Preparing to send data to Splunk
To send data from Z Common Data Provider to Splunk, you can use either the Z Common Data Provider Data Receiver, or the HTTP Event Collector (HEC) function at Splunk. Prepare your environment based on the method that you choose.
Before you begin
If you acquire the Z Common Data Provider component with the IBM Z® Operational Log and Data Analytics product, the IBM Z Operational Log and Data Analytics 5.1.0 product documentation supersedes the Z Common Data Provider 5.1.0 component documentation.
For complete instructions on preparing to send data to Splunk and deploying the IBM Z Operational Log and Data Analytics application on the Splunk platform, see Deploying the IBM Z Operational Log and Data Analytics application on the Splunk platform. The included Splunk insights help to quickly visualize and search operational data. It reduces the mean time to identify the cause of operational issues.
- Send data to Splunk by using the Data Receiver.
- Send data by using the HTTP Event Collector.
Sending data by using the Data Receiver has lower CPU usage and smaller data size that is ingested to Splunk. But you must configure and run an Z Common Data Provider Data Receiver on the system where the Splunk Enterprise server or heavy forwarder is installed. Also install the Z Common Data Provider Buffered Splunk Ingestion App at Splunk. This is recommended for Splunk ingestion.
Sending data by using the HTTP Event Collector provides quick end-to-end implementation and does not need the Data Receiver and the Buffered Splunk Ingestion App. However, this method increases the data ingestion size, the cost, and the CPU usage on mainframe.