via ActiveSync or Outlook Anywhere
  • Monitor security events, such as virus outbreaks and anomalous logons
  • Track administrative changes to the environment
  • Analyze long-term mail operations trends
  • Plan for capacity expansion
  • Monitor your organization's outbound email sender reputation

It also includes modules which allow you to monitor other aspects of your Windows network, including:

  • Microsoft Windows Server (through the separately available Splunk Add-on for Windows)
  • Microsoft Windows Server Active Directory (through the separately available Splunk Add-on for Microsoft Active Directory)

See the Splunk App for Microsoft Exchange platform and hardware requirements before downloading and attempting to install the app. Also, learn what data the app collects.

If you're using TA-Windows version 6.0.0 or later, you don't need TA_AD and TA_DNS. TA_AD and TA_DNS are merged with TA-Windows version 6.0.0.

How does it work?

Splunk universal forwarders gather logs and performance metrics from the following components of your Microsoft Exchange deployment:

  • Edge Transport
  • Hub Transport
  • Client Access Server (CAS)
  • Mailbox Server
  • Windows Server (via the Splunk Add-on for Windows)
  • Active Directory

The universal forwarders send the logs and performance metrics to a central Splunk instance that runs Splunk App for Microsoft Exchange. The app provides reports and dashboards that allow you to review the status of your Exchange mail services.

How do I get it?

The Splunk App for Microsoft Exchange is available as a paid download from Splunkbase.

How do I install it?

The Splunk App for Microsoft Exchange has a revamped installation procedure. See "How to deploy the Splunk App for Microsoft Exchange" to read about it.

Does the app require its own license?

Yes. You must have a license for the app in addition to having a license for Splunk Enterprise.

Splunk App for Microsoft Exchange supports only one license. Do not upload more than one app license to the license master.

How do I upgrade from a previous version?

How you upgrade from previous versions depends on a number of factors. Read How to upgrade the Splunk App for Microsoft Exchange to learn about the various upgrade scenarios for the app.

For information on what's new and what's been fixed from the previous version, as well as any known issues in this version, review the release notes.

Last modified on 06 October, 2021
New to Splunk?

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 4.0.4

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters