IMAPmailbox index returns 0 event

dannili · ‎08-26-2018

Hi all, I have an OUTLOOK email account that receives real-time email notifications on PC backup and I wanna index all these emails into my installed IMAPmailbox APP for data analysis and visualization. But now my index=mail return 0 events. Could someone help me with this?

In my inputs.conf , I only changed unix systems disabled attribute to true and windows one to false. Also, I modified configuration using Splunk UI and checked the imap.conf. These all looks normal.

[IMAP Configuration]
debug = 0
deleteWhenDone = 1
disabled = 0
fullHeaders = 0
includeBody = 1
noCache = 0
port = ****
server = ****p
useSSL = 1
user = *****notification@oworkspace.onmicrosoft.com

Also, not sure if this is related but the inbox of the email account receives 0 emails. All notifications are shown in the Status Report section as the same level of Inbox. They are divided into Success, Failed, Warning and Test.

But still my search returns nothing and I would like to know if extra modifications need to be done for this to wok? Thanks for your help!

*******UPDATE************
just saw this question and the solution was to change 0 and 1 to characters, I just tried but nothing changed. Any other ideas? Also, if the server value is server name but not ip address it's still working right?

reference answer

IMAPmailbox index returns 0 event

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor