Hello,
My Splunk is no longer ingesting emails from our O365 email account anymore. I was not the person to set this up and need assistance in troubleshooting. Can anyone provide assistance/guidance.
There is also an error that is showing in regards to the KvStore "KV Store process terminated abnormally (exit code 14, status exited with code 14).", which I'm not sure is related or not. We have a search head cluster setup with 2 indexers that are not clustered.
Hi,
To resolve the issue find the HF in your environment then
And there will be a enable and disable option . First disable the inputs and enable it back again.
There is nothing to do with the https://splunkbase.splunk.com/app/1739 Splunk app. The log collection will be happen with the help of addon.
If you are collecting logs from O365 app. Then try disable the inputs and enable it back again in HF.
How exactly would I do that?... Would I just rename it to something else, then restart Splunk service?
Would it be the inputs.conf file located at this location? S:\Program Files\Splunk\etc\apps\splunk_ta_o365\local
Also, I have a suspicion we could have been using this application as well
https://splunkbase.splunk.com/app/1739 (IMAP Mailbox)