The combination of Syncsort Ironstream and Splunk is an especially powerful way to solve a number of common challenges – if you know which use cases to look for.
It’s important to understand the reasons for this sometimes opaque analytics landscape. True, mindshare for the IBM z System, especially running z/OS, is often overshadowed by news from elsewhere, but motivated analysts can separate the signal from the noise. In Part 1 of this 2-Part blog, I’ll identify some of the areas this unique-in-market solution can help you with.
Even if they work in a mainframe setting, analysts should remind themselves of the scale of their own ecosystem. This list was prepared in September 2015 by Enterprise Systems Media, but it bears repeating because it helps to dollarize the market segment.
- Up to 80 percent of corporate data is still on mainframes.
- Mainframes are used by 71 percent of the Fortune 100.
- Mainframes process at least 30 billion business transactions daily.
- Mainframes are central in the timely processing of $23 billion of ATM transactions annually.
- A survey by Compuware found that of 350 enterprise CIOs who responded, 88 percent identified the mainframe as a “key business asset” for at least the next 10 years.
- IBM’s latest z13s includes an entry level machine that IBM hopes will spur interest in corporate cloud initiatives – possibly within the existing z Series customer base.
The big picture makes clear what most mainframers already know: z/OS adoption remains steady, with major corporate investment in products and services.
Tour of Ironstream+Splunk z/OS Solution Spaces
But which solution spaces are those where Ironstream+Splunk pairings make the most sense? With legacy applications still needing attention, opportunity areas are perhaps less conspicuous. The following tour identifies some of the areas where developers have seen success, or where existing projects can be simplified or grown using this toolset.
It’s important to note that these use cases are not for mainframe only. Many use cases I will describe require correlating mainframe data with data from other platforms. They are using Ironstream + Splunk so they can easily search, analyze and visualize the data to gain valuable end-to-end insights across Mainframe and other platforms via a single UI and advanced analytics engine.
Security and SIEM: Log and security data are the raw material for large-scale cybersecurity. Shifts away from simplistic perimeter filtering are feeding an appetite for high-velocity, high-volume data from z/OS and all connected devices. Incident investigations are more frequent and involve more data.
Forensics: When preventive measures fail, data to support forensics investigations become important. Failure analysis for large-scale projects involves combing through mountains of data for root-cause analysis. For insurers, a key mainframe constituency, Ironstream+Splunk data lakes can help support actuarial analysis, customer-specific risk assessment or novel underwriting areas.
Operational Intelligence (OpIntel): Systems administrators and data center analysts must often collect detailed log, audit and object metadata from the Z/OS environment as well as connected devices and systems. A key requirement for OpIntel is easy access to z/OS Systems Management Facility (SMF) records, which can be delivered by Ironsteam into Splunk.
Component-specific z-Systems monitoring: Performance management for IMS, WebSphere, CICS, DB2 may lack adequate operational data to support monitoring and SLA’s. Analytics not previously feasible can now be performed.
Hybrid cloud and multi-mainframe management: Management of hybrid clouds as well as firms with multiple mainframe sites face data fusion challenges. Load balancing, scheduling and aggregation for analytics require steady, timely data streams, including mainframes. Solutions using system data may be essential to meeting contractual SLAs.
In Part 2, we will look at more solution areas where Syncsort’s Ironstream and Splunk Enterprise can provide valuable insights.
Learn more about using Ironstream with Splunk