Deploying the IBM Z Operational Log and Data Analytics application on the Splunk platform

To use the dashboards and searches for Z operational insights in Splunk, deploy the IBM Z® Operational Log and Data Analytics application (Log and Data Analytics application) on the Splunk platform. You can visit the video library (https://zaiops.github.io/zlda/) to watch the demo videos about the end-to-end deployment process.

Before you begin

Verify that the system requirements are met, as described in Planning for deployment of the Splunk platform, and that all prerequisite software is configured and is running.

About this task

You can configure the Splunk environment in different ways depending on volume of data, number of users and searches, system availability, and disaster recovery. The following two options for deploying the IBM Z Operational Log and Data Analytics application are highlighted. You can also use this information to configure your Splunk environment by using other options, as described in Types of distributed deployments in the Splunk documentation.
Single Splunk Enterprise system
See Deploying the Z Operational Log and Data Analytics application on a single Splunk Enterprise system.
Clustered Splunk environment
See Deploying the Z Operational Log and Data Analytics application in a clustered Splunk environment.
Important: To send data to Splunk, you can use either the Z Common Data Provider Data Receiver or the Splunk HTTP Event Collector (HEC) as the subscriber, as indicated in Subscriber configuration.

The Splunk HEC is an HTTP API endpoint that enables you to send data directly to Splunk over HTTP or HTTPS. If the Splunk HEC feature is enabled in Splunk, Z Common Data Provider can send data directly to Splunk through the HEC rather than sending data through the Data Receiver.