Getting Data In

Getting mainframe logs into Splunk?

ChhayaV
Communicator

hi,

How can i get logs from mainframe into splunk is there any forwarder avaialble? if not whatelse can be done to get logs from mainframe?

Thanks and Regards

Labels (1)
0 Karma

tldenney
Path Finder

IBM Common Data Provider for z Systems (CDPz) is the best option for sending Mainframe logs to Splunk.

CDPz can send a wide variety of data including 140 data sources and 100+ SMF record types. More specifically, CDPz can support the following:

• SMF records
• SYSLOG (IBM z/OS System Log and USS SyslogD)
• JOBLOGs
• Application logs (IBM CICS Transaction Server logs and IBM WebSphere Application Server logs)

CDPz also has advanced filtering capabilities including RegEx and time filtering that can be set up using the built-in web configuration tool shown below.

alt text

More information on IBM Common Data Provider for z Systems can be found directly on Splunkbase.

tldenney
Path Finder

The following Splunk Blog outlines how Splunk and IBM are partnering to help customers integrate IBM Z (Mainframe) Data and Insights into Splunk software:

https://www.splunk.com/blog/2017/08/22/insane-in-the-mainframe-splunk-and-ibm-partner-to-provide-end...

0 Karma

khalidewaidah
Explorer

We will use Ironstream but how we can get data

0 Karma

ArgosTAAPCC
Loves-to-Learn

How to install,configure and setup Ironstream to get data into splunk from mainframe systems?

0 Karma

DalJeanis
Legend

@khalidewaidah - you will receive the best help if you ask a new question and refer to this one in your question. Include as much information as possible about your current situation:

For example -

We would like to use Ironstream to get our mainframe logs into splunk. What are the steps that we need to take to make that happen?

Is that the question that you would like to ask?

0 Karma

jeastman
Path Finder

Hello Khalidewaidah,

Can you elaborate on what your question is about Ironstream? Are you wanting to try the product out or do you just have questions about how Ironstream obtains the data?

If you want to try Ironstream out, you can download a version that just works for SYSLOG data from the Syncsort Website here:
http://www.syncsort.com/en/Products/Mainframe/Ironstream

0 Karma

jreda
Explorer

Ironstream from Syncsort can do all of this work for you. It will handle all of the issues related to SYSLOG, z/OS SMF records, log4j and flat files. It deals with the compression, the triplets, the binary data and converts the data from EBCDIC to ASCII. It does this very efficiently, even offloading a lot of the work to a zIIP engine in order to keep the MSU cost of this work to an absolute minimum. This is all done in real time to give you the best data latency possible while not impacting the existing workload on your system.

dart
Splunk Employee
Splunk Employee

For AS/400 there is a splunk app for AS/400.
For other mainframes data is typically accessed via an NFS mounted share on a forwarder or via JDBC talking to e.g. DB2

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...