Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to send data from IBM AS400 to Splunk via syslog?

Afef
Communicator
‎04-30-2015 02:48 AM

I want to create a connectivity between splunk enterprise and AS400. I tried to send logs via syslog, but Splunk didn’t receive any data.

Could you help me please?

Thanks

Tags (4)
Reply

garapathis
New Member
‎07-25-2018 08:17 PM

can you please help me understand how to send system audit log to syslog server.
I am new to splunk and trying to understand how to basically access AS400 from splunk.,Can someone please help me on how we can send the system audit log to a syslog server .....

0 Karma
Reply

micahkemp
Champion
‎07-25-2018 09:34 PM

@garapathis,

This question is over 3 years old, and is unlikely to attract sufficient attention to answer any question you may have. I suggest submitting a new question.

0 Karma
Reply

bryanmdietz
Engager
‎07-19-2018 02:43 PM

If your IBM I system is at newer releases, V7.2 or V7.3 and fairly current on PTF's you can send the system audit log to a syslog server.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

and the QHST history log:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

0 Karma
Reply

bryanmdietz
Engager
‎07-19-2018 02:42 PM

If your IBM i is at newer releases, V7.2 or V7.3 and fairly current on PTF's you can send the system audit log to a syslog server.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

and the QHST history log:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

Reply

gwalford
Path Finder
‎09-15-2015 02:11 PM

The best answer to this question I have seen is to use a third-party application that runs on the iSeries and converts the iSeries data to Syslog in key value pairs - Splunk then ingests this Syslog data. Since it is Key Value paired Splunk easily ingests the data and provides a near to real time integration.

Realistically, you are looking at anywhere between 5 to 30 seconds of log delay due to queuing from the iSeries systems. However, even with this delay you gain hours of speed over a direct database export every 8 hours or so - it also impacts your Splunk license a lot less.

Reply

vganjare
Builder
‎04-30-2015 03:08 AM

Hi,

Can this help?

http://answers.splunk.com/answers/25008/as400-for-splunk-app-how-is-data-collected-on-the-as-400.htm...

Thanks!!

0 Karma
Reply

Afef
Communicator
‎04-30-2015 03:13 AM

Hi,

Thanks. I tried that but no i can't data in 😕

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
li.common.scroll-to.top