All Apps and Add-ons

IMAP Mailbox setting Deletewhendone = false and IMAPsearch = Undeleted causes indexed mail to be indexed again



I configured IMAP mailbox on a distributed setup. The setting is DeleteWhenDone =False and IMAPsearch = UNDELETED. This causes splunk to index the same email every script run. Is there a configuration that i can do for it not to download the same indexed email again? The requirement is not to delete the email from the server DeleteWhenDone = False.


0 Karma


or is it a normal behavior for it to index the same undeleted email if this is the setting?

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!