I have been trying to index all the e-mails from a google mail account using the imap app(http://www.splunk.com/wiki/Apps:Splunk_for_IMAP), but without any success, all it shows when i log into splunk and go to the Mail application it just says .......0 messages last 60 minutes and over all time
Below shows my current settings in the imap.conf
server = mail.google.com <----tried imap.gmail.com no luck either, tried with another e-mail account and still doesn´t indexes
user = XXXXX <----tried with the @gmail.com and without it
password = xxxxxxxxxx useSSL = True port = 993 fullHeaders = False includeBody = True mimeTypes = text/plain
folders = all <----- tried putting INBOX, removing all, tried Inbox/label name etc, tried inbox.label name
imapSearch = UNDELETED SMALLER 204800 <---tried 504800 still no luck deleteWhenDone = False debug = False noCache = True
splunkuser = admin splunkpassword = changeme
splunkHostPath = http://localhost:8000 <---tried port 8089, https, still not working timeout = 10
I´m using Splunk 4.1.2(79191), the mail account have IMAP activated
Can anybody tell me what i´m doing wrong, if its possible to index the mail of a google account?
Can you provide some more detail on changes you had to make to get it configured?
I have a working configuration using the following in $Splunk_Home/etc/apps/imap/default/imap.conf
server = imap.gmail.com
user = user@gmail.com
password = mypassword
useSSL = true
port = 993
fullHeaders = False
includeBody = True
mimeTypes = text/plain
folders = all
imapSearch = UNDELETED SMALLER 204800
deleteWhenDone = False
debug = False
noCache = False
splunkuser = admin
splunkpassword = changeme
splunkHostPath = https://blu3fish.local:8089
timeout = 10
Is IMAP enabled in your Gmail account? I'm using Splunk 4.1.4 (build 82143)
Its now indexing my emails!!! But had to do allot of changes for it to work on windows platforms
To solve this ones, i went into the getimap.py file and inserted the values manually in this segment
"def init(self):
# initialize all of the configuration fields with default values that
# will be used on the off chance that they don't appear in imap.ini
self.server = "XXXX
" # this is required
self.user = "XXX" # this is required
self.password = "XXX" # and either this..."
self.folder ="all"
and also changed the port from 143 to 993.
Well trying to figure out why he means by these errors, still no luck
"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" raise ConfigError"
"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" main.ConfigError"
"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" File "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py", line 684, in parseArgs"
"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" imapProc.initFromOptlist(optlist)"
"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" File "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py", line 149, in initFromOptlist"
Now the errors messages that still shows up while searching for "index=_internal error"
"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" Traceback (most recent call last):"
" ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" File "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py", line 698, in
"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" parseArgs()"
ok manage to get progress, search for errors in the "_internal" index
got some interesting,
ERROR ExecProcessor - Ignoring: "./bin/getimap.py"
It was using the wrong script path, disabled it and enabled the right one on manager
Then it gave the error that it was missing the handler actions in the app restmap.conf file, manage to correct that adding this line
"handleractions = create, edit, list, remove"
Finally it indexed about about 1/3 of the e-mails >.< and it seemed to have stopped the indexing at 22/April
have you tried debug = True
? May give you more info. (I've never attempted to use this app, just guessing here.)
oh and this shows up has well while that search happens
Specified field(s) missing from results: 'eps'
each time i enter the app, it automatically searchs "index=mail" and it gives out this one of the dash boards panel.
61 messages last 60 minutes over all time (from 4:40:44 PM to 5:40:44 PM on Friday, May 21, 2010)
no clue where he gets those 61 messages, the mail index is at 0
Yeah i tried with outlook 2007, configured the imap account
imap.gmail.com, worked fine in outlook
But i still can´t get it to index the mails with the IMAP app, did everything that the instructions said, and tried combinations, still not working
I would think this should be possible. I've migrated my email account using the gmail IMAP interface a while back, so it does work. BTW, Have you tried connecting with a standard IMAP client? (Such as Outlook, Thunderbird, ....)
Hey,
I'm testing the IMAP in a windows environment and i keep running into this error"main.LoginError: Could not log into server: imap.gmail.com with password provided". I'm using gmail here, can you please tell me in brief the steps you have done in configuring the imap mailbox.? Did you do anything in the python script apart from password encryption to make it work.?