- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: How come my TA-mailclient is not on-boarding l...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have encountered the following problem in configuring my TA-mailclient, help would be very much appreciated regarding ExecProcessor.
The following are the debug logs when running the search:
index=_internal sourcetype=splunkd (component=ModularInputs OR component=ExecProcessor) mail.py
10-08-2018 16:39:36.562 +0800 DEBUG ExecProcessor - cmd='python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py' Not added to run queue
10-08-2018 16:39:36.562 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py" ERROR
10-08-2018 16:39:36.562 +0800 DEBUG ExecProcessor - PipelineSet 0: Destroying ExecedCommandPipe for "python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py" id=88
10-08-2018 16:39:36.561 +0800 DEBUG ExecProcessor - PipelineSet 0: Ran script: python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py, took 0.836022 seconds to run, 0 bytes read 0 events read, exited with code 1
10-08-2018 16:39:36.551 +0800 DEBUG ExecProcessor - PipelineSet 0: Got EOF from "python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py", uniqueId=88
10-08-2018 16:39:35.943 +0800 INFO ExecProcessor - message from "python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py" POP3 debug: +OK User successfully logged on.
10-08-2018 16:39:35.881 +0800 INFO ExecProcessor - message from "python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py" POP3 debug: +OK
10-08-2018 16:39:35.878 +0800 INFO ExecProcessor - message from "python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py" POP3 - Connecting to mailbox as XXXX@XXX.XXX
10-08-2018 16:39:35.725 +0800 DEBUG ExecProcessor - PipelineSet 0: Created new ExecedCommandPipe for "python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py", uniqueId=88
10-08-2018 16:39:35.725 +0800 DEBUG ExecProcessor - Running: python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py on PipelineSet 0
10-08-2018 16:39:35.182 +0800 DEBUG ExecProcessor - cmd='python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py' Added to run queue
10-08-2018 16:39:35.182 +0800 DEBUG ExecProcessor - adding "python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py" to runqueue
10-08-2018 16:39:35.182 +0800 DEBUG ExecProcessor - ExecProcessorSharedState::addToRunQueue() path='python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py' restartTimerIfNeeded=1
10-08-2018 16:38:36.002 +0800 DEBUG ExecProcessor - cmd='python /opt/splunk/etc/apps/TA-mailclient/bin/mail.py' Not added to run queue
It seems the script managed to login as User, but I am unable to get the events from my mailbox.
Looking forward to any help, and also if any other info that i have missed out. Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have noticed that if the email contains a corrupted attachment, the TA scripts will throw an error and any emails after that will not get onboarded.
But once that email with corrupted attachment is deleted from the inbox, the rest of the email will get onboarded.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have noticed that if the email contains a corrupted attachment, the TA scripts will throw an error and any emails after that will not get onboarded.
But once that email with corrupted attachment is deleted from the inbox, the rest of the email will get onboarded.
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
