Yes! I can't believe I didn't say this. You would be crazy to write your own dashboard presentation layer. Splunk makes this stuff so easy. You can hack at a query until you get it right, and then with a few keystrokes "can" the query so you can run it any time, or with a few more keystrokes turn it into a dashboard widget. Customers do this all the time. Splunk is a fantastic product, and Customers seem to love, love, love it.
Now before you think this is a paid plug for Splunk, let me say that I am not a fan of Splunk. I found the company arrogant to deal with, and their pricing is, well, ahem, let's say very favorable for Splunk. (That said, if you want to play with Splunk, last I knew a "play" copy was every MVS sysprog's favorite price -- free.) For getting the data from MVS to Splunk, the obvious choice is Ironstream. Splunk partnered with Syncsort (now called Persnickety or something like that) to develop Ironstream. You can send every possible piece of MVS performance and similar data to Splunk using Ironstream. (Again, using a pricing model that I find amazing.) And this is why I can't believe I didn't say this -- I was the principal author 2000-2018 of a product that is now called BMC AMI Defender -- that was written to solve the problem of getting the data to Splunk or a similar platform. We started out sending security events from SMF 80 (real time, using the exits) but quickly evolved to include session and job information, RMF information, dataset status, Db2 statistics, CICS statistics, and so forth. Going back to my first paragraph above, customers were easily able to build dashboards that would show things like "every user with elevated privileges that is current logged on." (I no longer have any relationship with the product or BMC.) > data to Splunk in a form it can work with. Splunk is actually designed specifically to work with "unformatted" data. If you wrote a script to send the console log to Splunk every 10 minutes with FTP you would have a start on the data you needed for the beginnings of a dashboard. Free script, free FTP, free Splunk (last I knew). More than you wanted to know about dashboards ... Charles On Sun, 28 Apr 2024 21:55:15 +0000, Doug Fuerst <[email protected]> wrote: >Stuff like this is migrating to Splunk and similar presentation language >environments. The problem lies in getting the data to Splunk in a form >it can work with. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
