All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Change Index

skottieb
Explorer
‎01-29-2017 08:09 PM

Pretty straight forward questions, is it possible to change the Index of IMAP Mailbox?

Tags (1)
0 Karma
Reply

gokadroid
Motivator
‎01-29-2017 11:45 PM

If by changing the index you want to change it to go to default main index you can definitely follow these steps mentioned in readme

By default, the IMAP app will create a new Splunk index named "mail". This is controlled by:  default/indexes.conf. If you want the IMAP output to go to the default Splunk index:

1. Remove "index = mail" reference in default/inputs.conf
2. Delete the default/index.conf file.
3. Comment out the "definition = index=mail" in default/macros.conf file.
4. Restart the Splunk server.

For any other index except default main index, it might be worth trying below without any guarantee that it will work or not and instructions below are pure assumptions and not recommendations (so try at your own risk 🙂 😞

Try replacing references to mail index with yourNewIndex in the above two config files (and any other conf files where you see a reference of mail index).
Thereafter you can ensure that corresponding directory of index is present under $SPLUNK_HOME\var\lib\splunk\yourNewIndex and restart Splunk server to see if it works out or not.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...