Following the successful release of the first Splunk App for Microsoft Exchange back in August 2011 we recently released an updated version. The Splunk App for Microsoft Exchange v1.1 contains over 100 community suggested improvements. The Splunk App for Microsoft Exchange v1.1 allows you to monitor server health, e-mail messages and users across your Microsoft Exchange 2007/2010 infrastructure. It’s available right now for download from Splunkbase.
Here are the top five features we added or improved in the new version.
1. New Feature – Technology Add-on for Blackberry Enterprise Server v5.03
This was a big deal at a lot of our implementations. In the corporate world, Blackberries still rule. You can now find out when a specified user last synchronized his or her email via the Blackberry Enterprise Server right on the user information dashboard. We’ve also added a throughput dashboard specifically for the Blackberry Enterprise Server.
2. New Feature – Service Health Monitoring
Each server has an Exchange PowerShell cmdlet called ‘Test-ServiceHealth’ that when launched, outputs the services that should be running and whether they are running or not. However, to use it, you normally have to run it by hand. By including this information in our health input, you can backtrack to determine exactly when a service died, and then look at other information – performance, windows event logs, etc. – to determine why it died.
3. Updated Feature – Security Dashboards
New Security dashboards show where external logons to OWA and ActiveSync are originating from (courtesy of the Google Maps add-on), and the new Anomalous Logons dashboard that not only tells you about failed logons, but also tells you when users are logging in from multiple countries or regions.
4. New Feature – Auditing the Administrator
If you have an Exchange 2010 infrastructure, then the Exchange service is monitoring what your administrators do on the system – right down to the underlying PowerShell cmdlets that are run by the UI. We allow you to search on anything – host, Administrator name, cmdlet name, and parameters. So, if you’ve ever wanted to know what was done to a particular mailbox, or who was running a particular cmdlet, this is the dashboard for you.
5. Updated Feature – Message Tracking
Message tracking is pushed to the edge of your organization by allowing you to include information from other (non-Microsoft) systems, such as Cisco Ironport or Sendmail Sentrion. This allows you to see if the message in question was quarantined by your anti-virus device, or blocked by your anti-spam device, for instance.
The updated App also incorporates significant community feedback on a range of features, including the following:
- Normalize the way you reference users, messages, clusters, mailboxes and anything else that can have more than one reference. You no longer need to worry about how a user logs in or a message was addressed – it’s all the same to us.
- Support for multi-master clusters. Larger environments have clusters that have three or more member servers, where multiple servers can be the “master” at a given time. We’ve cleaned up the references to clusters so that the information is easier than ever to read.
- The Overview dashboard is now driven by real-time searches, so you can watch the rate at which your systems are processing messages.
- Enhanced summary reporting allows you to see a monthly snapshot of what you Exchange infrastructure is doing and how much space your users are hogging.
- Support for Splunk 4.3, so you can upgrade Splunk to the latest and greatest version.
We had a great set of beta customers for this product. Their diligence in providing concise feedback on their likes and dislikes (plus putting up with the occasional bug and letting me see their systems so the bugs can get fixed) has produced a solid release and well worth the upgrade.
If you run an Exchange infrastructure and haven’t tried Splunk App for Microsoft Exchange yet, try it out. Splunk App for Microsoft Exchange is free and can be downloaded from Splunkbase.