All Apps and Add-ons

Getting data from AS400 into Splunk

Poojita
Explorer

Hi,
I have been using Splunk Enterprise for quite some time and recently added the Splunk for iseries - AS/400 plugin.

I searched a lot regarding the ways to get data into splunk from AS400 but i am still not sure on how to create a connectivity between splunk enterprise and AS400 i mean like giving some URL etc to get in log files from AS400.

Can you please help me on this?

Thanks in advance!

0 Karma

mouradox
Engager

Hi,

Someone tested some of theses solutions please ?

Thanks in advance!

0 Karma

jpcontrerasadit
Explorer

Another alternative is to use the Splunk HTTP Event Collector if you can orchestrate the sending of HTTP events from your iSeries.

0 Karma

stanwin
Contributor

Poojita

you need to get your data in via other means:

AUDJRN : look at AS400 app by Ron Naken

Logs: you can have a syslog agent that tails files & send them as SYSLOGS to splunk . e.g. syslog-ng

SyncSort ironstream: this will actually have a pseudo 'forwarder' on AS400 . developed by mainframe co syncsort & splunk.

Note that this will mean additional licensing for syslogs & ironstream route. unless you go ahead with bespoke syslog utility for your logs.

If data is not needed near realtime , have them FTP'ed to your accessible splunk box?

0 Karma

jeastman
Path Finder

Syncsort's Ironstream product only forwards data off of an IBM z/OS Mainframe. Not iSeries/AS400.

0 Karma

dart
Splunk Employee
Splunk Employee

The App for iSeries relies on the iSeries exporting data into files which we can read. It contains example scripts showing how you can automate this on the iSeries end in it's bin folder. You'll also need an FTP server for it to write the exports to.

0 Karma

Poojita
Explorer

On the AS400 side I could FTP the file, but i am not sure of how to get that data from AS400 FTP and bring it to Splunk.
I had come across an app called "importutil" through which we can import data from ftp, http etc but I m getting the following error while executing the query.

command="importutil", Usage : importutil [config=] [format=] Example : importutil http http://research.stlouisfed.org/fred2/data/PAYEMS.txt

The issue had already been asked but no solution has been given.
Kindly Help!
Thanks!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...