All Apps and Add-ons

Syncsort Ironstream and Splunk

Poojita
Explorer

Hi guys..

I have recently started exploring Splunk enterprise , after installing it on Linux system, and I used sample data to create pie charts, line graphs etc.
I was searching for a way to get mainframe data into splunk for data analysis and found out about Syncsort Ironstream. I searched a lot regarding the ways to download, install etc but found no luck.

Is there Ironstream software available? If yes, where can I find it?
Thanks in advance.

1 Solution

gfuente
Motivator

Hello

The Ironstream product is not free, so you need to contact Syncsort to get the software and licenses:

http://www.syncsort.com/en/TestDrive/Demo/Request-Info-Splunk

Regards

View solution in original post

tldenney
Path Finder

IBM Common Data Provider for z Systems (CDPz) is the best option for sending Mainframe logs to Splunk.

CDPz can send a wide variety of data including 140 data sources and 100+ SMF record types. More specifically, CDPz can support the following:

• SMF records
• SYSLOG (IBM z/OS System Log and USS SyslogD)
• JOBLOGs
• Application logs (IBM CICS Transaction Server logs and IBM WebSphere Application Server logs)

CDPz also has advanced filtering capabilities including RegEx and time filtering that can be set up using the built-in web configuration tool shown below.

alt text

More information on IBM Common Data Provider for z Systems can be found directly on Splunkbase.

hogstrom
Engager

There are other alternatives to IronStream for getting access to mainframe data. IBM has an offering called Common Data Provider that provides similar capability.

jeastman
Path Finder

If you would like to try out the Ironstream product, there is currently a free 30 day trial for SYSLOG available on our website:

http://www.syncsort.com/en/Products/Mainframe/Ironstream

The download also comes with a Syslog Dashboard that demonstrates how Sylog messages can be visualized and used for discovery.

0 Karma

tweaktubbie
Communicator

Can't find any detail info on the website on Ironstream compatibility with the latest Splunk 6.6.1 version. Having some "gsk_secure_socket_init returned No SSL cipher specifications" messages on mainframe side after updating our test environment?

Also the syslog app https://splunkbase.splunk.com/app/2792/ still mentions 6.2 as only compatible version, is that true?

0 Karma

jeastman
Path Finder

There are no known compatibility issues for SSL on any Splunk release if things are properly configured.

Please contact zos_tech@syncsort.com and explain your issues and a support ticket can be opened to assist in the diagnosis the issue.

0 Karma

jreda
Explorer

Thank you for your interest in Ironstream to move logs/files from z/OS to Splunk. We would be happy to work with you and provide you software to evaluate. Let’s schedule a call to help you understand more about Ironstream and we can learn more about your requirements.

pojsson
New Member

Is Ironstream also possible to connect to a heavy forwarder instead of Splunk itself

0 Karma

jeastman
Path Finder

Yes. You just have to configure the heavy forwarder with a TCP input port that accepts a sourcetype of JSON

0 Karma

gfuente
Motivator

Hello

The Ironstream product is not free, so you need to contact Syncsort to get the software and licenses:

http://www.syncsort.com/en/TestDrive/Demo/Request-Info-Splunk

Regards

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...