A while ago I did something similar but not related to Splunk. But the idea is the same.

A script is scheduled to run on the interval of your choice via chron. It retrieves e-mails and saves them out as a text file or whatever. I used PERL and the IMAP client MUTT. (http://www.mutt.org)

1. install command line email client (Mutt)
2. write a script (perl,python,bash etc.) that connects, retrieves messages and saves them out as a text file locally to a folder that Splunk has access to.
3. In splunk create input that watches that folder

-j

Still doesn't know how to receive email on splunk ?! Anyidea or steps

Still doesn't know how to receive email on splunk ?! Anyidea or steps

If by 'another server' you mean a remote mailserver it's pretty easy.

1. Go to 'admin' and click 'system settings'
2. Next click 'email alert settings'
3. Set the appropriate values for your email host, username etc
4. Set the link host so urls in the emails link back to the splunk alert correctly...ie..your splunk server host name
5. Run a search & create an alert
6. In the alert settings give it your email address

You can also use the 'sendemail' command which you would append to the end of your saved search along with the server settings. This method is not so much an 'alert' though and you don't have access to the alert settings as far as I know.

Example:

sourcetype=blah "keyword" | sendmail to="youremail@..." server="192.168.." etc. etc.