icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading TA-mailclient
SHA256 checksum (ta-mailclient_137dev.tgz) c23c3bf829c4a8ad13d20c99c5697c18d9bd30f1d4e7da40beb3c6e95ec57a21 SHA256 checksum (ta-mailclient_136dev.tgz) 5777db26c4c41400f9406534a553272eeffb5139dbaa4d79269b1a541a1acf3d SHA256 checksum (ta-mailclient_135dev.tgz) 7d22f389f5bda072bb7bc6232e9e9e509bf89c8c9d000da971590a29f6cbc36e SHA256 checksum (ta-mailclient_135.tgz) 04cc1621be95288ee0cc90d7a0bd8274fd2b3128908d6e217c82c87780bd64fd SHA256 checksum (ta-mailclient_130.tgz) b20be15cbefa70d1bbc2f352250f80beb1f5ddd2e40f596ac6a49e78302eebfa SHA256 checksum (ta-mailclient_120.tgz) 519f1a40f3162be4645b41e7a37045313a458467486b8c656d3460c6ed2bd93b SHA256 checksum (ta-mailclient_117.tgz) 21c1c0058be45306c2b7f51da2d39828f4ff65f8b7cc3859f62084dc8e267451 SHA256 checksum (ta-mailclient_116.tgz) 46d23a092bcdef1ddd0f3c51fdcbd13334fe1ae67e7c02ee4ed8ac5e84d0567a SHA256 checksum (ta-mailclient_115.tgz) c3e0eb039599f543a6b59e0740233e8840b2b29e1a39bb5313ac43648cfe03fc SHA256 checksum (ta-mailclient_112.tgz) a87af167356d5865e37714e98aa9857785ae2c07c9ef788416bad059d215bb9f SHA256 checksum (ta-mailclient_111.tgz) f2d6b60fd004277de63401ccab2ca0008b823d21a5ecbb27c21b50eca67cec0c SHA256 checksum (ta-mailclient_110.tgz) 2c5b2c3b004f9398b35a76b605cfbf2d4c30261ccada1ede6baedaf93ad384d3 SHA256 checksum (ta-mailclient_103.tgz) 4ed66f64f4fe2f68ee0a10d6dcfef5679e4a7ddac10680076bbf8d337221e63b SHA256 checksum (ta-mailclient_102.tgz) e872b4ad9a531cd326c535921fe64f0bd9639c87ddfeef49dbd5c401c818ec21 SHA256 checksum (ta-mailclient_101.tgz) a4ba83a663dd1c6268be55e9a03def1a6e4adc9c558a42872920803e1ddd05a0 SHA256 checksum (ta-mailclient_10.tgz) 6ce52cd904fa07f56cc2fc2699fdce3210c4e9abd8b8a845d52aa535e255aafe SHA256 checksum (ta-mailclient_050.tgz) afd5aefeb58ff94b2fcf5ed2d22ee2995c77ac2d0201ead1657ea707afa22b53 SHA256 checksum (ta-mailclient_049.tgz) 24a4206158e7e122dea48567ee1c88b03d3ee2b303e55070fb2e760b09e19582 SHA256 checksum (ta-mailclient_048.tgz) 44228212e9e1d62f781f63e6a70f537d58c99433a032178d0922564448cc6a9e SHA256 checksum (ta-mailclient_047.tgz) 93592c5a75dbead0aa197a76bed64342d0d071ec649556a156c1246570c9f104 SHA256 checksum (ta-mailclient_01.tgz) 893493fb8c5d5d9b9260a1b512c36bd90b07062f55f11b464d5084c66aba9532
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

TA-mailclient

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
The TA-mailclient add-on fetches emails for Splunk to index from mailboxes using either POP3 or IMAP, with or without SSL.

Table of Contents

OVERVIEW

  • About the TA-mailclient
  • Release notes
    • About this release
    • New features
    • To Do
    • Known issues
    • Third-party software attributions
    • Older Releases
  • Support and resources

INSTALLATION AND CONFIGURATION

  • Hardware and software requirements
  • Splunk Enterprise system requirements
  • Download
  • Installation steps
    • Deploy to single server instance
    • Deploy to distributed deployment
    • Deploy to Splunk Cloud
    • Configure TA-mailclient
      • Parameters
  • Upgrade
  • Copyright & License

USER GUIDE

  • Data types
  • Troubleshooting
  • Diagnostic & Debug Logs

OVERVIEW

About the TA-mailclient

Author Oluwaseun Remi-Omosowon
App Version 1.3.0
Vendor Products
  • poplib
  • imaplib
  • SDK for Python 1.6.2

The TA-mailclient add-on fetches emails for Splunk to index from mailboxes
using either POP3 or IMAP, with or without SSL.

The modular input also stores takes the password from inputs.conf in plain text,
and replaces it with a place holder, while storing it encrypted within Splunk.
This is built using the Splunk SDK for Python, should work on any Splunk
installation with Python available including SHC.
Passwords should also get replicated between search heard peer members.

This only fetches emails form the 'inbox' folder.
A future upgrade might include support for additional mailbox directories.

Be sure to set the interval to run this as frequently as required.

It supports all 'text/*' content types and several well known scripts (.bat, .js, .sh) detailed below:

'application/xml'
'application/xhtml'
'application/x-sh'
'application/x-csh',
'application/javascript'
'application/bat'
'application/x-bat'
'application/x-msdos-program'
'application/textedit'

Images, videos and executables are not indexed.

Scripts and binaries

Includes:
- Splunk SDK for Python (1.6.2)
- mail_lib - supports the calculation of vincenty distances which is used by default
- constants.py - A number of constants / defaults used throughout the mail_lib module.
- mail_common.py - Shared functions used to parse emails and attachments
- exceptions raised by functions used in the mail_lib module.

Release notes

About this release

Version 1.3.0 of the TA-mailclient is compatible with:

Splunk Enterprise versions 6.x
CIM Not Applicable
Platforms Platform independent
Lookup file changes No lookups included in this app

The administrator is responsible for setting the sourcetype to whatever is desired,
as well as extracting CIM fields for the sourcetype.
This app already includes several extractions for different parts of the message that can be reused.

This app will not work on a universal forwarder,
as it requires Python which comes with an HF or a full Splunk install.

Note: Travis CI includes tests for both secure and insecure versions of POP3 / IMAP.

New features

TA-mailclient includes the following new features:

  • Made it more modular to supporting more file types in zips and in emails
  • Added support for zips and files within zips
  • Fixed unicode conversion of emails following contributions from Francois Lacombe on GitHub
    • Also added static mail preamble for line break. Event breaking configuration may not be
      required since the modular input writes individual events separately, but it's always a good idea.
  • Additional logging from pop3 / imap
  • Removed interval from inputs.conf.spec
  • Upgraded Splunk SDK to 1.6.2
  • Added additional test cases on Travis CI to test that functionality work
  • modularized storage/password functions to make them reusable and simpler
  • Also fixed exception handling when dealing with storage/password
  • Fixed type casting for boolean parameters (is_secure, include_headers) and port validation
  • Rewrote sections of mail_common
  • Merged functions from poputils / imaputils into main code and added additional logs from connection
To Do
  • Add attachment file hash to Splunk
  • Add support for doc / ppt / pptx
Known issues

Currently no known issues in version 1.3.0 of TA-mailclient.
This is currently tested against the latest version of Splunk Enterprise.
Issues can be reported and tracked on Github at this time.

Third-party software attributions

This uses the inbuilt poplib and imaplib that comes with Python by default.

Contributions on github are welcome and will be incorporated into the main release.
Current contributors are listed in AUTHORS.md.

Older Releases
  • v0.5.1

    • encoding corrections
    • deduplicate Date and MessageId from indexed headers
    • correction of MessageID extraction
    • changed the separator to a predefined one instead of Date and MessageID
    • activated and changed label for unsupported attachment
  • v0.5.0

    • Fixed UTF-8 encoding of mails before indexing. (Supporting Gmail and others)
  • v0.4.9

    • Changed encoding to support reading gmail.
  • v0.4.8

    • removed error introduced in v0.4.7
  • v0.4.7

    • Removed password field validation to allow users have complex or easy passwords however long
    • Handled all mail exceptions
  • v0.4.6

    • Fixed bug.
    • Fixed header inclusion
  • v0.4.5

    • Fixed bug. Removed line which caused v0.4.4 to fail
    • Fixed header inclusion
  • v0.4.4

    • Updated app to ignore case of file attachment extension
  • v0.4.3

    • Made extensions case insensitive
    • Added support for indexing .docx extensions
    • Generalised Mail.save_password() to allow reuse of code when writing other modular inputs.
    • Optimized python import statements
    • Fixed deleting of mails in poplib which was broken in 0.4
  • v0.4.2

    • Added support for indexing mail headers
  • v0.4.1

    • Fixed bug with 0.4.0
    • Made updates to fix unneeded else statement which introduced bug in 0.4.0.
  • v0.4

    • Added support for decoding unicode characters in other languages or and removing the unicode identifier in the header.
    • Improved support for indexing some file types even if the content-type is not set correctly. (as with Microsoft sending some files as binaries instead of text)
    • Added fundamental code to support indexing of attachment as a configurable option in future release by the user.
    • Added multiple field extractions for the email header and file attachments.
    • Introduced a bug which was corrected in 0.4.1 Faulty version

Note: filename and filecontent are multi-valve fields.

  • v0.3

    • Adds support for mailbox cleanup options
  • v0.2

    • Adds support for base64 encoded emails.

Support and resources

Questions and answers

Access questions and answers specific to the TA-mailclient at (https://answers.splunk.com/).

Support

This Splunk support add-on is community / developer supported.

Questions asked on Splunk answers will be answered either by the community of users or by the developer when available.
All support questions should include the version of Splunk and OS.

You can also contact the developer directly via Splunkbase.
Feedback and feature requests can also be sent via Splunkbase.

Issues can also be submitted at the TA-mailclient repo via on Github

Future release will support
1. Support for configuration of mail limits in inputs.conf
2. Recursive option to read all folders inside Inbox, and not just emails within inbox.
3. Support indexing mails from additional folders in a mailbox

Note : This has not been tested against an exhaustive list of mail servers, so I'll welcome the feedback.

Also, feel free to send me a list of well known servers that you 're using this with without problems.

Donations

I have received a few requests on how to make donations, and have now added this section.
You can contact me for one-time paypal donations to my email or us Liberapay and stop it after one payment.

Donate on Liberapay

Rate the add-on on Splunkbase if you use it and are happy with it,
and share your feedback. Thanks!

INSTALLATION AND CONFIGURATION

Hardware and software requirements

Hardware requirements

TA-mailclient supports the following server platforms in the versions supported by Splunk Enterprise:

  • Linux
  • Windows

The app was developed to be platform agnostic, but tests are mostly run on Linix.

Please contact the developer with issues running this on Windows. See the Splunk documentation for hardware
requirements for running a heavy forwarder.

Software requirements

To function properly, TA-mailclient has no external requirements but needs to be installed on a full Splunk
install which provides python and the required libraries (poplib and imaplib).

Splunk Enterprise system requirements

Because this add-on runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.

Download

Download the TA-mailclient at one of the following locaitons:
- Splunkbase
- Github

Installation steps

Deploy to single server instance

To install and configure this app on your supported standalone platform, do one of the following:

  • Install on a standalone Splunk Enterprise install via the GUI. See Link
  • Extract the technology add-on to $SPLUNK_HOME/etc/apps/ and restart Splunk
Deploy to distributed deployment

Install to search head - (Standalone or Search head cluster)

  • Deploy the props.conf and transforms.conf from TA-mailclient to the search head.
    If using search head cluster, deploy the props.conf and transforms.conf via a search head deployer.

Install to indexers

  • No App needs to be installed on indexers

Install to forwarders

  • Follow the steps to install the TA-mailclient on a heavy forwarder.
    More instructions available at the following URL

  • Configure an email input by going to the setup page or configuring inputs.conf.

Deploy to Splunk Cloud

For Splunk cloud installations, install TA-mailclient on a heavy forwarder that has been configured to forward
events to your Splunk Cloud instance.
The sourcetype is set by the administrator of the heavy forwarder when configuring the inputs.

You can work with Splunk Support on installing the Support add-on on Splunk Cloud for parsing the mails collected.

Configure TA-mailclient

This app adds a mail:// modular input and supports a variety of parameters in inputs.conf.

[mail://email_address@domain.com]
interval = 600
is_secure = 1
mailserver = imap.domain.com
password = mypassword
protocol = IMAP|POP3
disabled = 0
mailbox_cleanup = delete

Once the input is read, the password gets replaced and shows as 'encrypted'.
As such, the password for the mailbox must not be set to 'encrypted'.

The input can be edited if the password needs to be updated, and the password stored in a password
storage endpoint would get updated automatically. Passwords are never stored in clear text.

A different sourcetype can be specified for each input, thus making it possible to have different sourcetypes
for every mailbox. Mailbox cleanup is also managed automatically, and emails are deleted once it has been
indexed.

Parameters

mailserver - This is a mandatory field and should be the hostname or
IP address for the mail server or client access server with support for retrieving emails via POP3 or IMAP

protocol - This must be set to either POP3 or IMAP

is_secure - This should be set to 1 if emails should be retrieved using the
protocol selected over SSL.

password - Passwords must be set for every account,
or the input will get disabled.

mailbox_cleanup = This indicates if every email should be deleted as it is read,
or delayed until the next interval.
Setting this to readonly prevents mails from being deleted.

The default is readonly. Supported options are:
delayed|delete|readonly

interval - This should be configured to run as frequent as required
to retreive emails. This modular input retrieves up to 20 emails at each run.
A future release to this input might allow the limit to be configured as a parameter to the modular input.

This modular input supports multiple instances, and each input runs at separate intervals.

include_headers - This determines if email headers should be included.

Copyright & License

A copy of the Creative Commons Legal code has been added to the add-on detailing its license.

USER GUIDE

Data types

Data is indexed using a sourcetype specified by the administrator when configuring the inputs.
If nothing is specified, events will get indexed with a sourcetype of mail.

Troubleshooting

Once an email is indexed, it will not be re-indexed except the checkpoint directory is emptied.
This can be achieved by running the following command:

splunk clean inputdata mail

Diagnostic & Debug Logs

Logs can be found by searching Splunk internal logs

index=_internal sourcetype=splunkd (component=ModularInputs OR component=ExecProcessor) mail.py

Additional logging can be enabled by turning on debug logging for ExecProcessor and ModInputs.
set the logging level of the ExecProcessor to Debug

/opt/splunk/bin/splunk set log-level ExecProcessor -level DEBUG
/opt/splunk/bin/splunk set log-level ModInputs -level DEBUG

You can find additional ways to enable debug logging on
here.

Release Notes

Version 1.3.7dev
Jan. 7, 2018

##### New features

TA-mailclient includes the following new features:

- Caught additional exceptions and tried to parse unsupported encoding types as ascii while escaping unsupported characters.

Version 1.3.6dev
Dec. 30, 2017

##### New features

TA-mailclient includes the following new features:

- Caught additional exceptions and tried to parse unsupported encoding types as ascii while escaping unsupported characters.

Version 1.3.5dev
Dec. 29, 2017

##### New features

TA-mailclient includes the following new features:

- Caught additional exceptions and tried to parse unsupported encoding types as ascii while escaping unsupported characters.

Version 1.3.5
Dec. 29, 2017

##### New features

TA-mailclient includes the following new features:

- Caught additional exceptions and tried to parse unsupported encoding types as ascii while escaping unsupported characters.

Version 1.3.0
Nov. 26, 2017

##### New features

TA-mailclient includes the following new features:

- Rewrote file parsing to be more modular
- Added tests for Splunk 7.0 to travis
- Added support for zips and files within zips
- Additional logging from pop3 / imap
- Upgraded Splunk SDK to 1.6.2
- Added additional test cases on Travis CI to test that functionality work
- Fixed type casting for boolean parameters (is\_secure, include\_headers) and port validation
- Merged functions from poputils / imaputils into main code and added additional l

Version 1.2.0
Nov. 18, 2017

##### New features

TA-mailclient includes the following new features:
- Added support for zips and text files within zips

Version 1.1.* added optimised the app and added the following
- Fixed unicode conversion of emails following contributions from Francois Lacombe on GitHub
- Also added static mail preamble for line break. Event breaking configuration may not be
required since the modular input writes individual events separately, but it's always a good idea.
- Additional logging from pop3 / imap
- Removed interval from inputs.conf.spec
- Added additional test cases on Travis CI to test that functionality work
- modularized storage/password functions to make them reusable and simpler
- Also fixed exception handling when dealing with storage/password
- Fixed type casting for boolean parameters (is\_secure, include\_headers) and port validation
- Merged functions from poputils/imaputils into main code and added additional logs from connection

Version 1.1.7
Aug. 9, 2017

##### New features

TA-mailclient includes the following new features:

- Fixed unicode conversion of emails following contributions from Francois Lacombe on GitHub
- Also added static mail preamble for line break. Event breaking configuration may not be
required since the modular input writes individual events separately, but it's always a good idea.
- Additional logging from pop3 / imap
- Removed interval from inputs.conf.spec
- Upgraded Splunk SDK to 1.6.2
- Added additional test cases on Travis CI to test that functionality work
- modularized storage/password functions to make them reusable and simpler
- Also fixed exception handling when dealing with storage/password
- Fixed type casting for boolean parameters (is\_secure, include\_headers) and port validation
- Rewrote sections of mail\_common
- Merged functions from poputils/imaputils into main code and added additional logs from connection

Version 1.1.6
Aug. 4, 2017

##### New features

TA-mailclient includes the following new features:

- Fixed unicode conversion of emails following contributions from Francois Lacombe on GitHub
- Also added static mail preamble for line break. Event breaking configuration may not be
required since the modular input writes individual events separately, but it's always a good idea.
- Additional logging from pop3 / imap
- Removed interval from inputs.conf.spec
- Upgraded Splunk SDK to 1.6.2
- Added additional test cases on Travis CI to test that functionality work
- modularized storage/password functions to make them reusable and simpler
- Also fixed exception handling when dealing with storage/password
- Fixed type casting for boolean parameters (is\_secure, include\_headers) and port validation
- Rewrote sections of mail\_common
- Merged functions from poputils/imaputils into main code and added additional logs from connection

Version 1.1.5
Aug. 3, 2017

##### New features
TA-mailclient includes the following new features:
- Fixed unicode conversion of emails following contributions from Francois Lacombe on GitHub
- Also added static mail preamble for line break. Event breaking configuration may not be
required since the modular input writes individual events separately, but it's always a good idea.
- Added delineations and extractions to multipart content
- Removed interval from inputs.conf.spec
- Upgraded Splunk SDK to 1.6.2
- Added additional test cases on Travis CI to test that functionality works
- Fix loading local exceptions
- modularized storage/password functions to make them reusable and simpler
- Also fixed exception handling when dealing with storage/password
- Fixed type casting for boolean parameters (is\_secure, include\_headers)
- Rewrote sections of mail\_common
- Merged functions from poputils/imaputils into main code and added additional logs from connection

Version 1.1.2
July 29, 2017

##### New features

TA-mailclient includes the following new features:

- Fixed unicode conversion of emails following contributions from Francois Lacombe on GitHub
- Also added static mail preamble for line break. Event breaking configuration may not be
required since the modular input writes individual events separately, but it's always a good idea.
- Added delineations and extractions to multipart content
- Removed interval from inputs.conf.spec
- Upgraded Splunk SDK to 1.6.2
- Added additional test cases on Travis CI to test that functionality works
- Fix loading local exceptions
- modularized storage/password functions to make them reusable and simpler
- Also fixed exception handling when dealing with storage/password
- Fixed type casting for boolean parameters (is\_secure, include\_headers)
- Rewrote sections of mail_common

Version 1.1.1
July 29, 2017

##### New features

TA-mailclient includes the following new features:

- Fixed unicode conversion of emails following contributions from Francois Lacombe on GitHub
- Also added static mail preamble for line break. Event breaking configuration may not be
required since the modular input writes individual events separately, but it's always a good idea.
- Added delineations and extractions to multipart content
- Removed interval from inputs.conf.spec
- Upgraded Splunk SDK to 1.6.2
- Added additional test cases on Travis CI to test that functionality works
- Fix loading local exceptions
- modularized storage/password functions to make them reusable and simpler
- Also fixed exception handling when dealing with storage/password
- Fixed type casting for boolean parameters (is\_secure, include\_headers) - Now works on port 110/143

Version 1.1.0
July 29, 2017

##### New features

TA-mailclient includes the following new features:

- Fixed unicode conversion of emails following contributions from Francois Lacombe on GitHub
- Also added static mail preamble for line break. Event breaking configuration may not be
required since the modular input writes individual events separately, but it's always a good idea.
- Added delineations and extractions to multipart content
- Removed interval from inputs.conf.spec
- Upgraded Splunk SDK to 1.6.2
- Added additional test cases on Travis CI to test that functionality works
- Fix loading local exceptions
- modularized storage/password functions to make them reusable and simpler and catch exceptions

Version 1.0.3
July 28, 2017

##### New features

TA-mailclient includes the following new features:

- Fixed unicode conversion of emails following contributions from Francois Lacombe on GitHub
- Also added static mail preamble for line break. Event breaking configuration may not be
required since the modular input writes individual events separately, but it's always a good idea.
- Added delineations and extractions to multipart content
- Removed interval from inputs.conf.spec
- Upgraded Splunk SDK to 1.6.2
- Added additional test cases on Travis CI to test that functionality works
- Fix loading local exceptions

V1.0.3 is missing some exception handling when writing / reading from storage/passwords. This could cause unexpected results when trying to add an input, or update the encrypted password as a non-privileged user.

Version 1.0.2
July 27, 2017

##### New features

TA-mailclient includes the following new features:

- Fixed unicode conversion of emails following contributions from Francois Lacombe on GitHub
- Also added static mail preamble for line break. Event breaking configuration may not be
required since the modular input writes individual events separately, but it's always a good idea.
- Added delineations and extractions to multipart content
- Removed interval from inputs.conf.spec
- Upgraded Splunk SDK to 1.6.2
- Added additional test cases on Travis CI to test that functionality works

Version 1.0.1
July 18, 2017

Version 1.0
July 17, 2017

Version 0.5.0
Oct. 21, 2016

This technology adapter add-on fetches emails for Splunk to index from mailboxes
using either POP3 or IMAP, with or without SSL.

The modular input also stores takes the password from inputs.conf in plain text,
and replaces it with a place holder, while storing it encrypted within Splunk.
This is built using the Splunk SDK for Python,
should work on any Splunk installation with Python available including SHC.
Passwords should also get replicated between search heard peer members.

At present, this only fetches emails form the 'inbox' folder.
Images and attachments are not indexed.

###v0.4.6
Finally fixed header inclusion/exclusion, and bug in 0.4.5

###v0.4.7
* Removed password field validation to allow users have complex or easy passwords regardless of length
* Handled all mail exceptions

###v0.4.8
* removed error introduced in v0.4.7

###v0.4.9
* Changed encoding to support gmail

###v0.5.0
* Fixed UTF-8 encoding of mails before indexing. (Supporting Gmail and others)

Version 0.4.9
Oct. 18, 2016

This technology adapter add-on fetches emails for Splunk to index from mailboxes
using either POP3 or IMAP, with or without SSL.

The modular input also stores takes the password from inputs.conf in plain text,
and replaces it with a place holder, while storing it encrypted within Splunk.
This is built using the Splunk SDK for Python,
should work on any Splunk installation with Python available including SHC.
Passwords should also get replicated between search heard peer members.

At present, this only fetches emails form the 'inbox' folder.
Images and attachments are not indexed.

###v0.4.6
Finally fixed header inclusion/exclusion, and bug in 0.4.5

###v0.4.7
* Removed password field validation to allow users have complex or easy passwords regardless of length
* Handled all mail exceptions

###v0.4.8
* removed error introduced in v0.4.7

###v0.4.9
* Changed encoding to support gmail

Version 0.4.8
Oct. 3, 2016

This technology adapter add-on fetches emails for Splunk to index from mailboxes
using either POP3 or IMAP, with or without SSL.

The modular input also stores takes the password from inputs.conf in plain text,
and replaces it with a place holder, while storing it encrypted within Splunk.
This is built using the Splunk SDK for Python,
should work on any Splunk installation with Python available including SHC.
Passwords should also get replicated between search heard peer members.

At present, this only fetches emails form the 'inbox' folder.
Images and attachments are not indexed.


###v0.4.5
* Fixed bug. Removed line which caused v0.4.4 to fail
* Fixed header inclusion


###v0.4.6
Finally fixed header inclusion/exclusion, and bug in 0.4.5


###v0.4.7
* Removed password field validation to allow users have complex or easy passwords regardless of length
* Handled all mail exceptions


###v0.4.8
* removed error introduced in v0.4.7

Version 0.4.7
Oct. 1, 2016

This technology adapter add-on fetches emails for Splunk to index from mailboxes
using either POP3 or IMAP, with or without SSL.

The modular input also stores takes the password from inputs.conf in plain text,
and replaces it with a place holder, while storing it encrypted within Splunk.
This is built using the Splunk SDK for Python,
should work on any Splunk installation with Python available including SHC.
Passwords should also get replicated between search heard peer members.

At present, this only fetches emails form the 'inbox' folder.
Images and attachments are not indexed.


###v0.4.5
* Fixed bug. Removed line which caused v0.4.4 to fail
* Fixed header inclusion


###v0.4.6
Finally fixed header inclusion/exclusion, and bug in 0.4.5


###v0.4.7
* Removed password field validation to allow users have complex or easy passwords regardless of length
* Handled all mail exceptions

Version 0.1
June 22, 2016

This technology adapter add-on fetches emails for Splunk to index from mailboxes
using either POP3 or IMAP, with or without SSL.

The modular input also stores takes the password from inputs.conf in plain text,
and replaces it with a place holder, while storing it encrypted within Splunk.
This is built using the Splunk SDK for Python,
should work on any Splunk installation with Python available including SHC.
Passwords should also get replicated between search heard peer members.

For IMAP, this only fetches emails form the 'inbox' folder.

For multipart emails, only `'text/plain'` and `'text/html'` are indexed.
Images and attachments are not indexed.

194
Installs
2,161
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.