All Apps and Add-ons

Getting data from AS400 into Splunk

Poojita
Explorer

Hi,
I have been using Splunk Enterprise for quite some time and recently added the Splunk for iseries - AS/400 plugin.

I searched a lot regarding the ways to get data into splunk from AS400 but i am still not sure on how to create a connectivity between splunk enterprise and AS400 i mean like giving some URL etc to get in log files from AS400.

Can you please help me on this?

Thanks in advance!

0 Karma

mouradox
Engager

Hi,

Someone tested some of theses solutions please ?

Thanks in advance!

0 Karma

jpcontrerasadit
Explorer

Another alternative is to use the Splunk HTTP Event Collector if you can orchestrate the sending of HTTP events from your iSeries.

0 Karma

stanwin
Contributor

Poojita

you need to get your data in via other means:

AUDJRN : look at AS400 app by Ron Naken

Logs: you can have a syslog agent that tails files & send them as SYSLOGS to splunk . e.g. syslog-ng

SyncSort ironstream: this will actually have a pseudo 'forwarder' on AS400 . developed by mainframe co syncsort & splunk.

Note that this will mean additional licensing for syslogs & ironstream route. unless you go ahead with bespoke syslog utility for your logs.

If data is not needed near realtime , have them FTP'ed to your accessible splunk box?

0 Karma

jeastman
Path Finder

Syncsort's Ironstream product only forwards data off of an IBM z/OS Mainframe. Not iSeries/AS400.

0 Karma

dart
Splunk Employee
Splunk Employee

The App for iSeries relies on the iSeries exporting data into files which we can read. It contains example scripts showing how you can automate this on the iSeries end in it's bin folder. You'll also need an FTP server for it to write the exports to.

0 Karma

Poojita
Explorer

On the AS400 side I could FTP the file, but i am not sure of how to get that data from AS400 FTP and bring it to Splunk.
I had come across an app called "importutil" through which we can import data from ftp, http etc but I m getting the following error while executing the query.

command="importutil", Usage : importutil [config=] [format=] Example : importutil http http://research.stlouisfed.org/fred2/data/PAYEMS.txt

The issue had already been asked but no solution has been given.
Kindly Help!
Thanks!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...