I have a working configuration using the following in $Splunk_Home/etc/apps/imap/default/imap.conf

server = imap.gmail.com

user = user@gmail.com

password = mypassword

useSSL = true

port = 993

fullHeaders = False

includeBody = True

mimeTypes = text/plain

folders = all

imapSearch = UNDELETED SMALLER 204800

deleteWhenDone = False

Originally I set this to true

debug = False

noCache = False

splunkuser = admin

splunkpassword = changeme

splunkHostPath = https://blu3fish.local:8089

timeout = 10

Is IMAP enabled in your Gmail account? I'm using Splunk 4.1.4 (build 82143)

Its now indexing my emails!!! But had to do allot of changes for it to work on windows platforms

To solve this ones, i went into the getimap.py file and inserted the values manually in this segment

"def init(self):
# initialize all of the configuration fields with default values that
# will be used on the off chance that they don't appear in imap.ini
self.server = "XXXX

" # this is required
self.user = "XXX" # this is required
self.password = "XXX" # and either this..."
self.folder ="all"

and also changed the port from 143 to 993.

Well trying to figure out why he means by these errors, still no luck

"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" raise ConfigError"

"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" main.ConfigError"

"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" File "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py", line 684, in parseArgs"

"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" imapProc.initFromOptlist(optlist)"

"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" File "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py", line 149, in initFromOptlist"

Now the errors messages that still shows up while searching for "index=_internal error"

"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" Traceback (most recent call last):"

" ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" File "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py", line 698, in "

"ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\imap\bin\getimap.py"" parseArgs()"

ok manage to get progress, search for errors in the "_internal" index
got some interesting,

ERROR ExecProcessor - Ignoring: "./bin/getimap.py"

It was using the wrong script path, disabled it and enabled the right one on manager

Then it gave the error that it was missing the handler actions in the app restmap.conf file, manage to correct that adding this line

"handleractions = create, edit, list, remove"

Finally it indexed about about 1/3 of the e-mails >.< and it seemed to have stopped the indexing at 22/April

have you tried debug = True? May give you more info. (I've never attempted to use this app, just guessing here.)

oh and this shows up has well while that search happens

Specified field(s) missing from results: 'eps'

each time i enter the app, it automatically searchs "index=mail" and it gives out this one of the dash boards panel.

61 messages last 60 minutes over all time (from 4:40:44 PM to 5:40:44 PM on Friday, May 21, 2010)

no clue where he gets those 61 messages, the mail index is at 0

Yeah i tried with outlook 2007, configured the imap account
imap.gmail.com, worked fine in outlook

But i still can´t get it to index the mails with the IMAP app, did everything that the instructions said, and tried combinations, still not working

I would think this should be possible. I've migrated my email account using the gmail IMAP interface a while back, so it does work. BTW, Have you tried connecting with a standard IMAP client? (Such as Outlook, Thunderbird, ....)