Getting Data In

SFTP data in splunk

keishamtcs
Explorer

Hi All,

Currently there are mainframe jobs which is sending data to a splunk instance where the data will be index locally. The data transfer is happening via FTP. Since it's a frame jobs we cannot install splunk forwarders.

We are planning to convert from FTP to SFTP. On mainframe side code chane would be done to make it as sftp.

So for this what changes would required on splunk side ? I believe a key would required ?
Is there better method of transfer or any add-on that we can use ?

Regards

0 Karma

nareshinsvu
Builder

key? to establish rsa and do sftp?

If you are able to successfully sftp files, you can index data locally on the splunk server as you said using inputs.conf.

0 Karma

keishamtcs
Explorer

Do we need a seperate server for SFTP. Can we use the sftp key on splunk existing splunk server ?

0 Karma

nareshinsvu
Builder

Are your servers Linux? You can set-up sftp using below link unless there are any security restrictions with the mainframes server.

https://www.jscape.com/blog/setting-up-sftp-public-key-authentication-command-line

Once SFTP is successful and files transferred, you can index data locally

0 Karma

jaime_ramirez
Communicator

So, are you pushing data from the mainframes to Splunk or pulling data from the mainframes?

0 Karma

keishamtcs
Explorer

Yes...data is being push from mainframe to splunk via FTP.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...