Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to send data from IBM AS400 to Splunk via syslog?

Afef
Communicator
‎04-30-2015 02:48 AM

I want to create a connectivity between splunk enterprise and AS400. I tried to send logs via syslog, but Splunk didn’t receive any data.

Could you help me please?

Thanks

Tags (4)
Reply

garapathis
New Member
‎07-25-2018 08:17 PM

can you please help me understand how to send system audit log to syslog server.
I am new to splunk and trying to understand how to basically access AS400 from splunk.,Can someone please help me on how we can send the system audit log to a syslog server .....

0 Karma
Reply

micahkemp
Champion
‎07-25-2018 09:34 PM

@garapathis,

This question is over 3 years old, and is unlikely to attract sufficient attention to answer any question you may have. I suggest submitting a new question.

0 Karma
Reply

bryanmdietz
Engager
‎07-19-2018 02:43 PM

If your IBM I system is at newer releases, V7.2 or V7.3 and fairly current on PTF's you can send the system audit log to a syslog server.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

and the QHST history log:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

0 Karma
Reply

bryanmdietz
Engager
‎07-19-2018 02:42 PM

If your IBM i is at newer releases, V7.2 or V7.3 and fairly current on PTF's you can send the system audit log to a syslog server.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

and the QHST history log:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

Reply

gwalford
Path Finder
‎09-15-2015 02:11 PM

The best answer to this question I have seen is to use a third-party application that runs on the iSeries and converts the iSeries data to Syslog in key value pairs - Splunk then ingests this Syslog data. Since it is Key Value paired Splunk easily ingests the data and provides a near to real time integration.

Realistically, you are looking at anywhere between 5 to 30 seconds of log delay due to queuing from the iSeries systems. However, even with this delay you gain hours of speed over a direct database export every 8 hours or so - it also impacts your Splunk license a lot less.

Reply

vganjare
Builder
‎04-30-2015 03:08 AM

Hi,

Can this help?

http://answers.splunk.com/answers/25008/as400-for-splunk-app-how-is-data-collected-on-the-as-400.htm...

Thanks!!

0 Karma
Reply

Afef
Communicator
‎04-30-2015 03:13 AM

Hi,

Thanks. I tried that but no i can't data in 😕

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...