All Apps and Add-ons

Splunk App for Exchange - Errors

Kendo213
Communicator
  1. I'm having some issues identifying the problems with my Splunk App for Exchange install. For example, under Client Behavior -> Client Activity, OWA and ActiveSync are green, while EWS and Outlook Anywhere have big yellow exclamation points next to them. If I click on EWS I see data, so I know it's at least working. Outlook Anywhere isn't really in use in this test environment, but it would still be nice to know why these errors appear.

This is spamming the event logs: Cmdlet failed. Cmdlet Search-MailboxAuditLog, parameters {Identity=domain.com/User, LogonTypes={Owner, Delegate, Admin}, ShowDetails=True, StartDate=3/29/2013 10:40:46 AM}.

Cmdlet failed. Cmdlet Search-AdminAuditLog, parameters {StartDate=3/25/2013 9:34:54 PM}.

  1. The reputation portion is now working, but dnsbl.solid.net and singlebl.spamgrouper.com are timing out. Is there a way to edit the list of servers the reputation TA tries to hit?

  2. Another issue is the Non-Owner Mailbox Access Report. I've enabled auditing on a test user per the instructions, however it isn't working (No results found). Anyone ran into this?

  3. Distribution Lists Report is returning no information.

Any tips?

0 Karma

andykiely
Path Finder

You will see an exclaimation mark if there is no data coming into the relevant client activity, I dont use outlook anywhere so mine is the same whereas the other three are green.

To edit the list of reputation servers go into:

.\TA-SMTP-Reputation\bin\check_my_reputation.py and make your amends.

Not sure about your question 2 and question 3 I need an answer myself.

Regards

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...