I found the install instructions in the CL source . . .
0015.00 /* PROGRAM SETUP INSTRUCTIONS: /
0016.00 / 1) SIGNON TO THE ISERIES SYSTEM USING AN ADMINISTRATOR ID /
0017.00 / E.G. QSECOFR /
0018.00 / 2) CRTLIB LIB(AUDITLIB) AUT(EXCLUDE) */
0019.00 / 3) CRTSRCPF FILE(AUDITLIB/QCLSRC) /
0020.00 / 4) STRSEU SRCFILE(AUDITLIB/QCLSRC) SRCMBR(AUDITPGM) /
0021.00 / COPY THE SOURCE FOR PROGRAM AUDITLIB/AUDITPGM INTO /
0022.00 / THIS SOURCE MEMBER. /
0023.00 / 5) STRSEU SRCFILE(AUDITLIB/QCLSRC) SRCMBR(FTPSCRIPT) /
0024.00 / COPY THE SOURCE FOR FTP SCRIPT AUDITLIB/FTPSCRIPT INTO /
0025.00 / THIS SOURCE MEMBER. /
0026.00 / 6) CRTCLPGM PGM(AUDITLIB/AUDITPGM) SRCFILE(AUDITLIB/QCLSRC) /
0027.00 / SRCMBR(AUDITPGM) TEXT('AUDIT PROGRAM')
Nothing is installed on the iSeries. You FTP the logs from iSeries to somewhere Splunk can access and then index them with Splunk. Splunk does not have any native software for the iSeries yet. Just install the App on the SearchHead once you have the files indexed.
i had thought I'd found a splunk agent capable of being installed on unix shell on iseries here, but alas no. Could be something the for the splunk roadmap.
still its pretty useful in its current form.
Maybe some day we may release a forwarder for ZLinux, but I am unsure of the most current status of that project.