All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

IMAP Mailbox setting Deletewhendone = false and IMAPsearch = Undeleted causes indexed mail to be indexed again

d4rk_sp1d3r
Loves-to-Learn Lots
‎03-03-2020 10:22 PM

Hi.

I configured IMAP mailbox on a distributed setup. The setting is DeleteWhenDone =False and IMAPsearch = UNDELETED. This causes splunk to index the same email every script run. Is there a configuration that i can do for it not to download the same indexed email again? The requirement is not to delete the email from the server DeleteWhenDone = False.

Regards,
Ronald

0 Karma
Reply

d4rk_sp1d3r
Loves-to-Learn Lots
‎03-03-2020 11:29 PM

or is it a normal behavior for it to index the same undeleted email if this is the setting?

0 Karma
Reply
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>

Get Updates on the Splunk Community!