A number of large companies, like Medical Mutual of Ohio, are using Syncsort Ironstream® to gain easy access to vital mainframe log data, making it available in real time to the Splunk® Enterprise platform for advanced analytics. As more customers put Ironstream into production, and with the large volume of log data available on the mainframe, Syncsort identified the requirement to provide the capability to limit what data is sent to Splunk.
To meet this need, Syncsort has just delivered a new release of Ironstream with new capabilities that allows organizations to forward specific mainframe metrics, rather than the thousands that exist within SMF records, into Splunk Enterprise for valuable insights.
With this release, Syncsort is introducing SMF Filtering which allows organizations to control how much of the large quantities of SMF data generated on z/OS systems are sent to Splunk for analysis. SMF Filtering allows customers to define criteria so Ironstream can automatically access only the fields within individual SMF records that they need for analysis in Splunk — eliminating unneeded data and keeping the targeted volumes within established limits.
“Many of our customers, including leading financial and insurance companies are seeing SMF data volumes dramatically increase as more transactions on the mainframe are driven by increased processing power and data from new sources like mobile applications and the Internet of Things (IoT). They have asked us for a way to select only the data that will contribute to valuable business insights,” said David Hodgson, General Manager of Syncsort’s Mainframe business. “Our new SMF Filtering in Ironstream meets this challenge by making it easy to refine the data that goes into the data pipeline to Splunk Enterprise for analysis.”
In addition, customers who want to investigate z/OS security issues, can use a new Ironstream application that provides a view into z/OS security data and events. Ironstream also leverages Splunk’s advanced analytics and visualization for an enterprise-wide integrated view, providing deeper insights into security issues. Customers can use Ironstream to make the z/OS security data sources available to the Splunk Enterprise Security application where it can be correlated with valuable security information from other platforms.
Consistent with its Big Iron to Big Data strategy, Syncsort’s roadmap for Ironstream includes a consistent delivery of enhancements to handle emerging use cases, continuing to work to make the right data from evolving data sources readily available in real-time to Splunk Enterprise for valuable business insights.
Prior to the new capabilities, in March, Syncsort delivered new ways to push additional mainframe data sources to Splunk solutions for more comprehensive application analysis. Highlights included adding IBM z Systems log data from WebSphere®, application logs, weblogs, and application records. In addition, Syncsort provided the ability to add log data from custom mainframe applications and resource and performance data from the Resource Management Facility III (RMF III).
Syncsort allows organizations to use its free Starter Edition for moving z/OS Syslog data into Splunk Enterprise. Unlike a typical technology trial, Syncsort allows organizations to use the Starter Edition to move the data without a time limit and run the applications in production at no charge.
Stay tuned for a blog on Monday from our Mainframe General Manager and industry expert, David Hodgson with more insight into how Ironstream works!