Have managed to get XCOM ingest into Splunk via Rest API (using the xcomend_splunk script) as per the techdocs at the URL below:
CA XCOM Data Transport for UNIX/Linux 11.6.1 > Using Splunk® > Dashboard Samples
With this integration, transfer (SUCCESS and FAILURE) related messages are being successfully ingested. However, need the following messages ingested as well:
XCOMU0474E xcomd is already running. Multiple instances not supported.
XCOMU0466E Unable to create an index file for queue.
XCOMU0465E Check of xcom.glb pathnames failed.
XCOMU0602E the queue entry does not exist.
XCOMU0602E Unable to QUEUE: Cannot Create Data File or Queue is Full messages:
It appears the xcomend_splunk script is only for transfers. The above messages indicate that the transfer couldn't be done due to issues with queue or transaction index or some such, so basically it does not get as far as calling the script.
What other option is available to ingest these additional messages into Splunk via REST API? (avoiding xcom.log ingestion due to volume issues)
Release : 11.6
Component : CA XCOM Data Transport for AIX
XCOM Engineering confirms that the additional messages referred to are more related to the XCOM Daemon (xcomd) and with the current design they are not sent to Splunk.
Adding the messages will need to be considered as an enhancement for which Engineering will need to investigate/implement the changes required.
A new idea for this enhancement was created on the Broadcom Ideas Community under the category XCOM: XCOM+Splunk integration via REST API