This short guide will look at the Logstash IMAP input. IMAP is an alternative protocol to POP3 to fetch emails from a server. This input will allow you to retrieve emails from an IMAP account and process them using Logstash. Check out this post on using IMAP and Elasticsearch to manage error emails for a use case of this input.

Quick Info

Links: Source | Documentation
Version: 1.4.2
Requirements:

  • IMAP account details
    • Host
    • Username
    • Password

The short version

Setting up Logstash to connect to IMAP is really simple: Just set the IMAP account details in the config file and watch the emails roll in.

The only required options are host, username and password:

# Bare minimum
input {
  imap {
    host => "imap.mailserver.com"
    user => "[email protected]"
    password => "$uper$ecret"
  }
}

Logstash will now check the Inbox folder of the [email protected] account every 300 seconds and fetch up to 50 emails.

The longer version

Some email providers will require more settings than just the three required ones to work. You can also tweak how often the account should be checked for new emails, and how many emails should be fetched every time. Let’s look at a couple of extra examples:

Fetch more, less often

You can set the fetch interval and count using the well named check_interval and fetch_count settings:

# Fetch 100 emails every hour
input {
  imap {
    host => "imap.mailserver.com"
    user => "[email protected]"
    password => "$uper$ecret"
    check_interval => 3600 # Specified in seconds
    fetch_count => 100
  }
}

Give Logstash its own GMail account

GMail and Google Apps accounts are widely used, not just by people but by some services as well. We’ll be using the port setting to use the correct port, and the secure setting to encrypt the connection. The following config shows how you can check your Google emails using Logstash:

# Connecting to GMail
input {
  imap {
    host => "imap.gmail.com"
    user => "[email protected]"
    password => "$uper$ecret"
    port => 993
    secure => true
  }
}

All the options

check_interval – Numeric – How long, in seconds, Logstash waits before checking the IMAP account again. Defaults to 300.

content_type – String – Emails can be sent as Multipart messages. Use this setting to specify the content type of the message part you’re interested in. Defaults to text/plain.

delete – Boolean – Specify whether or not emails should be deleted from the server after they’ve been fetched by Logstash. The default value is false.

fetch_count – Numeric – The number of emails to retrieve every time Logstash connects to the IMAP server. Defaults to 50.

host – String – The hostname of the server on which the IMAP account is hosted. This setting is required.

lowercase_headers – Boolean – Specify whether or not the headers of the email should be lowercased. This is usefull if you want to ensure that all the headers (that are added to the event) are homogenous across all the events. The default value is true.

password – String – The password for the IMAP account in plain text. This setting is required.

port – Numeric – The port number on which to connect to the IMAP service. There is no default for this setting.

secure – Boolean – Specify whether or not to use a secure connect. The default value is true.

user – String – The full username for the IMAP account. This setting is required.

verify_cert – Boolean – Specify whether or not to verify the SSL certificate (used for secure communication) when connecting to the server. This is usefull if you’re connecting to an internal server with a self signed certificate. The default value is true.


Get rid of your Logstash configuration frustrations, and buy the [Logstash Config Guide][6]. Check it out now!

Coder. Thinker. Human. I try to write good code for a living and wrangle data as a hobby. Be sure to check out the book I'm writing: The Logstash Config Guide.

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Share This