All Apps and Add-ons

In Splunk App for Microsoft Exchange, do I need to configure DNS and AD in order to get Exchange message data?

nick405060
Motivator

We recently upgraded to EX16 so we're looking to be able to search EX16 message data ASAP. The documentation for Exchange involves getting Windows, AD, and DNS data, but I don't understand if each of those configurations is actually needed or not.

Basically, I have successfully completed each of the steps except for DNS and AD (I attempted to skip those) and am not getting message data (other exchange data is going into the msexchange index, but no message data) and am wondering if that's because I skipped those steps, or if there's another reason.

http://docs.splunk.com/Documentation/MSExchange/3.5.0/DeployMSX/ConfigureExchangeservers

0 Karma
1 Solution

nick405060
Motivator

I opened a support ticket on this: you do NOT need to configure DNS and AD in order to configure Exchange. It's pretty misleading though, because the official guide on setting up Exchange for Splunk is pretty thorough, and definitely makes you think you have to set up DNS and AD in order to set up Exchange.

Been receiving Exchange data for the last few weeks successfully.

View solution in original post

0 Karma

nick405060
Motivator

I opened a support ticket on this: you do NOT need to configure DNS and AD in order to configure Exchange. It's pretty misleading though, because the official guide on setting up Exchange for Splunk is pretty thorough, and definitely makes you think you have to set up DNS and AD in order to set up Exchange.

Been receiving Exchange data for the last few weeks successfully.

0 Karma

marycordova
SplunkTrust
SplunkTrust

If you are looking to get message trace data the below Add-on has worked flawlessly for me, it hasn't broken once since I installed it. It allows you to collect message trace data without all the other stuff, so if you don't want AD/DNS you might look at this one.

https://splunkbase.splunk.com/app/3720/

From the docs you linked it looks like to me the App you are using is for "platform health and performance" which I wouldn't necessarily think includes message traces, but, it seems to explicitly state that it does "Track messages throughout your messaging environment" despite there being no configuration details for this.

Perhaps you could open a support ticket to get the docs updated either with instructions or to remove that point if it doesn't in fact support that functionality.

@marycordova
0 Karma

marycordova
SplunkTrust
SplunkTrust

oh...and then there's this..."You must have a license for the app"...

@marycordova
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...