Exchange App for Splunk

hiteshkanchan · ‎08-22-2012

I have CAS, Hub and MBX logs (Application, System and Event Logs) which I got from a Microsoft Exchange server. Can I directly load it into the Exchange APP of splunk for understannding this data/log?.

If yes, can someone tell me which path can I copy this log into so that I can check the information or get the details from this logs.

ahall_splunk · ‎08-22-2012

The Windows Event Logs contain hardly any of the information required to run the Splunk App for Microsoft Exchange. In addition to Exchange specific logs, such as the IIS logs and Message Tracking logs, the Splunk App for Microsoft Exchange requires access to in-memory data structures that it exposes via Powershell scripts. So, the answer is - unfortunately - no, you cannot just import the Windows Event Logs from an Exchange server and expect the app to work.

hiteshkanchan · ‎08-22-2012

I got the IIS Logs and the Message Tracking Logs as well. Does this help? Can I copy these logs to any location of /etc/apps/Splunk_For_Exchange/ to understand or get information from this log.

Can I not proceed further without Power shell script info?
How does this info look or what extension or type does it have?

MarioM · ‎08-22-2012

I think it might not be as useful and lots of data are from powershell scripts...

All is based on sourcetype you can have a look in the app's TAs inputs.conf:

Splunk_for_Exchange/appserver/addons/TA-*/default/inputs.conf

hiteshkanchan · ‎08-22-2012

My requirement is, I actually want to see if I can make any sense out of the data logs that I got from an Microsoft Exchange. So was checking if I could put this logs(Event Logs + IIS logs + Message Tracking logs) into any log path of Splunk_for_Exchange/... to understand the data. Not sure if I can get data from powershell scripts. Any idea abt the location or type of this data.

Exchange App for Splunk

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life