We have requirement to read Message Queue. Mainframe data is getting feed to a data warehouse system. This warehouse system communicates to different application via Message Queue. We want to read this queue and index it. Is it possible to read it using Splunk Universal forwarder or we have to setup Heavy forwarder and use any API/App to index message queue data.
My main purpose of the question is to know if Splunk Universal Forwarder can be used for MQ reading purpose. I do not have permission to use Heavy forwarder.
which message queue product you using? Websphere MQ?
if yes, please have a look into this link: https://www.splunk.com/blog/2013/04/11/splunking-websphere-mq-queues-and-topics/ Uses JMS modular app
Mostly MQ format is xml.