IBM i systems are used by customers in a number of industries such as banking, retail, transportation and hospitality. Splunk is a useful tool for consolidating and analyzing event, security, performance and application data, but doesn’t automatically include critical data from IBM i systems. Detailed machine data from these IBM i systems combined with Splunk’s machine learning algorithms can provide a new level of confidence in capacity planning. Having a single and complete view of data across the IT infrastructure allows analysts to quickly identify and correlate operational, security and performance issues.
Ironstream can easily capture the needed event, security and performance IBM i data in real-time. Data forwarded by Ironstream for Splunk® can be merged with other machine data from across an organization’s IT infrastructure to support enterprise-wide IT Operations Analytics (ITOA), Security Information and Event Management (SIEM) and IT Service Intelligence (ITSI).
In this webinar we examine how one company uses Ironstream to leverage their IBM i data in Splunk and identify critical situations.
View this webinar on-demand to explore:
• How to get data from IBM i systems into Splunk
• The different types of data that can be collected and forwarded to Splunk
• Example use cases for events, security and performance data
• How to identify critical issues and integrate that data with event and incident management tools
From the Splunk Front Lines: Unlocking Insights from IBM i Data
1. From the Splunk Front Lines:
Unlocking Insights from IBM i Data
Presenters:
Bill Hammond – Product Marketing
Chip Sutton – Software Development
2. Housekeeping
Webcast Audio
• Today’s webcast audio is streamed through your computer speakers.
• If you need technical assistance with the web interface or audio,
please reach out to us using the chat window.
Questions Welcome
• Submit your questions at any time during the presentation
using the chat window.
• We will answer them during our Q&A session following the
presentation.
Recording and slides
• This webcast is being recorded. You will receive an
email following the webcast with a link to download
both the recording and the slides.
Bill Hammond
Chip Sutton
5. Integrating your critical security and operational data
from the mainframe and IBM i to
next-gen analytics platforms
6. Ironstream Solutions
IT Operations & Security Analytics
ITOA & SIEM
• Monitor operational status of
enterprise IT infrastructure
• Monitor resource utilization and
availability
• Reduce Mean time to identify and
repair errors
• Deliver against service level
Agreements are met
• Detect and prevent security threats
• Report on security events
• Monitor privileged user activity
• Ensure compliance with security and
regulatory procedures
IT Operations Management
CI Discovery & CMDB Population
• Delivers a single view of entire
infrastructure to enable smarter IT
decisions
• Rapidly configure and launch secure
discovery of the IBM mainframe and
IBM i resources and their
relationships
• Automates manual process and keeps
an accurate single source of record
• Relationship mapping - maps
dependencies and assigns
relationships automatically
IT Event Management
Event Management
• Sophisticated event status
management of messages to help
drive proactive enterprise systems
management
• Monitors the status and health of the
mission-critical IBM systems and their
standard applications
• Analyzes complex event streams
allowing operations staff to quickly
determine the cause of a problem
• Quickly and accurately prioritize and
filter numerous events allowing
operations staff to quickly see the
problem cause
7. 7
Ironstream integrates machine data from
traditional IBM systems into leading IT
analytics platforms for a complete picture of
your IT environment to drive better decisions,
faster problem resolution and more accurate
troubleshooting.
9. • Applications
• Operating Systems
• Databases
• Performance Metrics
• Network statistics
• Security data/events
• and much more
Splunk is a Great Enterprise Tool…
…except for Traditional IBM systems
12. 12
How does the integration work?
Splunk
Indexer
Splunk
Forwarder
Ironstream
CollectorTCP/IP
Windows or Linux Server
Ironstream
Agent
13. 13
Splunk
Indexer
Splunk
Forwarder
Ironstream
CollectorTCP/IP
Windows or Linux Server
Ironstream
Agent
Advanced Filtering –
eliminate the “noise” and get to the
valuable data you need
Lightweight agent – minimal resource
requirements, as all processing is
offloaded from the mainframe system.
Buffering of data – guaranteed delivery
of messages/data to Splunk
14. What types of IBM i data can be collected?
Message Queue data
• Similar to SYSLOG or Windows Event Logs
• Important event data about operating system,
hardware and applications
System history log
• Capture messages not sent to other message queues
Security Audit Journal Data
• System wide auditing
• Auditing for specific objects (for example files)
• Auditing for specific users
System Performance Data
• System level performance summary data
• Detailed performance data from IBM Collection
Services
Application Journal Events
• Object changes, for example database changes
(before/after)
System Job Accounting Journal Events
• Capture information Job information, processing
time, transaction counts, elapsed time, DB counts
16. Large Customer in the Automotive Industry
Customer Details
• 30,000 employees
• 20+ brands globally
• 120 IBM i servers
Traditional IBM Systems
• IBM i platform - used for most critical business
services
• Inventory Management
• Vehicle information
• Reporting
• Customer data
• Customer transactions
Why were they looking for a solution?
• Migrated from BMC Patrol to Splunk Cloud/ITSI
• Migration left a blind spot for the IBM i environment
• Added Ironstream for Splunk to provide IBM i
visibility
17. • They needed to move to a more versatile Operations Intelligence Platform
• Ironstream for Splunk provided the linkage between the IBM i and Splunk’s
IT Incident Management/IT Service Intelligence solutions
• Cost savings over previous ITOM solution
What Factors Drove Their Decision?
Ironstream
Collector
• Dashboards/Reports
• Event Analytics
• IT Service Intelligence
18. How did they leverage ITSI and IBM i data?
• KPIs (Key Process Indicators) were developed around
event and Performance Data
• Data from all sources correlated - no longer blind to
the IBM i systems
• Thresholds defined to create ServiceNow incidents
to be routed to appropriate groups