Choose Journals to Monitor - Ironstream_Hub - ironstream_for_elastic - ironstream_for_kafka - ironstream_for_splunk - 1.3

Ironstream Hub Administration

Product type
Software
Portfolio
Integrate
Product family
Ironstream
Product
Ironstream > Ironstream for Elastic®
Ironstream > Ironstream Hub
Ironstream > Ironstream for Kafka®
Ironstream > Ironstream for Splunk®
Version
1.3
Language
English
ContentType
Administration
Product name
Ironstream Hub
Title
Ironstream Hub Administration
First publish date
2022
ft:lastEdition
2024-04-15
ft:lastPublication
2024-04-15T10:44:03.897025

If the optional journal monitoring job EVJRNPROC is running on the System, data will be presented in the format defined by the monitors that were created using the Configuration Tool.

  1. From the Configuration Tool, select the Journal Monitors tab and define a new journal monitor group to hold the monitors.
  2. Click the Create button to create a new journal monitor group or click the Edit button to modify an existing group. You can also Copy, Rename, or Delete an existing group.
    Figure 1. Configure Journal Monitors
  3. In the Journal Monitor group, click the Add Monitor button to add a new journal monitor.
    Figure 2. Create Journal Monitors
  4. In the new Journal Monitor definition, enter values for these fields:
    Table 1. Fields of a Journal Monitor definition
    Field Description Notes
    Journal Name Name of the journal to be monitored. Required
    Journal Library Library where the journal resides. Required
    Targets
    • Kafka – Select to send events to Kafka.

      The hub is currently unable to send data directly to Kafka, but it can be used by forwarding a file type Target.

    • Splunk – Select to send events to Splunk.
    See Note 1 below.
    Frequency The interval (in seconds) that this monitor will be checked. Restrict values to multiples of 30.

    Mandatory

    Defaulted to 30.

    Raw Forward raw journal records to Hub. This option should always be selected for the system audit journal (QAUDJRN). If Object Type is *STMF, Raw is enforced and cannot be changed.
    Field Description Config Dropdown of File Field Descriptions to be applied.

    Only enabled if Raw is unchecked.

    Field Description Config defined in File Field Description tab.

    Object Type The type of object. Valid values are *FILE *DTAARA, *DTAQ, *LIB, and *STMF.  
    Object Name Specify the name of a specific object whose changes are being recorded in this journal.

    If no object is specified, all objects are collected in this journal unless restricted by other filtering options.

    Hidden if the Object Type is *STMF.

    Mandatory for all other Object Type values.

    Object Library The name of the library where the object resides.

    Hidden if the Object Type is *STMF.

    Mandatory for all other Object Type values.

    Path Name

    Specify the path of the IFS log(s) you want to collect. The restrictions are as follows:

    It MUST start with a forward slash (/).

    Include the full path to the folder where the logs are stored.
    Note: Do not use wildcards in the folder name. Specify the name of the log or use a wildcard instead of the name to collect some or all logs in the folder.

    Only available if Object Type is *STMF.

    Limited to 1024 Characters.

    Object Member The name of the file member of the object that is being monitored for changes. Optional, but only allowed if Object Type is *FILE. Hidden if Object Type is *STMF.
    Entry Code To filter on a specific journal code, enter the code in this field.

    Optional

    Types

    The Entry Types to be forwarded to the collector. To add event types, click the Add Type button and enter a 2-character event type, for example, UB.

    To add additional event types, click the Add Type button and enter the additional event types.

    Note: Only digits and upper-case letters are allowed in "Types" field. It does not accept spaces, special characters and lower-case letters.

    Up to 300 types can be specified per monitor.

    Note 1: There must be at least one target selected for the data. When only one check box is selected, it is greyed out to ensure it cannot be cleared until another target has been selected.

  5. Fill in the Assigned systems field to assign the completed Journal Monitor Group to one or more IBM i LPARs.
  6. Click the Save button.
  7. Click the Distribute button to send the new monitor group to the Ironstream Agent for IBM i for the Assigned systems.
  8. On the Systems tab, restart each System that is in the Assigned systems list of the newly created Journal Monitor Group.

After creating or changing a journal monitor, you MUST restart each System affected by the changes to ensure that Hub is using the new configuration details when processing journal entries.

If the journal monitor configurations are deleted after they are distributed to an LPAR, the Splunk/Kafka options will be lost, and the data will not be sent to any targets.