Alerting

Why is my Splunk not Ingesting Emails?

dfrench151
Explorer

Hello,

My Splunk is no longer ingesting emails from our O365 email account anymore. I was not the person to set this up and need assistance in troubleshooting. Can anyone provide assistance/guidance.

 

dfrench151_0-1665699181152.png

 

There is also an error that is showing in regards to the KvStore "KV Store process terminated abnormally (exit code 14, status exited with code 14).", which I'm not sure is related or not. We have a search head cluster setup with 2 indexers that are not clustered.

Labels (1)
0 Karma

Vardhan
Contributor

Hi,

To resolve the issue find the HF in your environment then

  1. Go to the Splunk Web home screen.
  2. Click on Splunk Add-on for Microsoft Office 365 in the left navigation banner.
  3. Click on the Input tab.

And there will be a enable and disable option . First disable the inputs and enable it back again. 

There is nothing to do with the https://splunkbase.splunk.com/app/1739  Splunk app. The log collection will be happen with the help of addon.

0 Karma

Vardhan
Contributor

If you are collecting logs from O365 app. Then try disable the inputs  and enable it back again in HF. 

0 Karma

dfrench151
Explorer

How exactly would I do that?... Would I just rename it to something else, then restart Splunk service?

Would it be the inputs.conf file located at this location? S:\Program Files\Splunk\etc\apps\splunk_ta_o365\local

 

Also, I have a suspicion we could have been using this application as well

https://splunkbase.splunk.com/app/1739 (IMAP Mailbox)

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...