Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Getting data from AS400 into Splunk
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Getting data from AS400 into Splunk
Hi,
I have been using Splunk Enterprise for quite some time and recently added the Splunk for iseries - AS/400 plugin.
I searched a lot regarding the ways to get data into splunk from AS400 but i am still not sure on how to create a connectivity between splunk enterprise and AS400 i mean like giving some URL etc to get in log files from AS400.
Can you please help me on this?
Thanks in advance!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Someone tested some of theses solutions please ?
Thanks in advance!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Another alternative is to use the Splunk HTTP Event Collector if you can orchestrate the sending of HTTP events from your iSeries.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Poojita
you need to get your data in via other means:
AUDJRN : look at AS400 app by Ron Naken
Logs: you can have a syslog agent that tails files & send them as SYSLOGS to splunk . e.g. syslog-ng
SyncSort ironstream: this will actually have a pseudo 'forwarder' on AS400 . developed by mainframe co syncsort & splunk.
Note that this will mean additional licensing for syslogs & ironstream route. unless you go ahead with bespoke syslog utility for your logs.
If data is not needed near realtime , have them FTP'ed to your accessible splunk box?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Syncsort's Ironstream product only forwards data off of an IBM z/OS Mainframe. Not iSeries/AS400.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The App for iSeries relies on the iSeries exporting data into files which we can read. It contains example scripts showing how you can automate this on the iSeries end in it's bin folder. You'll also need an FTP server for it to write the exports to.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On the AS400 side I could FTP the file, but i am not sure of how to get that data from AS400 FTP and bring it to Splunk.
I had come across an app called "importutil" through which we can import data from ftp, http etc but I m getting the following error while executing the query.
command="importutil", Usage : importutil [config=] [format=] Example : importutil http http://research.stlouisfed.org/fred2/data/PAYEMS.txt
The issue had already been asked but no solution has been given.
Kindly Help!
Thanks!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
