Solved: Splunk 4.x and Exchange 2010

BastianW · ‎05-13-2011

I´m running Splunk 4.x here and would like to import out flat file MS Exchange eMail tracking files into splunk. BUT it seamed there is no plugin available. Only a old one for splunk 3.x and exchange 2003 can be found.

Has anybody managed to import the eMail tracking files into splunk?

ahall_splunk · ‎08-15-2011

As of today, there is a new app: Splunk App for Microsoft Exchange. This supports import of the Microsoft Exchange 2010 Message Tracking logs

View solution in original post

ahall_splunk · ‎02-09-2012

Check out the documentation on docs.splunk.com - this goes step by step on how to configure the app.

RIADH · ‎02-09-2012

how to configure this app "Splunk for Microsoft Exchange"?
I have already added this addons to my Splunk instance, but I did not get it configured !!!
can any one to help me!!!
please..

ahall_splunk · ‎08-15-2011

As of today, there is a new app: Splunk App for Microsoft Exchange. This supports import of the Microsoft Exchange 2010 Message Tracking logs

gkanapathy · ‎05-14-2011

Exchange 2010 message tracking logs are simply CSV files, and don't require any special plugins for importing into Splunk. I think that the normal "exchange" sourcetype will probably generate a correct CSV field list from the file headers, but if it doesn't, one can be made by just defining the sourcetype:

[exchange2010msgtracking]
DELIMS = ","
FIELDS = date_time,client_ip,client_hostname,server_ip,server_hostname,

And so on...I didn't list out all the fields, but they're listed in the file header anyway.

Splunk 4.x and Exchange 2010

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application