Exploring Log Export Service (LES)

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Log Export Service (LES)

    The Log Export Service (LES) offers ServiceNow customers a highly scalable, near real-time integration to connect ServiceNow log data with external analytic tools. It enables enhanced detection of security threats, incident analysis, troubleshooting of application performance, and monitoring of user experience within ServiceNow environments. LES leverages the Hermes Messaging Service, a ServiceNow AI Platform capability built on Apache Kafka, to transport and queue large volumes of log events efficiently.

    Show full answer Show less

    LES forwards copies of log events as they are generated to Hermes Messaging Service, which supports multi-tenant, multi-cluster data streaming. External log analytics systems, whether cloud-based or on-premises, can consume these log events through LES.

    Connectivity Options

    LES provides three methods for consuming logs from Hermes Messaging Service:

    • Dedicated MID Server: An on-premises or cloud-installed MID Server pulls log events continuously from Hermes Messaging Service and forwards them to log analytic tools via REST.
    • Kafka Connector: Your log analytics platform’s Kafka connector (e.g., Splunk) connects to Hermes Messaging Service to pull logs continuously and push them into your analytic environment.
    • Direct Kafka Connection: Your Kafka system connects directly to Hermes Messaging Service using native Kafka protocols to consume log events.

    Configuration and Management

    To set up and manage LES, customers install the LES application from the ServiceNow Store. The application includes Guided Setups for configuring log sources, consumers, and destinations, as well as reports to monitor log creation and consumption. Users can also create custom log source configurations to filter logs as needed.

    User Roles

    • Application Admin ([snlogstoanalytics.admin]): Installed with LES to allow non-admin users to operate the application.
    • System Administrator ([admin]): Required for LES setup and installation.

    Benefits for ServiceNow Customers

    • Create filtered log source configurations to focus on relevant log data.
    • Use guided setups to configure Kafka or MID Server consumers, simplifying integration.
    • Access log report dashboards to analyze log data volume and consumption trends.

    Next Steps

    ServiceNow customers can deepen their understanding and operational use of LES by exploring specific administration, configuration, and usage documentation provided within the ServiceNow platform.

    The LES service provides a highly scalable and near real-time integration with your analytic tools that is easy to setup and maintain. If you are new to LES, read this overview section to learn what the tool can do.

    Log Export Service overview

    The integration tool allows you to leverage your analytic solutions to perform the following:
    • Detect ServiceNow security threats and analyze security incidents
    • Troubleshoot and optimize ServiceNow app performance
    • Monitor and optimize ServiceNow user experience

    LES leverages a ServiceNow AI Platform capability called the Hermes Messaging Service, which is a multi-tenant, multi-cluster, data transport, and queuing service built on Apache Kafka that enables your instance to produce and consume large volumes of Kafka events. Apache Kafka is an open-source data streaming platform that provides a single integration point for exchanging data across business systems in your organization.

    Log Export Service architecture flow

    LES forwards a copy of the log events as they are generated to the Hermes Messaging Service.

    The Hermes Messaging Service is a multi-tenant, multi-cluster, data transport, and queuing service built on Apache Kafka that enables your instance to produce and consume large volumes of Kafka events. The Hermes Messaging Service is a ServiceNow AI Platform capability that is available as part of Stream Connect, Log Export Service (LES), and Instance Data Replication (IDR).

    The external log analytic systems, either in the cloud or on-prem, can use and consume the log events from the Hermes Messaging Service. LES provides three connectivity options to consume the logs:
    • Dedicated MID Server: A dedicated MID Server is installed on-prem or in the cloud that automatically connects to Hermes Messaging Service, pulls log events from it continuously and then pushes them to log analytic tools via a REST connection.
    • Leverage Kafka connector from your log analytic solution (for example, Splunk): A Kafka connector from your log analytics product of choice is installed on-prem or in the cloud that automatically connects to Hermes Messaging Service, pulls log events from it continuously and then pushes them to log analytics tools.
    • Directly from your Kafka system: Your Kafka system connect directly with the Hermes Messaging Service and use its native Kafka protocol commands and connectivity to pull logs events from it.

    To configure and manage LES you need to install the it from ServiceNow Store. The LES application provides Guided Setups to help you install the service, pages to configure the service (log sources, consumers and destinations) and reports to understand log creation and consumption.

    Log Export Service Reports in the navigation filter

    Note:
    You can also create a new source configuration. See Create a log source configuration for more information.

    Log Export Service users

    Log Export Service has the following users.
    Users Description
    Application admin [sn_logstoanalytics.admin] This role is installed along with the LES application and allows a non-admin to use the application.
    System administrator [admin] Admin role is required for the setup of the LES store application.

    Log Export Service benefits

    Benefit Feature Users
    Create log source configuration to set filters on the logs Create a log source configuration Application admin
    Experience guided setup for Kafka consumers Guided setup for Kafka consumers System administrator
    Experience guided setup for MID server consumers Guided setup for MID Server consumers System administrator
    Examine the log report dashboard to analyze the size of each data log Review log report System administrator or Application admin

    What to explore next

    To learn more about using Log Export Service, see: