What is the latest reliable way to index email dat...

dm1 · ‎03-07-2022

As the title suggests, I want to index data from Splunk user email account's inbox folder.

Splunk version - 8.2.4

Have already checked out TA-mailclient and IMAP Mailbox addons but none of them work and are unsupported

In the first add-on, no matter how many times I change the attribute disabled to 0 in inputs.conf, it goes back to 1 after a restart. In the second addon, after using the troubleshooting command, I get the following error

File "/opt/splunk/etc/apps/IMAPmailbox/bin/get_imap_email.py", line 104
    self.port = 993
                  ^
TabError: inconsistent use of tabs and spaces in indentation

Hence, can someone please advise how best to achieve this ?

PickleRick · ‎03-08-2022

The IMAP mailbox app seems to have last commit made to it on github 6 years ago or something like that so I would definitely not expect it to work (it is most probably written using python2 so it's no good for a modern splunk installation anyway).

But about the TA-mailclient... well, what can I say? Seems to work for me.

Search your internal index for anything related to TA-mailclient and see if you can get anything from that.

What is the latest reliable way to index email data from inbox folder in Splunk?

index

Linux

other

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...