With IBM Z®'s continued importance in hybrid cloud deployments and business-critical applications, there is a strong requirement to integrate IBM Z with enterprise data analytics platform like Splunk. IBM Z Operational Log and Data Analytics
provides the complete flexibility to collect data once and stream it to one or more consumers. You
can deploy the IBM Z Operational Log and Data Analytics application
on the Splunk platform to use the dashboards and predefined searches to search, visualize, and
analyze large amounts of structured and unstructured operational data across Z systems IT
environments.
Flow of source data on the Splunk platform
Figure 1 illustrates the flow of source data
among the primary components of IBM Z Operational Log and Data Analytics on the Splunk platform. The step
numbers correspond to the numbers that are used in the illustration.Figure 1. Flow of source data among components on the Splunk platform
In each z/OS® logical partition (LPAR), the Z Common Data Provider retrieves operational data from the
configured sources and sends it to the Data Receiver on the Splunk Enterprise server.
The source data received by the Z Common Data Provider Data Receiver is written to local
data files. Splunk reads and processes the local data files based on rules that are provided by
IBM Z Operational Log and Data Analytics Splunk application.
As an alternative to the Z Common Data Provider Data Receiver, you can ingest data directly into Splunk by using the Splunk HTTP Event Collector
(HEC).
You can see predefined searches and visualizations of the data in the Splunk GUI. Insights are
provided for data from the following source types:
z/OS system log (z/OS SYSLOG)
CICS Transaction Server for z/OS EYULOG or
MSGUSR log data
Network data, such as data from UNIX System Services system log (syslogd) or z/OS Communications Server
NetView for z/OS message data
SMF data
WebSphere Application Server for z/OS logs that include
SYSOUT or SYSPRINT log data
