All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

In Splunk App for Microsoft Exchange, do I need to configure DNS and AD in order to get Exchange message data?

nick405060
Motivator
‎11-05-2018 10:39 AM

We recently upgraded to EX16 so we're looking to be able to search EX16 message data ASAP. The documentation for Exchange involves getting Windows, AD, and DNS data, but I don't understand if each of those configurations is actually needed or not.

Basically, I have successfully completed each of the steps except for DNS and AD (I attempted to skip those) and am not getting message data (other exchange data is going into the msexchange index, but no message data) and am wondering if that's because I skipped those steps, or if there's another reason.

http://docs.splunk.com/Documentation/MSExchange/3.5.0/DeployMSX/ConfigureExchangeservers

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nick405060
Motivator
‎12-04-2018 04:40 PM

I opened a support ticket on this: you do NOT need to configure DNS and AD in order to configure Exchange. It's pretty misleading though, because the official guide on setting up Exchange for Splunk is pretty thorough, and definitely makes you think you have to set up DNS and AD in order to set up Exchange.

Been receiving Exchange data for the last few weeks successfully.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

nick405060
Motivator
‎12-04-2018 04:40 PM

I opened a support ticket on this: you do NOT need to configure DNS and AD in order to configure Exchange. It's pretty misleading though, because the official guide on setting up Exchange for Splunk is pretty thorough, and definitely makes you think you have to set up DNS and AD in order to set up Exchange.

Been receiving Exchange data for the last few weeks successfully.

0 Karma
Reply
Solved! Jump to solution

marycordova
SplunkTrust
SplunkTrust
‎11-05-2018 02:57 PM

If you are looking to get message trace data the below Add-on has worked flawlessly for me, it hasn't broken once since I installed it. It allows you to collect message trace data without all the other stuff, so if you don't want AD/DNS you might look at this one.

https://splunkbase.splunk.com/app/3720/

From the docs you linked it looks like to me the App you are using is for "platform health and performance" which I wouldn't necessarily think includes message traces, but, it seems to explicitly state that it does "Track messages throughout your messaging environment" despite there being no configuration details for this.

Perhaps you could open a support ticket to get the docs updated either with instructions or to remove that point if it doesn't in fact support that functionality.

@marycordova
0 Karma
Reply
Solved! Jump to solution

marycordova
SplunkTrust
SplunkTrust
‎11-05-2018 03:09 PM

oh...and then there's this..."You must have a license for the app"...

@marycordova
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...