I have CAS, Hub and MBX logs (Application, System and Event Logs) which I got from a Microsoft Exchange server. Can I directly load it into the Exchange APP of splunk for understannding this data/log?.
If yes, can someone tell me which path can I copy this log into so that I can check the information or get the details from this logs.
The Windows Event Logs contain hardly any of the information required to run the Splunk App for Microsoft Exchange. In addition to Exchange specific logs, such as the IIS logs and Message Tracking logs, the Splunk App for Microsoft Exchange requires access to in-memory data structures that it exposes via Powershell scripts. So, the answer is - unfortunately - no, you cannot just import the Windows Event Logs from an Exchange server and expect the app to work.
I got the IIS Logs and the Message Tracking Logs as well. Does this help? Can I copy these logs to any location of /etc/apps/Splunk_For_Exchange/ to understand or get information from this log.
Can I not proceed further without Power shell script info?
How does this info look or what extension or type does it have?
I think it might not be as useful and lots of data are from powershell scripts...
All is based on sourcetype you can have a look in the app's TAs inputs.conf:
My requirement is, I actually want to see if I can make any sense out of the data logs that I got from an Microsoft Exchange. So was checking if I could put this logs(Event Logs + IIS logs + Message Tracking logs) into any log path of Splunk_for_Exchange/... to understand the data. Not sure if I can get data from powershell scripts. Any idea abt the location or type of this data.