All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is the IMAPMailbox Mail not indexing?

ccsfdave
Builder
‎02-28-2018 01:48 PM

I am looking for some help figuring out why the mail is not indexing.

When I run /opt/splunk/bin/splunk cmd python bin/get_imap_email.py –debug at the very end, I see the test email I sent into that mailbox:

DEBUG:splunk.rest:simpleRequest < server responded status=200 responseTime=0.0098s
DEBUG:splunk.search:getStatus - elapsed=0.00991606712341 nextRetry=0.0500000078002
DEBUG:root:
DEBUG:root: mailbox was empty
DEBUG:splunk.search:Executing action=cancel on job id=1519852592.75
DEBUG:splunk.rest:simpleRequest > POST https://localhost:8089/services/search/jobs/1519852592.75/control [action=cancel] sessionSource=direct timeout=30
DEBUG:splunk.rest:simpleRequest < server responded status=200 responseTime=0.0071s
DEBUG:root:using last time of
\*\*\*SPLUNK\*\*\* source=Inbox sourcetype=imap host=outlook.office365.com
EndIMAPMessage
DEBUG:root:about to get all mail up to counter :1
DEBUG:root:about so imap search with : (UNDELETED 1:201)
DEBUG:root:returned from search with 1ids
DEBUG:root:id return from search : ['1']
Date = "28-Feb-2018 12:58:23 -0800"
From = "Mouse, Mickey (DIS) mickey.mouse@domain.tld" 
To = "Mailbox, IMAP (DIS) imapmailbox@domain.tld" 
Subject = "test" mailbox = "Inbox" size = 12867

____________________  Message Body  ____________________
html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microso…

So from the CLI, it seems to eventually pull the email but the index is not seeing it. Even the index=* search doesn’t find the mail. Do you have any other suggestions?

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ccsfdave
Builder
‎02-28-2018 07:15 PM

Well, once I got to the above configuration and confirmation via CLI, it was just a matter of changing the inputs.conf to reflect the architecture of my splunk instance not the mail server - as I originally thought.

Thanks to pj@dysan.net for helping me via email.  (I only mention because the email was referenced in the README and on BASE and I want to both give props and denote that the email address is monitored

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ccsfdave
Builder
‎02-28-2018 07:15 PM

Well, once I got to the above configuration and confirmation via CLI, it was just a matter of changing the inputs.conf to reflect the architecture of my splunk instance not the mail server - as I originally thought.

Thanks to pj@dysan.net for helping me via email.  (I only mention because the email was referenced in the README and on BASE and I want to both give props and denote that the email address is monitored
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...