I tried to set up a gmail imap account in windows for splunk to download and index the email data. I followed the same configuration as indicated in
http://splunk-base.splunk.com/answers/2803/imap-app-with-google-mail
and got the following error messsages when running
"splunk cmd python .\etc\apps\imap\bin\getimap.py --debug"
The main error message is " could not log into server: mail.google.com with password provided" but I am pretty sure I provided the correct password and user account, port=993, useSSL = False or True (neither works). Any suggestion on how to debug.
Traceback (most recent call last):
File ".\etc\apps\imap\bin\getimap.py", line 327, in getMail
M = imaplib.IMAP4(self.server,int(self.port))
File "C:\Program Files\Splunk\Python-2.7\Lib\imaplib.py", line 163, in init_
_
self.open(host, port)
File "C:\Program Files\Splunk\Python-2.7\Lib\imaplib.py", line 229, in open
self.sock = socket.create_connection((host, port))
File "C:\Program Files\Splunk\Python-2.7\Lib\socket.py", line 553, in create_c
onnection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
gaierror: [Errno 11004] getaddrinfo failed
None
Traceback (most recent call last):
File ".\etc\apps\imap\bin\getimap.py", line 698, in
parseArgs()
File ".\etc\apps\imap\bin\getimap.py", line 691, in parseArgs
imapProc.getMail()
File ".\etc\apps\imap\bin\getimap.py", line 339, in getMail
raise LoginError('Could not log into server: %s with password provided' % se
lf.server)
__main
ovided
I follow below step then my problem is solved.
I hope this is helpful to someone and save their time because I spent two days to fix this issue.
Log file path:
D:\Program Files\Splunk\var\log\splunk\splunkd.log
=========================
Error: ERROR FrameworkUtils - Incorrect path to script: .\bin\get_imap_email.py. Script must be located inside $SPLUNK_HOME\bin\scripts.
Solution:
Change following settings.
# *nix systems
disabled = true
# windows
disabled = false
D:\Program Files\Splunk\etc\apps\IMAPmailbox\default\inputs.conf
=========================
Error: get_imap_email.py"" '\xef\xbb\xbf\n'
Solution:
Change encoding of following file.
Open file in notepad++ and change encoding UTF-8 if it is diffrent like [UTF-8-BOM]
D:\Program Files\Splunk\etc\apps\IMAPmailbox\local\imap.conf
=========================
Now last step:
D:\Program Files\Splunk\etc\apps\IMAPmailbox\local\imap.conf
Set following setting in this file.
[IMAP Configuration]
deleteWhenDone = False
disabled = False
fullHeaders = False
includeBody = True
noCache = False
server = imap.gmail.com
useSSL = True
user = uruserid
password = urpass
port = 993
includeBody = True
mimeTypes = text/plain
imapSearch = UNDELETED SMALLER 204800
splunkuser = splunkuser
splunkpassword = splunkpassword
timeout = 10
debug = True
#if Required
#splunkHostPath = https://localhost:8089
Note: Check your firewall for port 993
Don't forget restart Splunk after changes
From URL:
http://localhost:8000/en-US/manager/launcher/control
You probable don't need an answer to this anymore, but I had a similar problem. Make sure you have all the necessary settings in imap.conf
Posting this just in case other people (ie like me) find this and get a problem)
These are my settings
[IMAP Configuration]
deleteWhenDone = False
disabled = False
fullHeaders = False
includeBody = True
noCache = False
server = imap.gmail.com
useSSL = True
user = user@gmail.com
folders = all
server = imap.gmail.com
password = password
port = 993
includeBody = True
mimeTypes = text/plain
imapSearch = UNDELETED SMALLER 204800
debug = True
splunkuser = admin
splunkpassword = changme
splunkHostPath = https://pc2082:8089
timeout = 10
(The host path is my computer)