IBM Common Data Provider for z Systems (CDPz) is the best option for sending Mainframe logs to Splunk.
CDPz can send a wide variety of data including 140 data sources and 100+ SMF record types. More specifically, CDPz can support the following:
• SMF records
• SYSLOG (IBM z/OS System Log and USS SyslogD)
• JOBLOGs
• Application logs (IBM CICS Transaction Server logs and IBM WebSphere Application Server logs)
CDPz also has advanced filtering capabilities including RegEx and time filtering that can be set up using the built-in web configuration tool shown below.
More information on IBM Common Data Provider for z Systems can be found directly on Splunkbase.
... View more