All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

IMAP Mailbox setting Deletewhendone = false and IMAPsearch = Undeleted causes indexed mail to be indexed again

d4rk_sp1d3r
Loves-to-Learn Lots
‎03-03-2020 10:22 PM

Hi.

I configured IMAP mailbox on a distributed setup. The setting is DeleteWhenDone =False and IMAPsearch = UNDELETED. This causes splunk to index the same email every script run. Is there a configuration that i can do for it not to download the same indexed email again? The requirement is not to delete the email from the server DeleteWhenDone = False.

Regards,
Ronald

0 Karma
Reply

d4rk_sp1d3r
Loves-to-Learn Lots
‎03-03-2020 11:29 PM

or is it a normal behavior for it to index the same undeleted email if this is the setting?

0 Karma
Reply
Get Updates on the Splunk Community!

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...