- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Why is the IMAPMailbox Mail not indexing?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am looking for some help figuring out why the mail is not indexing.
When I run /opt/splunk/bin/splunk cmd python bin/get_imap_email.py –debug at the very end, I see the test email I sent into that mailbox:
DEBUG:splunk.rest:simpleRequest < server responded status=200 responseTime=0.0098s
DEBUG:splunk.search:getStatus - elapsed=0.00991606712341 nextRetry=0.0500000078002
DEBUG:root:
DEBUG:root: mailbox was empty
DEBUG:splunk.search:Executing action=cancel on job id=1519852592.75
DEBUG:splunk.rest:simpleRequest > POST https://localhost:8089/services/search/jobs/1519852592.75/control [action=cancel] sessionSource=direct timeout=30
DEBUG:splunk.rest:simpleRequest < server responded status=200 responseTime=0.0071s
DEBUG:root:using last time of
\*\*\*SPLUNK\*\*\* source=Inbox sourcetype=imap host=outlook.office365.com
EndIMAPMessage
DEBUG:root:about to get all mail up to counter :1
DEBUG:root:about so imap search with : (UNDELETED 1:201)
DEBUG:root:returned from search with 1ids
DEBUG:root:id return from search : ['1']
Date = "28-Feb-2018 12:58:23 -0800"
From = "Mouse, Mickey (DIS) mickey.mouse@domain.tld"
To = "Mailbox, IMAP (DIS) imapmailbox@domain.tld"
Subject = "test" mailbox = "Inbox" size = 12867
____________________ Message Body ____________________
html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microso…
So from the CLI, it seems to eventually pull the email but the index is not seeing it. Even the index=* search doesn’t find the mail. Do you have any other suggestions?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, once I got to the above configuration and confirmation via CLI, it was just a matter of changing the inputs.conf to reflect the architecture of my splunk instance not the mail server - as I originally thought.
Thanks to pj@dysan.net for helping me via email. (I only mention because the email was referenced in the README and on BASE and I want to both give props and denote that the email address is monitored
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, once I got to the above configuration and confirmation via CLI, it was just a matter of changing the inputs.conf to reflect the architecture of my splunk instance not the mail server - as I originally thought.
Thanks to pj@dysan.net for helping me via email. (I only mention because the email was referenced in the README and on BASE and I want to both give props and denote that the email address is monitored
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
