Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk 4.x and Exchange 2010

BastianW
Path Finder
‎05-13-2011 10:42 PM

I´m running Splunk 4.x here and would like to import out flat file MS Exchange eMail tracking files into splunk. BUT it seamed there is no plugin available. Only a old one for splunk 3.x and exchange 2003 can be found.

Has anybody managed to import the eMail tracking files into splunk?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ahall_splunk
Splunk Employee
Splunk Employee
‎08-15-2011 11:00 AM

As of today, there is a new app: Splunk App for Microsoft Exchange. This supports import of the Microsoft Exchange 2010 Message Tracking logs

View solution in original post

Reply
Solved! Jump to solution

ahall_splunk
Splunk Employee
Splunk Employee
‎02-09-2012 10:12 AM

Check out the documentation on docs.splunk.com - this goes step by step on how to configure the app.

Reply
Solved! Jump to solution

RIADH
New Member
‎02-09-2012 10:10 AM

how to configure this app "Splunk for Microsoft Exchange"?
I have already added this addons to my Splunk instance, but I did not get it configured !!!
can any one to help me!!!
please..

0 Karma
Reply
Solved! Jump to solution
Solution

ahall_splunk
Splunk Employee
Splunk Employee
‎08-15-2011 11:00 AM

As of today, there is a new app: Splunk App for Microsoft Exchange. This supports import of the Microsoft Exchange 2010 Message Tracking logs

Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎05-14-2011 09:51 AM

Exchange 2010 message tracking logs are simply CSV files, and don't require any special plugins for importing into Splunk. I think that the normal "exchange" sourcetype will probably generate a correct CSV field list from the file headers, but if it doesn't, one can be made by just defining the sourcetype:

[exchange2010msgtracking]
DELIMS = ","
FIELDS = date_time,client_ip,client_hostname,server_ip,server_hostname,

And so on...I didn't list out all the fields, but they're listed in the file header anyway.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...