All Apps and Add-ons

Getting data from AS400 into Splunk

Poojita
Explorer

Hi,
I have been using Splunk Enterprise for quite some time and recently added the Splunk for iseries - AS/400 plugin.

I searched a lot regarding the ways to get data into splunk from AS400 but i am still not sure on how to create a connectivity between splunk enterprise and AS400 i mean like giving some URL etc to get in log files from AS400.

Can you please help me on this?

Thanks in advance!

0 Karma

mouradox
New Member

Hi,

Someone tested some of theses solutions please ?

Thanks in advance!

0 Karma

jpcontrerasadit
Explorer

Another alternative is to use the Splunk HTTP Event Collector if you can orchestrate the sending of HTTP events from your iSeries.

0 Karma

stanwin
Contributor

Poojita

you need to get your data in via other means:

AUDJRN : look at AS400 app by Ron Naken

Logs: you can have a syslog agent that tails files & send them as SYSLOGS to splunk . e.g. syslog-ng

SyncSort ironstream: this will actually have a pseudo 'forwarder' on AS400 . developed by mainframe co syncsort & splunk.

Note that this will mean additional licensing for syslogs & ironstream route. unless you go ahead with bespoke syslog utility for your logs.

If data is not needed near realtime , have them FTP'ed to your accessible splunk box?

0 Karma

jeastman
Path Finder

Syncsort's Ironstream product only forwards data off of an IBM z/OS Mainframe. Not iSeries/AS400.

0 Karma

dart
Splunk Employee
Splunk Employee

The App for iSeries relies on the iSeries exporting data into files which we can read. It contains example scripts showing how you can automate this on the iSeries end in it's bin folder. You'll also need an FTP server for it to write the exports to.

0 Karma

Poojita
Explorer

On the AS400 side I could FTP the file, but i am not sure of how to get that data from AS400 FTP and bring it to Splunk.
I had come across an app called "importutil" through which we can import data from ftp, http etc but I m getting the following error while executing the query.

command="importutil", Usage : importutil [config=] [format=] Example : importutil http http://research.stlouisfed.org/fred2/data/PAYEMS.txt

The issue had already been asked but no solution has been given.
Kindly Help!
Thanks!

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>