Big Data & Analytics Blog

News and views from the team at Keylink

Splunk + Ironstream for Real-Time Mainframe Insights

Wednesday, May 17, 2017

Mainframes power mission-critical applications across the enterprise, processing millions of transactions every day. So it's no surprise the ability to obtain real-time security insights and operational intelligence from z/OS mainframe systems is generating a lot of buzz at the moment – especially among banking, finance and insurance organisations.

The powerful combination of Splunk + Ironstream is the premier solution in this space, but for those who aren't familiar with these two products here's a high-level overview of the what, why and how.

What is Splunk?

Splunk is an enterprise software platform that collects and indexes log files and machine data from any source (for example, applications, servers, networks, mobile devices and industrial systems). Splunk provides a web-based user interface to allow users to search, monitor and analyse these massive volumes of machine data to quickly diagnose service problems, detect sophisticated security threats, understand the health and performance of remote equipment and demonstrate compliance. Splunk runs on Windows, Unix or Linux, but doesn't include out-of-the-box support for collecting data from z/OS mainframe systems.

What is Ironstream?

Syncsort Ironstream is a mainframe software product that uses standard z/OS interfaces to capture mainframe log data, such as SMF records (over 60 types), Syslog, SyslogD, RACF, Top Secret, Log4j, DB2 and forward this data to Splunk in real time (via a TCP/IP connection). Splunk users can then analyse and monitor mainframe systems and applications without requiring mainframe-specific access or training.

Key Use Cases

  1. IT Operational Analytics (ITOA) - gain valuable insights about mainframe operations through real-time incident triage, anomalous behaviour detection and predictive analytics for better business decisions
  2. Security Information and Event Management (SIEM) - collect and forward mainframe security data in real-time to Splunk for a true 360-degree view of your enterprise IT compliance & security posture
  3. IT Service Intelligence (ITSI) - take a service-centric view of response times, SLAs, exceptions and resource utilisation for both mainframe and distributed IT system health monitoring

Already have mainframe applications for monitoring and reporting?

Customers may continue to use legacy mainframe apps, but find that Splunk + Ironstream extends their capabilities in 2 key areas:

  1. Real-time - typical mainframe reporting solutions can tell you what happened yesterday or last month, but there's significant value to be gained from seeing the data in real-time. For example, monitoring excessive failed TSO login attempts, or alerting on zombie CICS transactions
  2. Visibility - expand visibility of critical mainframe services across the enterprise – security, customer experience, help desk – without requiring specialist mainframe training or access. For example, analyse and monitor the performance of your online banking service across mobile, web, network, mid-range and mainframe systems from a single pane of glass

Ironstream is a simple install on the mainframe with minimal MIPS impact, and meets all the regular Splunk forwarder requirements for security, load-balancing and error recovery.

Learn more or contact us today.

Syncsort Ironstream

Need Help?

Struggling with data integration, ETL, Hadoop, dashboards? We can help.

Our ProductsContact us