All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure the IMAP Mailbox app to download mail attachments of an email?

ctaf
Contributor
‎04-12-2016 05:44 AM

Hello,

Does anyone know how to modify the IMAP Mailbox App so that it downloads the attachment of an email and not only the subject/body?
I have some emails that contains text files (CSV for example) and I would like to index them as well.

I checked this old post: https://answers.splunk.com/answers/222827/does-imap-mailbox-support-indexing-of-attachments.html
But it didn't help.

Maybe someone has an idea?

Thanks

Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎04-12-2016 05:34 PM

It can be done, but it's not built in functionality of the imap app. Here's what I suggest / my idea:

 1. Find a python developer.
 2. Give them the get_imap_email.py file from the imap mailboxapps bin folder
 3. ask them to implement a function that retrieves the attachments, short cut here:
 http://stackoverflow.com/questions/6225763/downloading-multiple-attachments-using-imaplib
 4. tell them to put the attachments into /path/to/your/imap/app/folder/(tmp folder you create)
 5. Setup inputs.conf in imap app to look for .csv files in that folder and index them accordingly

Note that images such as logos, facebook icons, and many many other things are "attachments" in email land. They will come in as binary files and will fill your temporary directory. You should ask the python developer to make it so it will only download csv files, or delete all but csv files in the temp folder once downloaded, etc.

 6. Last but not least, pay the developer well for his/her time.

View solution in original post

Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎04-12-2016 05:34 PM

It can be done, but it's not built in functionality of the imap app. Here's what I suggest / my idea:

 1. Find a python developer.
 2. Give them the get_imap_email.py file from the imap mailboxapps bin folder
 3. ask them to implement a function that retrieves the attachments, short cut here:
 http://stackoverflow.com/questions/6225763/downloading-multiple-attachments-using-imaplib
 4. tell them to put the attachments into /path/to/your/imap/app/folder/(tmp folder you create)
 5. Setup inputs.conf in imap app to look for .csv files in that folder and index them accordingly

Note that images such as logos, facebook icons, and many many other things are "attachments" in email land. They will come in as binary files and will fill your temporary directory. You should ask the python developer to make it so it will only download csv files, or delete all but csv files in the temp folder once downloaded, etc.

 6. Last but not least, pay the developer well for his/her time.
Reply
Solved! Jump to solution

ctaf
Contributor
‎04-15-2016 01:21 AM

Hmm Thank you I had this idea but I was thinking that maybe someone had already coded this feature.

0 Karma
Reply
Solved! Jump to solution

arrowecssupport
Communicator
‎05-24-2016 06:15 AM

Did you get anywhere with this?

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...