The errpt is command to generate a report of logged errors, you can send the result to splunk in different way , you can use a forwarder to forward the generated report of logged errors to Splunk
Or you can create and ODM entry to run the logger command whenever an error is logged
1. Create an ODM entry to run the "logger" command whenever an error is logged.
# vi /tmp/syslog.add
errnotify:
en_name="syslog1"
en_persistenceflg = 1
en_method = "logger -pnotice Msg from Error Log: $(errpt -a -l $1 | grep -v 'ERROR_ID TIMESTAMP’)"
Add the entry to ODM
# odmadd /tmp/syslog.add
Add a syslog entry to forward "notice" priority messages to splunk host “splunkhost "
# vi /etc/syslog.conf
*.notice @splunkhost:port
Refresh the syslog demon to pick up the new entry
refresh -s syslogd
In Splunk you will need to create new data input for syslog following the doc http://docs.splunk.com/Documentation/Storm/Storm/User/Howtosetupsyslog
note : IBM link about errpt command
http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds2/errpt.htm
... View more