Jake, If you are that interested in this function, I would recommend you contact Syncsort Sales and request further information. That way you can be connected directly with the vendor and how their product Ironstream feeds Splunk. (Yes, I saw Chris has responded)
Note: it is not Syncsort the product that feeds Splunk. It is Ironstream product by Syncsort to feed Splunk. Go to Syncsort.com for more details on Ironstream. I have found with past companies they did not like me downloading trial versions as it could put them on the path of having to purchase the product. I do not think Syncsort would do that, but it is something to consider. If this is just a curiosity question, what specifically do you need to know that has not already been discussed? Got Splunk? Add Ironstream! Get security insights & operational intelligence from the mainframe in real time With Ironstream, you collect log data from SMF, RMF, Syslog and other z/OS sources, and forward that data in real time to the Splunk® Enterprise analytics platform. That gives you visibility into your z/OS environment as well as your distributed and open-systems environment. Total visibility, in other word. This is done without the need for z/OS monitoring systems or for specialized, scarce, and costly mainframe expertise. Comprehensive and powerful business intelligence reporting is at hand as users can easily search, analyze, and visualize the mainframe log data along with log data from distributed and open-source systems. Ironstream also integrates with Splunk’s Enterprise Security and IT Service Intelligence applications. This goes beyond IT operational analytics to give you a firmer grasp of potential security threats in your z/OS environment. It ensures that your critical business services are being delivered on time. Lizette > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Jake Anderson > Sent: Saturday, June 10, 2017 6:07 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Syncsort With Splunk > > I have used syncsort in Mainframe but don't know how splunk would speak to > syncsort running in zOS. > > Is there any architecture diagram or Manual which can help me to understand ? > > On Jun 8, 2017 10:24 PM, "Pew, Curtis G" <curtis....@austin.utexas.edu> > wrote: > > > On Jun 8, 2017, at 11:03 AM, Jake Anderson <justmainfra...@gmail.com< > > mailto:justmainfra...@gmail.com>> wrote: > > > > Is there anybody in the group who have used syncsort with Splunk ? > > > > We forward our OPERLOG to Splunk, although we don’t use Syncsort’s > > forwarder. (I wrote my own; it wasn’t that hard.) > > > > Our main motivation was to show that the mainframe group are “team > > players” since everyone else around here was investing in Splunk, but > > it is actually quite useful. We’ve set up a few regular reports of > > classes of ABENDs or other errors we like to keep track of, and it > > allows us to go back and do searches for messages when an issue arises > > that we hadn’t foreseen. > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
