Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to send data from IBM AS400 to Splunk via syslog?

Afef
Communicator
‎04-30-2015 02:48 AM

I want to create a connectivity between splunk enterprise and AS400. I tried to send logs via syslog, but Splunk didn’t receive any data.

Could you help me please?

Thanks

Tags (4)
Reply

garapathis
New Member
‎07-25-2018 08:17 PM

can you please help me understand how to send system audit log to syslog server.
I am new to splunk and trying to understand how to basically access AS400 from splunk.,Can someone please help me on how we can send the system audit log to a syslog server .....

0 Karma
Reply

micahkemp
Champion
‎07-25-2018 09:34 PM

@garapathis,

This question is over 3 years old, and is unlikely to attract sufficient attention to answer any question you may have. I suggest submitting a new question.

0 Karma
Reply

bryanmdietz
Engager
‎07-19-2018 02:43 PM

If your IBM I system is at newer releases, V7.2 or V7.3 and fairly current on PTF's you can send the system audit log to a syslog server.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

and the QHST history log:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

0 Karma
Reply

bryanmdietz
Engager
‎07-19-2018 02:42 PM

If your IBM i is at newer releases, V7.2 or V7.3 and fairly current on PTF's you can send the system audit log to a syslog server.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

and the QHST history log:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

Reply

gwalford
Path Finder
‎09-15-2015 02:11 PM

The best answer to this question I have seen is to use a third-party application that runs on the iSeries and converts the iSeries data to Syslog in key value pairs - Splunk then ingests this Syslog data. Since it is Key Value paired Splunk easily ingests the data and provides a near to real time integration.

Realistically, you are looking at anywhere between 5 to 30 seconds of log delay due to queuing from the iSeries systems. However, even with this delay you gain hours of speed over a direct database export every 8 hours or so - it also impacts your Splunk license a lot less.

Reply

vganjare
Builder
‎04-30-2015 03:08 AM

Hi,

Can this help?

http://answers.splunk.com/answers/25008/as400-for-splunk-app-how-is-data-collected-on-the-as-400.htm...

Thanks!!

0 Karma
Reply

Afef
Communicator
‎04-30-2015 03:13 AM

Hi,

Thanks. I tried that but no i can't data in 😕

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...