This document discusses integrating IBM Z (mainframe) systems into ServiceNow and Splunk using Ironstream. It describes how Ironstream can provide 360-degree visibility across IT infrastructure, including mainframes, by enabling discovery and event management in ServiceNow and real-time log collection and normalization for analytics in Splunk. Use cases discussed include monitoring operational status, reducing downtime, meeting SLAs, detecting security threats, and achieving compliance. Customer stories demonstrate how Ironstream helped organizations achieve a single source of truth across all systems in ServiceNow and support optimal service delivery and PCI compliance by including mainframe data in Splunk.

1. Downtime
is Not an Option
Integrating IBM Z into ServiceNow & Splunk
Ian Hartley I Product Management Director
® ®

2. Downtime is Not an Option
• : Outages happen
• : Failures & missed SLAs are costly
• : Reputations are damaged
Online outages, delays continue to impact Costco shoppers
The issues were a major problem on Thanksgiving and again on Black Friday
*https://www.atlassian.com/incident-management/kpis/cost-of-downtime
Average estimate…
$9K per minute!*

3. Everyone’s Watching…
…You Need to See First!
3

4. Everyone’s Sharing…
…Your Failures!
4

5. Wait a minute…
We are talking about MAINFRAMES
They are rock solid & secure…
…right!?

6. Maybe…
• Mainframe is not a static environment
• System & application changes take place
• Most system outages are due to human error
…and mainframe is no exception
• Mainframe remains a mission-critical platform
• Supports vital services connected to the rest of the
enterprise stack
• When a service fails… the broader organization needs
visibility into the mainframe to trouble-shoot
…and resolve FAST
• Better still? Get visibility of issues BEFORE they occur

7. Today’s IT is Complex – Need 360° Visibility
7 Mainframe

8. Legacy IBM systems are left out of today’s
leading IT analytics & operations platforms
Distributed and
Cloud environments
Mainframe and
IBM i Systems
IBM Z
Mainframe
IBM i
System
8

9. Big Iron to
Big Data
Analytics
Challenges
Systems Management Facility
(SMF), Syslog, Log4j web and
application logs, RMF, RACF,
USS files and standard datasets
Complex data structures
(SMF) with headers, product
sections, data sections,
variable length and self-
describing
• EBCDIC not recognized
outside of the mainframe
world
• Binary flags and fields
9
Millions of log records
generated daily – 9.7TB
average daily mainframe log
data …and growing
Not real-time, typically have to
wait overnight for an offload
Typical daily FTP
upload/downloads can’t get
granular

10. Ironstream Removes the Barrier
Enables 360° visibility
IBM Z
Mainframe
IBM i
System
360°
view across
the enterprise
10

11. Use Cases
• Monitor operational status of enterprise IT infrastructure
• Make better decisions to take control of the IT infrastructure
• Monitor resource utilization & availability
• Problem detection & isolation
• Reduce MTTI, MTTR
• Meet SLAs
• System health, KPI monitoring with Splunk IT Service Intelligence
• Detect & mitigate security threats
• Privileged activity, anomalies, data movement
• Achieve compliance
• Pass audits
• Comprehensive surveillance with Splunk Enterprise Security

12. Ironstream for ServiceNow

13. 13 © 2019 ServiceNow, Inc. All Rights Reserved. Confidential.
Deliver high-performing business services
with visibility and AIOps
Deliver
business service
health with AIOps
Establish
complete visibility across
your operations estate
CMDB
Optimize
spend on cloud
usage and software

14. Ironstream Integration with ServiceNow Discovery
• Rapidly configure and launch secure discovery of IBM i
and mainframe resources and their relationships
• Auto-populate and maintain the ServiceNow
Configuration Management Database (CMDB)
• Automatically map dependencies & assign relationships
• Get a single view of entire infrastructure to enable
smarter IT decisions
• Reduce decision times and errors, increase productivity
with intelligent automation
14

15. MID Server
Agent
Mainframe or IBM i LPAR
Discovery Agent
MID Server
IMSMQ
Db2 CICS
Network
Host
Resources
Probes sent to run
discovery scripts
Scripts execute
commands
Client runs command
against agent
Agent executes
commands on LPAR
Agent sends output
back to client
1
2
3
4
5
6Sensor parses output
and creates CIs
Resources and Subsystems
Discovery Workflow
REXX
VTAM
MQ Commands
MVS
Db2 Queries
Ironstream
MCS

16. Ironstream for
ServiceNow
Discovery
• DB2 - DDF, DSG, databases,
table spaces and deep
configuration data
• Completed jobs
• DASD storage
• Storage groups
• CICS - regions, transactions,
programs
• IMS - regions, databases,
transactions, programs
• MQ - managers, channels,
queues
• Memory
• LPAR
• CPU
• Network connectivity
• Installed IBM/non-IBM software
• Local Storage with ASPs
• Memory
• LPAR
• CPU
• Network connectivity
• Installed software
• Selected system values
• Subsystems
• Active jobs
• Job queues
• Output queues
• Libraries
• Program objects

17. Ironstream Integration with ServiceNow
Event Management
• Extends cross-platform capabilities of
ServiceNow ITOM to include mission-critical
IBM mainframe & IBM i environments
• Significantly reduces event noise and floods
generated by third-party monitoring tools,
• Monitor service health
• Prevent outages
• Easily take action
• Sophisticated z/OS and IBM i event status
management of any messages which go
through the console to establish proactive
enterprise systems management
MAINFRAME 1
MAINFRAME 2

18. MID Server
Agent
Mainframe or IBM i LPAR
Ironstream
MCS
Event Mngmnt
Agent
MID Server
JES,
SDSF
MQ
Db2 CICS
Network
Host
Resources
Integrates with
Event Management
Passes to MID Server
MCS filters & formats
messages/information
Agent detects
messages, runs scripts,
commands etc. on LPAR
Agent sends output
to client
5
4
3
1
2
6
Leverages workflow to
process & automate
Resources and Subsystems
Event Management Workflow
REXX
VTAM
NetView
MVS
TCP/IP

19. Ironstream for
ServiceNow
Event
Management
• 110+ Event Rules including:
• System Console/Syslog Events
• CICS Transient Data Queue
Events
• IMS Master Terminal Operator
Events
• Interval Monitoring
• SMS Group Threshold
Monitoring
• MQ Manager, Channels,
Queues
• Active Jobs
• RMF based Performance
Monitoring
• Custom Message Interface
• Message Automation
• Reliable TCP Communication
• Heartbeat and positive message
acknowledgement
• Message Buffering
• Command Console
• 170+ Rules for IBM i, including:
• AS/400 State
• ASP State
• Audit Journal Alerts
• Job Queue State
• Job/Subsystem State
• Memory Pool State
• Threshold Monitoring
• I/O per second
• TIMW Status
• Message Queue Alerts
• MQ Series States
• TCP Connection Status
• CMTW Status
• MTXW Status
• Output Queue State
• Services State
• Agent Connection
• Wait Status Monitoring

20. Discovery

21. Event Management Rules

22. Event Management Workflow

23. Ironstream for Splunk

24. Splunk: Industry-Leading Platform For Machine Data
Online
Services
Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Application
s
Custom
Apps
Messagin
g
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
RFID
On-Premises
Private
Cloud
Public
Cloud
Enterprise Scalability
Universal Indexing
Developer
Platform
Report &
analyze
Custom
dashboards
Monitor
& alert
Ad hoc
search
!
24

25. Comprehensive Security & Operational Metrics
Disk Information
• Reads/Writes
• Disk Capacity
• Disk Space Availability
• Disk Busy
• Disk Response Times
Job Information
• CPU used
• Socket sends/receives
• Stream file, directory & Symlink reads
• Stream file writes
• Seize/Wait time
• Communication Puts/Gets
CPU information Per Virtual CPU
• Time used
• Number of CPUs active
TCP communications
• Detailed stats at Datagram
• Fragmentation information
Physical Processor information per CPU
• Time used
• Owning Partition
Virtual Processor information per Virtual CPU
• Status, Time active, Time used.
• Configured/Uncapped available time
• Instruction count
Memory pool information per Pool
• Database faults
• Non-database faults
• Job transitions Size
• Disk I/O stats
• Pages aged and stolen
Job summary information
• CPU used
• Disk I/O detail
• Database/Non-database
• Page faults
• I/O Pending faults
Security Information
• User Profiles
• System Values
• Object attributes & authorities
• Authorization Lists, Job Descriptions
• Commands
• Active Jobs, Spool Files
• Changes to values, authorities, profiles, auth. lists
• Access attempts (authentication or object access)
• Sensitive object access

26. Four Key Use Cases addressed with Ironstream
and Splunk
• Response times/SLAs
• Latencies
• Exceptions
• Resource utilization
• Sensitive data access
& movement (PII/PHI)
• Configuration settings
(e.g. FISMA)
• IRS Pub 1075
• PCI DSS
• Incident triage
• Anomalous behavior
detection
• Glass table view of
entire service process
• Predictive analytics
• User Authentications
• Account & login activity
• FTP sessions & file
activity
Security
Operational
Intelligence
IT
Monitoring
Compliance
26

27. Precisely
Ironstream
for Splunk
360ᵒ View:
• High performance, real-time
collection of IBM mainframe
information
• Normalizes the z/OS data so it can
be used by Splunk
• Same Splunk dashboards, bigger,
more complete data sets; free apps
• Network managers, security
analysts, application analysts,
enterprise architects can use
without requiring mainframe
access or expertise
27

28. What does Ironstream provide for Splunk?
28
• High performance, cost-effective platform for collecting critical
log, machine, and event data
• Normalization of mainframe and IBM i data for off-platform
analytics & operations engines, including cloud
• Completes the enterprise-wide picture of IT infrastructure
• Better visibility
• Better agility
• Better control
• Addresses the SME challenge: Used by network managers,
security analysts, application analysts, enterprise architects
without requiring detailed mainframe or IBM i access or
expertise

29. 29
Example Dashboards powered by Ironstream
Security
• Authorization Failures
• Change Profile Events
• System Value Changes
• User Activities
Operations
• Capacity Monitoring
• CPU Utilization
• Create/Delete objects
• Disk Performance
• Job Durations
• LPAR Performance
• Message Queue Events
• System Performance
Application Data
• Employee Database Use Case
Splunk Dashboards

30. Ironstream for Splunk works with Mainframe Data
Precisely
Ironstream
Data
Forwarder
TCP/IP
Ironstream
Desktop
DCE IDT
Data Collection
Extension
Real-time Collection
Assembler C,
COBOL,
REXX
!
Data Sources
HTTP(S)
SMF RMF
File
Load
Log4j IMSSYSLOG
SYSLOGD
System
State
SYSOUT
Live SPOOL
Db2 USS
Alerts
Network
Components
Forwarder
API

31. Ironstream for
Splunk
Splunk
Enterprise
IT Service
Intelligence
Powerful insights of your enterprise
for IT Operations and Security with
Ironstream for Splunk
Precisely Ironstream integrates with
the Splunk ITSI premium app to
predict and prevent service
degradation with a unified
monitoring experience
Enterprise
Security
Data Model
for Mainframe
Precisely Ironstream integrates with
the Splunk Enterprise Security
premium app to provide enterprise-
wide view of security across all
platforms
The Precisely Ironstream Data
Model provides a structured and
logical view of mainframe log data
elements in Splunk for faster
searching, analysis and Splunk
development

33. Customer Stories

34. Achieving a Single Source of Truth
with Ironstream for ServiceNow
Need for visibility across all IT
infrastructure in ServiceNow –
including mainframe
• Rely on ServiceNow CMDB as
“single source of truth”
• No comprehensive coverage
for mainframe
100’s business application touch
mainframe
• Mainframe key resource
• No insight – constant demand
on mainframe team
• Manual integration
• Too costly
• Impossible to maintain
• Out-of-date before complete
Ironstream for ServiceNow
• Certified ServiceNow solution
• Simple install & configuration
• Seamless integration with
ServiceNow Discovery
• Auto-populates & maintains
CMDB
• Auto-maps dependencies &
relationships
• Improved IT visibility
• Complete, accurate, up-to-date
CMDB
• Visibility of all IT infrastructure
• Visibility of relationships,
connections & dependencies
• Better agility
• Improved service availability
• Better change management
• Significant reductions
• People-hours
• Related costs
Challenge Solution Results

35. Supporting
optimal service
delivery at U.S.
based Loan
Service Provider
with Ironstream
for Splunk
O B J E C T I V E
• To monitor mainframe IT operations to
track health of service delivery for Loan
Service Providers
• Capture mainframe business data in
support of system and application
monitoring in Splunk
C H A L L E N G E
• Required several data feeds including SMF,
SYSLOG and SYSOUT for batch job
monitoring
• Filtering the log data to selected jobs
• Loading business data from sequential files
S O L U T I O N
• Precisely Ironstream forwarding required
log data and filter it to specific messages
and jobs
• Splunk for IT operations analytics
B E N E F I T
• Increased visibility to support optimal
service delivery for loan service providers
• Fast time to value, with ease of installation
and configuration, in contrast to
competitive solutions

36. European bank
tackles PCI-DSS
compliance with
Ironstream for
Splunk
C H A L L E N G E
• Working against a tight deadline to
build a solution with Splunk to
continuously monitor all relevant
PCI DSS requirements.
• Needed a proven, easy-to-use
solution to include their busy,
complex mainframe environment,
which included 6 mainframes and
900+ production CICS regions
S O L U T I O N
• Ironstream for Splunk:
• Seamless integration to include
mainframe log data into Splunk
• Proven to be easier to install,
configure and use vs. competition
B E N E F I T
• Compliance with PCI DSS mandates
• Single, enterprise-wide monitoring
solution for all systems, including
mainframe

37. Thank you
precisely.com/integrate