I have used
IMAP App
to receive email on Splunk and connect to exchange server.
I have used
IMAP App
to receive email on Splunk and connect to exchange server.
A while ago I did something similar but not related to Splunk. But the idea is the same.
A script is scheduled to run on the interval of your choice via chron. It retrieves e-mails and saves them out as a text file or whatever. I used PERL and the IMAP client MUTT. (http://www.mutt.org)
-j
Still doesn't know how to receive email on splunk ?! Anyidea or steps
Still doesn't know how to receive email on splunk ?! Anyidea or steps
If by 'another server' you mean a remote mailserver it's pretty easy.
You can also use the 'sendemail' command which you would append to the end of your saved search along with the server settings. This method is not so much an 'alert' though and you don't have access to the alert settings as far as I know.
Example:
sourcetype=blah "keyword" | sendmail to="youremail@..." server="192.168.." etc. etc.
ahh my bad. I read too quickly.
This is how you send email from splunk and alert , what i need is receiving email on splunk and index the data received
for this purpose we have IMAP app.