Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Exchange App for Splunk

hiteshkanchan
Communicator
‎08-22-2012 06:30 AM

I have CAS, Hub and MBX logs (Application, System and Event Logs) which I got from a Microsoft Exchange server. Can I directly load it into the Exchange APP of splunk for understannding this data/log?.

If yes, can someone tell me which path can I copy this log into so that I can check the information or get the details from this logs.

Tags (3)
0 Karma
Reply

ahall_splunk
Splunk Employee
Splunk Employee
‎08-22-2012 08:14 AM

The Windows Event Logs contain hardly any of the information required to run the Splunk App for Microsoft Exchange. In addition to Exchange specific logs, such as the IIS logs and Message Tracking logs, the Splunk App for Microsoft Exchange requires access to in-memory data structures that it exposes via Powershell scripts. So, the answer is - unfortunately - no, you cannot just import the Windows Event Logs from an Exchange server and expect the app to work.

Reply

hiteshkanchan
Communicator
‎08-22-2012 11:23 PM

I got the IIS Logs and the Message Tracking Logs as well. Does this help? Can I copy these logs to any location of /etc/apps/Splunk_For_Exchange/ to understand or get information from this log.

Can I not proceed further without Power shell script info?
How does this info look or what extension or type does it have?

0 Karma
Reply

MarioM
Motivator
‎08-22-2012 07:10 AM

I think it might not be as useful and lots of data are from powershell scripts...

All is based on sourcetype you can have a look in the app's TAs inputs.conf:

Splunk_for_Exchange/appserver/addons/TA-*/default/inputs.conf
0 Karma
Reply

hiteshkanchan
Communicator
‎08-22-2012 11:33 PM

My requirement is, I actually want to see if I can make any sense out of the data logs that I got from an Microsoft Exchange. So was checking if I could put this logs(Event Logs + IIS logs + Message Tracking logs) into any log path of Splunk_for_Exchange/... to understand the data. Not sure if I can get data from powershell scripts. Any idea abt the location or type of this data.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...