When trying to pull AdminAudit logs from Exchange to Splunk we are only receiving the following log (Which is divided to 2 logs):
WARNING: An unexpected error has occurred and a Watson dump is being generated: Object reference not set to an instance
of an object.
Can please someone explain how to resolve this issue and get proper admin audit logs from exchange?
Did you setup the splunk service in windows to run as a domain service account on the exchange server?
If yes, then assign that domain user account the relevant role within exchange server.