TCP integration configuration fields

  • Release version: Washingtondc
  • Updated December 11, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of TCP Integration Configuration Fields

    The TCP integration configuration for Health Log Analytics allows ServiceNow customers to set up log ingestion through specified fields. This setup is crucial for efficiently streaming logs to the ServiceNow instance via a designated MID Server.

    Show full answer Show less

    Key Features

    • Integration Name: A unique identifier for the integration, required for configuration.
    • MID Server Name: Specifies the MID Server for log streaming, which must support log ingestion and basic authentication.
    • Port: Required field to select a unique port, ensuring it aligns with your organization's security protocols.
    • Service Instance: The instance to which the logs will be bound, mandatory for configuration.
    • Transport: The protocol for log streaming, set as TCP and read-only.
    • Description: Optional field for adding clarifying notes about the integration.

    Advanced Settings

    • Use SSL/TLS: Option to enhance security through encrypted connections.
    • Lookup Hostnames: Option for DNS resolution of IP addresses to hostnames.
    • Boss Thread Count: Manages connection threads, configurable for performance.
    • Worker Thread Count: Handles incoming data threads, also adjustable.
    • Read Timeout Seconds: Defines the timeout duration for reads before closing the channel.
    • Default Timezone: Sets the time zone for events lacking a specified time zone, defaulting to GMT.
    • Sub Sample Drop Ratio: Configurable ratio for dropping events under specified conditions.
    • Sub Sample Receive Ratio: Configurable ratio for receiving events.
    • Max Length in Bytes: Limits the size of log messages accepted.
    • Character Encoding: Specifies the encoding standard for the data input.
    • Drop if Queue is Full: Option to discard logs during high load on the MID Server.
    • Line Breaker Delimiters: Defines characters for separating raw log lines, formatted with a comma and space.

    Key Outcomes

    By correctly configuring these fields, ServiceNow customers can ensure seamless log ingestion and management, optimizing their Health Log Analytics setup for better performance and security. Proper configuration leads to enhanced monitoring and analysis capabilities, aiding in timely decision-making and operational efficiency.

    Description of the fields on the TCP integration configuration forms for Health Log Analytics.

    Table 1. Provide details tab
    Field Description
    Integration Name Unique name of this integration. For example: My TCP integration. This field is required.
    Note:
    When you fill in this field, the generic name displayed on the form adjusts automatically to match the name you entered.
    MID server name The MID Server to which the logs are streamed. This field is required.
    • You can select only MID Servers with log ingestion capability that support basic authentication. MID Servers that support mTLS are not listed.
    • The default maximum number of data inputs streaming logs to a single MID Server is 10. You can modify this number in the MID Server properties.
    Port The port for the MID Server. This field is required.

    Select a unique port from the array. The placeholder shows the range of ports from which to choose. Make sure that your organization’s security team opens the selected port.
    Service instance The service instance to which to bind the log data. This field is required.
    Transport The protocol used for streaming log messages to your ServiceNow instance: TCP. This field is read-only.
    Description Option to add a brief description of the integration to help identify it.
    Table 2. Advanced settings
    Field Description
    Use SSL/TLS Option for selecting to use SSL/TLS.
    Lookup hostnames Option for selecting to perform DNS lookup to resolve IPs to hostnames.
    Boss thread count The number of threads that manage connections.
    Worker thread count The number of threads that handle incoming data.
    Read timeout seconds The timeout in seconds since the last read. When the timeout expires, the system closes the channel.
    Default timezone The time zone of events that the system will use if a log does not specify the time zone.

    By default, the system uses GMT in such cases, but you can specify a different time zone.
    Sub sample drop ratio The ratio of events to drop.
    Sub sample receive ratio The ratio of events to receive.
    Max length in bytes The maximum length of log messages in bytes.
    Character encoding The character encoding for this data input.
    Drop if queue is full Option for selecting to discard logs if there is a load on the MID Server.
    Line breaker delimiters The line break character separating the raw log lines.

    Splitting values must be separated by a comma followed by a space: ", ". For example: "\r, \n, , splitHere, #".