Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is my Splunk not Ingesting Emails?

dfrench151
Explorer
‎10-13-2022 03:15 PM

Hello,

My Splunk is no longer ingesting emails from our O365 email account anymore. I was not the person to set this up and need assistance in troubleshooting. Can anyone provide assistance/guidance.

 

dfrench151_0-1665699181152.png

 

There is also an error that is showing in regards to the KvStore "KV Store process terminated abnormally (exit code 14, status exited with code 14).", which I'm not sure is related or not. We have a search head cluster setup with 2 indexers that are not clustered.

Labels (1)
Labels
0 Karma
Reply

Vardhan
Contributor
‎10-14-2022 10:05 AM

Hi,

To resolve the issue find the HF in your environment then

  1. Go to the Splunk Web home screen.
  2. Click on Splunk Add-on for Microsoft Office 365 in the left navigation banner.
  3. Click on the Input tab.

And there will be a enable and disable option . First disable the inputs and enable it back again. 

There is nothing to do with the https://splunkbase.splunk.com/app/1739  Splunk app. The log collection will be happen with the help of addon.

0 Karma
Reply

Vardhan
Contributor
‎10-13-2022 09:47 PM

If you are collecting logs from O365 app. Then try disable the inputs  and enable it back again in HF. 

0 Karma
Reply

dfrench151
Explorer
‎10-14-2022 09:28 AM

How exactly would I do that?... Would I just rename it to something else, then restart Splunk service?

Would it be the inputs.conf file located at this location? S:\Program Files\Splunk\etc\apps\splunk_ta_o365\local

 

Also, I have a suspicion we could have been using this application as well

https://splunkbase.splunk.com/app/1739 (IMAP Mailbox)

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...