The Ironstream Data Model for IBM i categorizes data that has already been indexed in Splunk into one or more groups, known as datasets. Datasets help present the data in a way that makes it more approachable with recognizable categories and field names.
Data presented by the model becomes more usable to a wider audience without prerequisite, specialized knowledge. Data models encapsulate complex information to simplify searching, and the creation of dashboards and reports and to help remove the need for end-user research and reimplementation.
Working with IBM i data can be challenging when the native data field names and structures require specialized knowledge about how things “work”. It may be unclear which data sources and elements are required for a given search or dashboard, what calculations are needed, or how the data structures repeat.
The Ironstream Data Model for IBM i is specifically designed to address these types of issues.
Note: These instructions are based on the latest versions of Splunk Enterprise 8.0 deployed on-premise. Steps may vary depending upon the version and environment you are using, and different configuration steps may be required for a successful deployment.