|
I have been trying to index all the e-mails from a google mail account using the imap app(http://www.splunk.com/wiki/Apps:Splunk_for_IMAP), but without any success, all it shows when i log into splunk and go to the Mail application it just says .......0 messages last 60 minutes and over all time Below shows my current settings in the imap.conf server = mail.google.com <----tried imap.gmail.com no luck either, tried with another e-mail account and still doesn´t indexes user = XXXXX <----tried with the @gmail.com and without it password = xxxxxxxxxx useSSL = True port = 993 fullHeaders = False includeBody = True mimeTypes = text/plain folders = all <----- tried putting INBOX, removing all, tried Inbox/label name etc, tried inbox.label name imapSearch = UNDELETED SMALLER 204800 <---tried 504800 still no luck deleteWhenDone = False debug = False noCache = True splunkuser = admin splunkpassword = changeme splunkHostPath = http://localhost:8000 <---tried port 8089, https, still not working timeout = 10 I´m using Splunk 4.1.2(79191), the mail account have IMAP activated Can anybody tell me what i´m doing wrong, if its possible to index the mail of a google account?
showing 5 of 12
show 7 more comments ▼
|
|
I have a working configuration using the following in $Splunk_Home/etc/apps/imap/default/imap.conf server = imap.gmail.com user = user@gmail.com password = mypassword useSSL = true port = 993 fullHeaders = False includeBody = True mimeTypes = text/plain folders = all imapSearch = UNDELETED SMALLER 204800 deleteWhenDone = False #Originally I set this to truedebug = False noCache = False splunkuser = admin splunkpassword = changeme splunkHostPath = https://blu3fish.local:8089 timeout = 10 Is IMAP enabled in your Gmail account? I'm using Splunk 4.1.4 (build 82143) |
I would think this should be possible. I've migrated my email account using the gmail IMAP interface a while back, so it does work. BTW, Have you tried connecting with a standard IMAP client? (Such as Outlook, Thunderbird, ....)
Yeah i tried with outlook 2007, configured the imap account imap.gmail.com, worked fine in outlook
But i still can´t get it to index the mails with the IMAP app, did everything that the instructions said, and tried combinations, still not working
each time i enter the app, it automatically searchs "index=mail" and it gives out this one of the dash boards panel.
61 messages last 60 minutes over all time (from 4:40:44 PM to 5:40:44 PM on Friday, May 21, 2010)
no clue where he gets those 61 messages, the mail index is at 0
oh and this shows up has well while that search happens
Specified field(s) missing from results: 'eps'
have you tried
debug = True? May give you more info. (I've never attempted to use this app, just guessing here.)ok manage to get progress, search for errors in the "_internal" index got some interesting,
ERROR ExecProcessor - Ignoring: "./bin/getimap.py"
It was using the wrong script path, disabled it and enabled the right one on manager
Then it gave the error that it was missing the handler actions in the app restmap.conf file, manage to correct that adding this line
"handleractions = create, edit, list, remove"
Finally it indexed about about 1/3 of the e-mails >.< and it seemed to have stopped the indexing at 22/April
Now the errors messages that still shows up while searching for "index=_internal error"
"ERROR ExecProcessor - message from "python "C:Program FilesSplunketcappsimapbingetimap.py"" Traceback (most recent call last):"
" ERROR ExecProcessor - message from "python "C:Program FilesSplunketcappsimapbingetimap.py"" File "C:Program FilesSplunketcappsimapbingetimap.py", line 698, in <module>"
"ERROR ExecProcessor - message from "python "C:Program FilesSplunketcappsimapbingetimap.py"" parseArgs()"
"ERROR ExecProcessor - message from "python "C:Program FilesSplunketcappsimapbingetimap.py"" File "C:Program FilesSplunketcappsimapbingetimap.py", line 684, in parseArgs"
"ERROR ExecProcessor - message from "python "C:Program FilesSplunketcappsimapbingetimap.py"" imapProc.initFromOptlist(optlist)"
"ERROR ExecProcessor - message from "python "C:Program FilesSplunketcappsimapbingetimap.py"" File "C:Program FilesSplunketcappsimapbingetimap.py", line 149, in initFromOptlist"
"ERROR ExecProcessor - message from "python "C:Program FilesSplunketcappsimapbingetimap.py"" raise ConfigError"
"ERROR ExecProcessor - message from "python "C:Program FilesSplunketcappsimapbingetimap.py"" main.ConfigError"
Well trying to figure out why he means by these errors, still no luck
To solve this ones, i went into the getimap.py file and inserted the values manually in this segment
"def init(self): # initialize all of the configuration fields with default values that # will be used on the off chance that they don't appear in imap.ini self.server = "XXXX
" # this is required self.user = "XXX" # this is required self.password = "XXX" # and either this..." self.folder ="all"
and also changed the port from 143 to 993.
Its now indexing my emails!!! But had to do allot of changes for it to work on windows platforms