IMAP Mailbox setting Deletewhendone = false and IM...

d4rk_sp1d3r · ‎03-03-2020

Hi.

I configured IMAP mailbox on a distributed setup. The setting is DeleteWhenDone =False and IMAPsearch = UNDELETED. This causes splunk to index the same email every script run. Is there a configuration that i can do for it not to download the same indexed email again? The requirement is not to delete the email from the server DeleteWhenDone = False.

Regards,
Ronald

d4rk_sp1d3r · ‎03-03-2020

or is it a normal behavior for it to index the same undeleted email if this is the setting?

IMAP Mailbox setting Deletewhendone = false and IMAPsearch = Undeleted causes indexed mail to be indexed again

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

IMAP Mailbox setting Deletewhendone = false and IMAPsearch = Undeleted causes indexed mail to be indexed again

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >