Configure data inputs (TCP)

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read

    • Configure a data input for sending raw log messages to your ServiceNow instance directly over a TCP/SSL socket.

    Before you begin

    Important:
    Health Log Analytics does not support IPv6. To work with the application, configure the MID Server to IPv4.
    • You must have an installed and configured MID Server with the log ingestion capability enabled.

      MID Server configuration with Log Ingestion capability enabled.

    • If the MID Server IP address is exposed by network address translation (NAT), a load balancer, or a similar device, it must have a public IP address. In the MID Server properties, add a property named mid.public_ip with the public IP address as the value. For more information, see Create a MID Server property.
    • For information about shipping your logs encrypted using SSL TLS, see the Streaming Data With Rsyslog & Filebeat Using SSL [KB0866319] article in the Now Support Knowledge Base.
    Note:
    For information about streaming data from Logstash to your instance, see the Streaming data from Logstash to your HLA instance [KB0994735] article in the Now Support knowledge base.
    Role required: evt_mgmt_admin

    Procedure

    1. Navigate to All > Health Log Analytics > Data Input > Data Inputs.
    2. On the Data Inputs page, select New.
    3. Choose the TCP data input type.
      Note:
      The selected data input type complements the passive data input (listener). For more information, see Supported data inputs for Health Log Analytics.
    4. On the form, fill in the fields.
      For a description of the fields, see TCP data input configuration fields.
    5. Optional: Select Advanced to set additional configuration fields.
      For a description of the fields, see TCP data input configuration fields. For information about configuring the advanced settings later, see Configure advanced settings for Rsyslog, Splunk, or TCP data inputs.
    6. Select Save.
      Health Log Analytics adds the data input record to the Data Inputs table.
    7. Ensure that the data input is configured correctly by selecting Test connection.

      Health Log Analytics tries to connect the MID Server to the data repository.

      • If the connection was established, the Test connection button is turned off and the Publish button is enabled.
      • If the connection failed, the reason for the failure displays in the Error message field. Resolve the issue, select Save if you modified the configuration, and then select Test connection to test the connection again.
        Note:
        You can only publish the data input configuration when the connection is created successfully.
      Note:
      You can revert to the last published configuration by selecting Revert Changes. This option is available only when you're modifying a configuration that has been published previously.
    8. Select Publish to publish the data input to the MID Server.

    Result

    The data input starts sending raw log messages to your instance directly over a TCP/SSL socket.

    Note:
    If the Health Log Analytics AI engine is down and data has stopped streaming, a notification appears at the top of the data input configuration page. When this happens, contact ServiceNow support.

    What to do next

    Make sure that the data input is streaming data.