Refine your search:

AS400 iSeries app/collection?

3
1

Hello, I wanted to know if anyone is using splunk with their as400/iseries. We want to gather QAUDJRN, QSYSOPR, QHST data and performance data. The catch is we would like to do it without purchasing a third party agent that forwards this data for another 4k. I was thinking some type of scripted input?

asked 27 Oct '10, 14:18

dondky's gravatar image

dondky
412
accept rate: 0%

I have also the same task where I have to pull AS400 information. I was basically told to manage an AS400. The problem is I don't know what to montior.

I was able to get data using expect, some command, but i don't know if what I am doing is enough.

How is you application looking?

(20 Jan '11, 15:34) clyde772
3 Answers:
oldestnewestmost voted
3

I'm certainly no iSeries expert, but since nobody else has chimed in...

Without a third-party agent, your options are limited. A couple of possibilities:

  • Screen-scraping

    If you want to use a scripted input to screen-scrape the connection, you can leverage the pexpect Python library to help interact with the telnet (or whatever) session. pexpect is not included with Splunk, but will work fine if you place the Python libraries in the same directory as your script.

  • Dump to a file, then retrieve

    If you can dump the contents of each of the logs you're interested in to a flat file, it's not so bad. You can use a cron job to copy the files from IFS/FTP/etc. to a path Splunk indexes, and pick it up from there. Or, you can have Splunk retrieve the file directly as a scripted input.

  • Roll your own syslog forwarder.

    PASE evidently has syslog support, and it looks like there's some sort of API structure (QjoRetrieveJournalEntries?) available for accessing the contents of these.

Given the cost of a Splunk Enterprise license, realistically it may be worth it to just go for the extra $4k for the 3rd-party forwarder (syslog-ng, PowerTech, etc.).

link

answered 30 Oct '10, 03:52

southeringtonp's gravatar image

southeringtonp ♦
4.5k1215
accept rate: 35%

3

http://splunk-base.splunk.com/apps/24097/splunk-for-as400-iseries

link

answered 24 May '11, 12:17

gpullis's gravatar image

gpullis
9815
accept rate: 20%

0

Thanks southeringtonp, responses were very helpful. I have been thinking of working to screen scraping and pexpect looks awesome. We can also dump to a nfs mount that could also be indexed. My guess is I'll probably be going down the screen scrape route.

link

answered 01 Nov '10, 14:10

dondky's gravatar image

dondky
412
accept rate: 0%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×17

Asked: 27 Oct '10, 14:18

Seen: 1,619 times

Last updated: 24 May '11, 12:17

Related questions

App Wanted: Tomcat

App Wanted: LSF log parser

AS400 for Splunk app: How is data collected on the AS/400?

Splunk for Exchange App (i.e. activity monitoring app)

Use googlemaps app instead of amMap for Cisco Security App?

What is the default behavior for an app that does not have an app.conf file?

App does not support UI access. See its app.conf for more information.

What is the difference between App Search and App Launcher?

Why does my app redirect to http://localhost:8000/en-US/app/APP_NAME/_admin when I click on the logo

Copyright © 2005-2012 Splunk, Inc. All rights reserved.