Turns out that Splunk will read Maildir trees just fine. With some transform magic you can get all the fields to work, as well.
Turns out that Splunk will read Maildir trees just fine. With some transform magic you can get all the fields to work, as well.
hi jtrucks
is this what you are looking for
http://blogs.splunk.com/2011/01/07/splunk-sysadmin-email/
I don't know what the tacotacotaco stuff is for, but perhaps I could point Splunk just at the maildir and see what happens...
So, this is similar, but not quite it as I am thinking of full mail parsing for random email:
http://splunk-base.splunk.com/answers/61093/how-can-i-convert-mailbox-or-maildir-to-splunk