AIOps on IBM Z - Group home

As the year comes to a close, we’ve got a lot of new capabilities we’re excited to share with you. Referring back to the blog written by Sreekanth Ramakrishnan, Best practices for taking a hybrid approach to AIOps, the role of IBM Z Operational Log and Data Analytics is to be your go to whenever you need to quickly get to the root cause of an issue. Whether this be an isolated incident on the mainframe, or part of a much larger hybrid incident – this provides the means to uncover, search and visualize your Z data.

On Nov 17th, 2023, the continuous delivery release 5.1.x.14 of IBM Z Operational Log and Data Analytics was made generally available, bringing the following major features and enhancements. 

Updates at a glance:

Z operational analytics common components updates

• Enhancements to the management of authentication service (LDAP-based authentication and multi-factor authentication)
• Major changes to the configuration files, utility commands, and logging configurations for OCI containers

Platforms updates and support

• New z/OS Connect Enterprise Edition API Requester dashboards for Z Data Analytics Platform, the Elastic Stack, and Splunk
• New scripted tooling for managing non-curated ingestion pipelines on the Elastic Stack
• Miscellaneous updates and problems fixed for the analytics platforms

Z Common Data Provider updates

• New currency support
• Updates to the keystore files to eliminate the impact of the version upgrade from Java 8 to Java 11
• Enhancements to the NetView Netlog configuration for multiple NetView instances

Updates in detail:

Enhancements to the management of authentication service

Authentication service now supports LDAP-based authentication (including RACF support)

• In your organization, if you already have Lightweight Directory Access Protocol (LDAP) or Active Directory services that store user information, now you can configure Keycloak to delegate authentication to a user authentication provider through LDAP. This allows seamless connection to these data repositories, enabling validation of credentials and retrieval of identity information

Authentication service now also supports multi-factor authentication

• For both IBM Z Anomaly Analytics and IBM Z Operational Log and Data Analytics, Keycloak now provides support for multi-factor authentication through various methods. You can configure MFA by using the Keycloak Admin Console.

Major changes to the configuration files, utility commands, and logging configurations for OCI containers

• The logging of the OCI containers is now more flexible and easier to integrate with the underlying operating system. You can configure the logging driver to be either json-file or journald, based on your needs. For more information, see Configuring logging drivers.
• Runtime configuration files have been moved into OCI volumes to remove dependency on host storage. For more information, see Configuration file reference for OCI container images.
• Commands for administering the software containers have been updated. For more information, see Command reference for OCI containers.

New z/OS Connect Enterprise Edition API Requester dashboards for Z Data Analytics Platform, the Elastic Stack, and Splunk

New z/OS Connect Enterprise Edition API Requester dashboards are available on the Z Data Analytics Platform, the Elastic Stack, and Splunk. You can leverage these new out of the box dashboards to view API requester data for z/OS, CICS Transaction Server for z/OS, and IMS for z/OS.

New scripted tooling for managing non-curated ingestion pipelines on the Elastic Stack

• The logstash ingestion kit for raw data comes with many files.  It is important to make sure only the files for the data you are sending to Elasticsearch are copied to the configuration directory as including all the many raw data files will impact performance. Finding the ones you need for your data can be time consuming. Now, a new tool is available for you to automatically copy the Logstash configuration files for raw data streams.
• A set of the Logstash configuration files provided with Z Operational Log and Data Analytics require read access to Elasticsearch tables. To enable Logstash to access them, the Logstash query needs to be customized with the Elasticsearch host value for your environment. In addition, in a production environment, Elasticsearch is typically configured to use Transport Layer Security (TLS) encryption as well as user ID and password authentication. The Logstash queries also need to be customized to support this security configuration. Customizing the curated and raw configuration files can also be time consuming. Now, a new tool is available for you to easily customize Logstash configuration files that contain Elasticsearch connection definitions to meet the requirements of your environment.

Enhancements to the Z Common Data Provider 

• New currency support: 
  • CICS journal records
  • SMF 1154 subtype 84
  • SMF 1154 subtype 113
  • SMF 1154 subtype 114
• The structure and format of the keystore files for the Data Streamer and Data Receiver have been updated to eliminate the impact of the version upgrade from Java 8 to Java 11.
• The configuration of the NetView Netlog data stream has been enhanced so that the Log Forwarder can collect NetView Netlog from different domains on different LPARs using the same policy.

For a full list of new and changed functions in 5.1.x.14, see "What’s new in 5.1" in the IBM Z Operational Log and Data Analytics 5.1 documentation.

More resources:

• To get the latest fix pack, visit IBM Fix Central: https://ibm.biz/zlda-fixpack
• Watch the end-to-end demo videos, access the video library: https://zaiops.github.io/zlda/
• Take a self-paced online course at no cost and earn a digital badge https://learn.ibm.com/course/view.php?id=12017
• Learn more details about the deployment: https://ibm.biz/zlda-doc
• Find more about IBM Z AIOps portfolio: https://www.ibm.com/z/aiops
• Learn more about the AIOps framework: http://ibm.biz/AIOps-handbook