I have LOGbinder for Exchange installed on my on-prem Exchange server and configured to direct the audit XML files to my personal mailbox (for now). I am seeing the logs come through in mass on a regular basis and they get shuffled off to my "Deleted" folder quite quickly. So I gather that LOGbinder is doing as expected. What I'm looking to do now is integrate what LOGbinder for Exchange is doing with my Splunk install on a separate server in our domain. I have Supercharger and Splunk installed on a single server separate from our Exchange install and need some direction on getting the logs & events pushed up into Splunk. I've tried finding documentation and following the tutorial video here, but I can't seem to connect the two. Below are screenshots of my LOGbinder for Exchange setup.  Default Mailbox Audit Policy  LOGbinder EX Event Log Setup  Syslog Generic (File) Setup
|