Hi guys..
I have recently started exploring Splunk enterprise , after installing it on Linux system, and I used sample data to create pie charts, line graphs etc.
I was searching for a way to get mainframe data into splunk for data analysis and found out about Syncsort Ironstream. I searched a lot regarding the ways to download, install etc but found no luck.
Is there Ironstream software available? If yes, where can I find it?
Thanks in advance.
Hello
The Ironstream product is not free, so you need to contact Syncsort to get the software and licenses:
http://www.syncsort.com/en/TestDrive/Demo/Request-Info-Splunk
Regards
IBM Common Data Provider for z Systems (CDPz) is the best option for sending Mainframe logs to Splunk.
CDPz can send a wide variety of data including 140 data sources and 100+ SMF record types. More specifically, CDPz can support the following:
• SMF records
• SYSLOG (IBM z/OS System Log and USS SyslogD)
• JOBLOGs
• Application logs (IBM CICS Transaction Server logs and IBM WebSphere Application Server logs)
CDPz also has advanced filtering capabilities including RegEx and time filtering that can be set up using the built-in web configuration tool shown below.
More information on IBM Common Data Provider for z Systems can be found directly on Splunkbase.
There are other alternatives to IronStream for getting access to mainframe data. IBM has an offering called Common Data Provider that provides similar capability.
If you would like to try out the Ironstream product, there is currently a free 30 day trial for SYSLOG available on our website:
http://www.syncsort.com/en/Products/Mainframe/Ironstream
The download also comes with a Syslog Dashboard that demonstrates how Sylog messages can be visualized and used for discovery.
Can't find any detail info on the website on Ironstream compatibility with the latest Splunk 6.6.1 version. Having some "gsk_secure_socket_init returned No SSL cipher specifications" messages on mainframe side after updating our test environment?
Also the syslog app https://splunkbase.splunk.com/app/2792/ still mentions 6.2 as only compatible version, is that true?
There are no known compatibility issues for SSL on any Splunk release if things are properly configured.
Please contact zos_tech@syncsort.com and explain your issues and a support ticket can be opened to assist in the diagnosis the issue.
Thank you for your interest in Ironstream to move logs/files from z/OS to Splunk. We would be happy to work with you and provide you software to evaluate. Let’s schedule a call to help you understand more about Ironstream and we can learn more about your requirements.
Is Ironstream also possible to connect to a heavy forwarder instead of Splunk itself
Yes. You just have to configure the heavy forwarder with a TCP input port that accepts a sourcetype of JSON
Hello
The Ironstream product is not free, so you need to contact Syncsort to get the software and licenses:
http://www.syncsort.com/en/TestDrive/Demo/Request-Info-Splunk
Regards