Splunk App for Microsoft Exchange

Service-centric Visibility and Analytics for your Microsoft Exchange Infrastructure and Beyond

Email services are critical to the daily operations of your organization. Any service disruption can be catastrophic-and can damage your company's reputation, impair customer communications and lead to lost orders or worse.

Gain real-time visibility into your email service health and performance across the entire messaging infrastructure, including diverse message delivery components and the supporting infrastructure. Gain comprehensive operational analytics for resource planning, capacity forecasting, security intelligence and user behavior. The Splunk App for Microsoft Exchange helps you to:

  • Easily identify and correlate performance, health and security events using prebuilt dashboards and reports of the entire email service
  • Keep track of user behaviors, identify potential issues or possible bottlenecks--and take proactive measures to prevent them
  • Correlate messaging infrastructure data with disparate data from across the IT infrastructure (Windows, AD, Linux, network devices and more)
  • Scale to handle the largest of email deployments; Splunk software has proven itself in some of the largest Microsoft Exchange based email services

The Splunk App for Microsoft Exchange provides up-to-the-minute information on the health of your Microsoft Exchange environment with proactive end-to-end monitoring across diverse message delivery components, including operating systems, applications, devices and services. It allows you to combine this information with data and insights across the IT infrastructure. The result is a view of the entire service infrastructure, available in a single location, helping you to resolve issues and avoid service degradation and downtime.

The Splunk App for Microsoft Exchange 3.1 introduces Service Analyzer, which brings you comprehensive Microsoft Exchange operational visibility with granular composite health scores across the entire service path. It includes out-of-the-box analysis of critical metrics across 11 Microsoft Exchange service components, giving you instant visibility into which components are affecting your email service health.

 

Use Service Analyzer to gain actionable insights into the health of all your key email delivery components.

Use Service Analyzer to gain actionable insights into the health of all your key email delivery components.

As an app that runs on the Splunk Enterprise platform, the Splunk App for Microsoft Exchange 3.1 delivers a fundamentally different approach for IT. The app provides insights from across the entire messaging infrastructure, including critical dependencies, such as the operating system, supporting applications, devices and services, resulting in a single, infrastructure-wide view of the entire environment. The app proactively highlights problem areas to help administrators resolve issues quickly, minimizing and avoiding service degradation and downtime.

By correlating performance, security and user event information, administrators can identify and resolve non-Microsoft Exchange related issues that can impact the entire messaging service--for example, host OS information or processes that are causing downtime. This approach also allows you to view Microsoft Exchange data in the context of all other ancillary message delivery components, including load-balancers, proxy servers, firewalls and more. This visibility provides benefits like rapid root-cause analysis and reduced support costs.

Service Analyzer - Gain real-time and historical visibility into the health of your entire email service and all its components, with granular composite health scores across the entire service path. Detect service anomalies faster with visibility into the health of 11 service components that affect your email performance. These components include Outlook RPC, OWA, ActiveSync, Transport and SMTP and many more.

Packaged Correlation - quickly troubleshoot and navigate to sources of service degradation. Use swim-lane visualizations and out of-the-box reports to visually correlate and identify the relationships between service performance and the health of service components.

Operations Dashboards - gain up-to-the-minute information on the health of your Microsoft Exchange environment and its supporting infrastructure, such as Windows Server and AD, including service availability, organizational reputation, performance data and administrative reports.

Messaging Tracking - track and troubleshoot message flow with segmentation and load information broken down from the desktop to the gateway.

Client Behavior Monitoring - gain in-depth visibility into how the messaging service is being used. This includes the method of access (device or protocol), operating system, browser, location and mailbox usage statistics. By identifying user trends, administrators can identify potential issues or possible bottlenecks, and take proactive measures to prevent them.

Capacity Planning - gain visibility into messaging volume and the number of users your system is handling over time to help you to plan for growth.

Enterprise Scale - Splunk software can scale to largest email deployments--from organizations with a handful of users to full enterprises with hundreds of thousands of employees.

 

Use Service Analyzer to get deeper insight into each Exchange component performance with all relevant KPIs.

Use Service Analyzer to get deeper insight into each Exchange component performance with all relevant KPIs.

Supported Microsoft Exchange Server Versions

  • Microsoft Exchange Server 2007 (requires Windows Server 2003 SP1 or Server 2003 R2 RTM or later)
  • Microsoft Exchange Server 2010 (requires Windows Server 2008 SP2 or Server 2008 R2 SP1 or later)
  • Microsoft Exchange Server 2013 (requires Windows Server 2012 RTM or later)

Splunk Requirements

  • Splunk Enterprise 6.2 or later
  • All Splunk indexers, search heads and universal forwarders require Splunk Enterprise 6.2 or later
  • The Splunk Add-on for Windows
  • The Splunk Supporting Add-on for Microsoft Windows Active Directory (SA-ldapsearch)

OS Requirements

The Splunk App for Microsoft Exchange and Splunk Enterprise can run on any supported Splunk Enterprise platform. A Splunk universal forwarder must be installed on each Microsoft Exchange server for data collection. For details, refer to the "Deploy Windows universal forwarders" section (in the left column) of our Forwarding Data documentation.

Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and other countries.