The Splunk for Tivoli Netcool App is designed to forward all data from the object server into Splunk. Polls, traps, syslog, CORBA, socket, TL1, and the myriad other probes that feed the object server can all be Splunk'd. After they have been processed, you can determine your retention policy and archive old data as outlined here http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Automatearchiving
In a nutshell you need to install the app on your Splunk platform, install the Splunk UF and Tech-Add ons onto your object server, and configure the flat file gateway (nco_g_file) to write the events.
... View more