I hate reading email. So much. I do however enjoy searching email. Using Splunk I can monitor and index my email. This is incredibly useful for administrators of Unix boxes where cron jobs very often generate an unprecidented amount of email messages.
Configure Splunk to monitor your mailboxes:
# $SPLUNK_HOME/etc/system/local/inputs.conf [batch:///var/mail] disabled = false move_policy = sinkhole sourcetype = mbox
Configure Splunk to properly extract messages from your mailbox:
# $SPLUNK_HOME/etc/system/local/props.conf [mbox] LINE_BREAKER = ([\r\n]+)From\s SHOULD_LINEMERGE = false
You're now ready to search and view your email messages in Splunk: