All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Syncsort Ironstream - SYSLOG: How can I create connection between Ironstream and Splunk?

yasinbi
New Member
‎10-05-2016 03:03 AM

Hi,

I am a new customer on Splunk and trying to connect it with Ironstream on z/OS. My mainly purpose is taking syslog data from z/OS site to Splunk. But while creating a connection I need Splunk server and port definitions. Is there anyone who can show me the true customization way or any document you can suggest?

Thanks

Yasin

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ianhss
Explorer
‎10-05-2016 09:22 AM

Hello Yasin,

You need to create a new TCP data input on your Splunk server.

  1. In Splunk, select the menu option: Settings > Data inputs
  2. Create a new TCP data input, and click New.
  3. In the Add Data screen, enter a Port number. This will be used for the incoming data.
  4. In the next panel, set the SourceType to: structured > _json. And, select an index (or create a new index).
  5. Configure Ironstream to send SYSLOG data to the Splunk server using the IP address of your server and the port specified above.

NOTE: Firewall or network issues may interfere with any connection.

If you have any problems, please contact our Support team: https://www.syncsort.com/support . They will be very happy to help.

View solution in original post

Reply
Solved! Jump to solution
Solution

ianhss
Explorer
‎10-05-2016 09:22 AM

Hello Yasin,

You need to create a new TCP data input on your Splunk server.

  1. In Splunk, select the menu option: Settings > Data inputs
  2. Create a new TCP data input, and click New.
  3. In the Add Data screen, enter a Port number. This will be used for the incoming data.
  4. In the next panel, set the SourceType to: structured > _json. And, select an index (or create a new index).
  5. Configure Ironstream to send SYSLOG data to the Splunk server using the IP address of your server and the port specified above.

NOTE: Firewall or network issues may interfere with any connection.

If you have any problems, please contact our Support team: https://www.syncsort.com/support . They will be very happy to help.

Reply
Solved! Jump to solution

yasinbi
New Member
‎10-06-2016 11:47 PM

Thank you for information. I am going to try in line with your instructions

0 Karma
Reply
Solved! Jump to solution

aaraneta_splunk
Splunk Employee
Splunk Employee
‎10-23-2016 08:06 PM

Hi @yasinbi - Did ianhss' answer provide a working solution to your question? If yes, please don't forget to click "Accept" below the answer to resolve your post. If no, please provide feedback by leaving another comment. Thanks!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...