All Apps and Add-ons

AS400 iSeries app/collection?

Path Finder

Hello, I wanted to know if anyone is using splunk with their as400/iseries. We want to gather QAUDJRN, QSYSOPR, QHST data and performance data. The catch is we would like to do it without purchasing a third party agent that forwards this data for another 4k. I was thinking some type of scripted input?

Tags (1)
1 Solution


Anyone aware if there is a open source version of syslog agent for AS400.. Seems developing a bespoke syslog tool (as mentioned by southeringtonp ) or using the licensed ones is only option?

0 Karma

Path Finder

This looks awesome. We are evaluating a iSeries syslog-ng AUDJRN exporter and hopefully we can utilize this app.

0 Karma


I have also the same task where I have to pull AS400 information. I was basically told to manage an AS400. The problem is I don't know what to montior.

I was able to get data using expect, some command, but i don't know if what I am doing is enough.

How is you application looking?

0 Karma

Path Finder

Thanks southeringtonp, responses were very helpful. I have been thinking of working to screen scraping and pexpect looks awesome. We can also dump to a nfs mount that could also be indexed. My guess is I'll probably be going down the screen scrape route.

0 Karma


I'm certainly no iSeries expert, but since nobody else has chimed in...

Without a third-party agent, your options are limited. A couple of possibilities:

  • Screen-scraping

    If you want to use a scripted input to screen-scrape the connection, you can leverage the pexpect Python library to help interact with the telnet (or whatever) session. pexpect is not included with Splunk, but will work fine if you place the Python libraries in the same directory as your script.

  • Dump to a file, then retrieve

    If you can dump the contents of each of the logs you're interested in to a flat file, it's not so bad. You can use a cron job to copy the files from IFS/FTP/etc. to a path Splunk indexes, and pick it up from there. Or, you can have Splunk retrieve the file directly as a scripted input.

  • Roll your own syslog forwarder.

    PASE evidently has syslog support, and it looks like there's some sort of API structure (QjoRetrieveJournalEntries?) available for accessing the contents of these.

Given the cost of a Splunk Enterprise license, realistically it may be worth it to just go for the extra $4k for the 3rd-party forwarder (syslog-ng, PowerTech, etc.).

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!