All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Syncsort Ironstream - SYSLOG: How can I create connection between Ironstream and Splunk?

yasinbi
New Member
‎10-05-2016 03:03 AM

Hi,

I am a new customer on Splunk and trying to connect it with Ironstream on z/OS. My mainly purpose is taking syslog data from z/OS site to Splunk. But while creating a connection I need Splunk server and port definitions. Is there anyone who can show me the true customization way or any document you can suggest?

Thanks

Yasin

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ianhss
Explorer
‎10-05-2016 09:22 AM

Hello Yasin,

You need to create a new TCP data input on your Splunk server.

  1. In Splunk, select the menu option: Settings > Data inputs
  2. Create a new TCP data input, and click New.
  3. In the Add Data screen, enter a Port number. This will be used for the incoming data.
  4. In the next panel, set the SourceType to: structured > _json. And, select an index (or create a new index).
  5. Configure Ironstream to send SYSLOG data to the Splunk server using the IP address of your server and the port specified above.

NOTE: Firewall or network issues may interfere with any connection.

If you have any problems, please contact our Support team: https://www.syncsort.com/support . They will be very happy to help.

View solution in original post

Reply
Solved! Jump to solution
Solution

ianhss
Explorer
‎10-05-2016 09:22 AM

Hello Yasin,

You need to create a new TCP data input on your Splunk server.

  1. In Splunk, select the menu option: Settings > Data inputs
  2. Create a new TCP data input, and click New.
  3. In the Add Data screen, enter a Port number. This will be used for the incoming data.
  4. In the next panel, set the SourceType to: structured > _json. And, select an index (or create a new index).
  5. Configure Ironstream to send SYSLOG data to the Splunk server using the IP address of your server and the port specified above.

NOTE: Firewall or network issues may interfere with any connection.

If you have any problems, please contact our Support team: https://www.syncsort.com/support . They will be very happy to help.

Reply
Solved! Jump to solution

yasinbi
New Member
‎10-06-2016 11:47 PM

Thank you for information. I am going to try in line with your instructions

0 Karma
Reply
Solved! Jump to solution

aaraneta_splunk
Splunk Employee
Splunk Employee
‎10-23-2016 08:06 PM

Hi @yasinbi - Did ianhss' answer provide a working solution to your question? If yes, please don't forget to click "Accept" below the answer to resolve your post. If no, please provide feedback by leaving another comment. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...