* Download version 4.2.3, if you are running a pre-6.0 version of Splunk.
Splunk for AS/400 - iSeries provides field extractions, search templates, and reports for iSeries AUDJRN exports using DSPJRN *TYPE5 format. AS/400 Control Language (CL) scripts are provided to assist with FTP automation and QAUDJRN exports.
The app has been tested with automated FTP DSPJRN exports, in both EBCDIC and ASCII formats. Configure a monitored file/folder for your DSPJRN dumps, and let Splunk do the rest! Please see the note, below, if your data will be EBCDIC encoded.
Set the following parameters for your data input:
sourcetype = dspjrn:5
index = iseries
A link to documentation on the DSPJRN command can be found here:
Be sure to set OUTFILFMT to *TYPE5.
If your DSPJRN data will be EBCDIC encoded, add the following lines to your $SPLUNK_HOME/etc/apps/iseries/local/props.conf:
[dspjrn:5] CHARSET = utf-ebcdic
AS/400 Control Language (CL) scripts have been added to help with FTP automation and QAUDJRN exports. These can be found in $SPLUNK_HOME/etc/apps/iseries/bin.