What is the latest reliable way to index email dat...

dm1 · ‎03-07-2022

As the title suggests, I want to index data from Splunk user email account's inbox folder.

Splunk version - 8.2.4

Have already checked out TA-mailclient and IMAP Mailbox addons but none of them work and are unsupported

In the first add-on, no matter how many times I change the attribute disabled to 0 in inputs.conf, it goes back to 1 after a restart. In the second addon, after using the troubleshooting command, I get the following error

File "/opt/splunk/etc/apps/IMAPmailbox/bin/get_imap_email.py", line 104
    self.port = 993
                  ^
TabError: inconsistent use of tabs and spaces in indentation

Hence, can someone please advise how best to achieve this ?

PickleRick · ‎03-08-2022

The IMAP mailbox app seems to have last commit made to it on github 6 years ago or something like that so I would definitely not expect it to work (it is most probably written using python2 so it's no good for a modern splunk installation anyway).

But about the TA-mailclient... well, what can I say? Seems to work for me.

Search your internal index for anything related to TA-mailclient and see if you can get anything from that.

What is the latest reliable way to index email data from inbox folder in Splunk?

index

Linux

other

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor