Blog > Mainframe > Log Forwarding with Ironstream for Splunk

Log Forwarding with Ironstream for Splunk

Authors Photo Rachel Levy Sarfin | January 30, 2020

Over the past several years, Splunk has become a definitive leader in analyzing log data, giving its customers the power to turn the insights from this machine data into action. Splunk enables users to analyze and visualize this data in a single view, revolutionizing the way organizations discover security threats, monitor compliance requirements, and find (and fix) IT infrastructure problems across their enterprise.

Logs and log forwarding

A log is simply a file containing information about events, processes and messages generated by software, operating systems and programs. While they might seem mundane, these logs form an immutable record of all activity across the business. There’s significant value in this data if you can collect and make sense of it all. However, the massive volume and complexity of this type of data makes it very difficult to do without specialized tools. That’s the benefit that Splunk provides.

In order for Splunk to work its magic, the logs must be collected from all the systems, networks and applications across the enterprise, and forwarded to the Splunk platform. However, Splunk does not offer native connectivity to two very important systems that existing in thousands of organizations around the world – including the majority of the Fortune 100 – the mainframe and IBM i.

How to forward mainframe and IBM i logs to Splunk

In 2014, Splunk and Precisely formed an alliance to solve the challenge of integrating mainframe log data with operational data collected from elsewhere in the enterprise. With decades of experience working with mainframes, Precisely was well-positioned and excited to create a product to collect, transform and forward this mainframe log data to Splunk. The product was later expanded to also support the IBM i.

Today, Ironstream is the industry’s leading automatic forwarder of IBM z and IBM i operational data to Splunk. It continually collects operational and security data from a wide range of sources in IBM z and IBM i environments, transforms and forwards it to the platform in near real time – enabling security reporting, threat detection, and more.

Ironstream can capture information from a variety of data sources including: Syslog, SyslogD, SMF, RMF Monitor III, Log4j, SYSOUT, Db2 tables, Unix System Services file systems, and more. Once in Splunk, that data can be screened and probed for operational and security intelligence.

Watch our webcast

Legacy IBM Systems and Splunk: Security, Compliance and Uptime

Splunk is an industry leader in IT operations and security analytics – helping you make better, faster decisions with real-time visibility across the enterprise. Watch this virtual seminar to learn how to seamlessly integrate the mainframe and IBM i into Splunk for a true enterprise-wide view of your IT landscape.

Why choose Ironstream for Splunk®?

Ironstream enables the analytics platform to provide total visibility into the IBM mainframe and IBM i environments. There is no need for special knowledge and expertise to correlate mainframe or IBM i data with that coming from other platforms. Simply use Ironstream to collect z/OS data and IBM i sources to break down silos and enable your organization to:

  • Effectively monitor with an enterprise-wide view
  • Identify and respond to security threats
  • Discover and trouble-shoot server, application and network problems

Your legacy mainframes and IBM i systems hold valuable information. Ironstream for Splunk® helps you unlock that value through log forwarding; the data stored in logs can tell you crucial things about your systems that you wouldn’t have known otherwise (or perhaps would have found out too late).

Learn more about how Ironstream for Splunk seamlessly integrates with Splunk Enterprise IT operations analytic solutions to include IBM i security information in a company’s IT analytics solution: watch our webcast