Supported data inputs for Health Log Analytics

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Supported Data Inputs for Health Log Analytics

    Health Log Analytics (HLA) allows ServiceNow customers to connect to various data input types for effective log management. These inputs can be categorized into passive and active data inputs.

    Show full answer Show less

    Key Features

    • Passive Data Inputs: These inputs wait for log data to be pushed to them and require an open network port on the MID Server. Supported types include:
      • Rsyslog
      • Beats
      • Splunk
      • TCP
      • UDP
      • MID Server
      • GCP PubSub
      • REST API
    • Active Data Inputs: These inputs pull data from various repositories. Supported types include:
      • Elasticsearch
      • Splunk Polling
      • Amazon CloudWatch
      • Amazon S3
      • Microsoft Azure Log Analytics
      • Microsoft Azure Event Hubs
      • Apache Kafka

      For active inputs, HLA supports MID Server clusters for failover. Should a MID Server fail, tasks transfer to the next available server.

    • Elasticsearch Input Requirements: To pull data from Elasticsearch, HLA needs:
      • Permissions to query the cluster
      • Credentials (Basic authentication or AWS for AWS-hosted clusters)
      • Network connectivity to the Elasticsearch cluster
    • Additional Data Inputs: HLA supports Crible, Edge Delta, and Vector Agent for processing streaming log messages.
    • Native ServiceNow Data Input: HLA can process logs from the ServiceNow Cloud Observability application. The setup for this integration is automatically configured and should be managed within the Cloud Observability application.

    Key Outcomes

    Implementing HLA with the appropriate data inputs allows ServiceNow customers to efficiently gather and manage log data, facilitating better monitoring and troubleshooting of their systems. By leveraging both passive and active data inputs, customers can ensure robust log processing tailored to their specific infrastructure needs.

    Health Log Analytics (HLA) enables you to connect your ServiceNow instance to several types of data input.

    HLA supports the following data input types:
    • Passive data inputs (listeners), which wait for log data to be pushed to them. These data inputs require a network port to be open on the MID Server:

      The Agent Client Collector data input is supported for use with the Agent Client Collector Log Analytics application, available from the ServiceNow Store.

    • Active data inputs (pullers), which pull data from repositories:

      For all active data inputs, Health Log Analytics supports MID Server clusters for failover protection. The active data input runs on a single MID Server in the cluster. If that MID Server fails, the system moves its tasks to the next available MID Server in the cluster in a configured order.

      The Elasticsearch data input fetches data from a data repository or database using credentials. If your data is in Elasticsearch, Health Log Analytics must have the following:
      • Permissions to query Elasticsearch
        One of the following types of credentials:
        • Basic authentication (user and password)
        • AWS, for Elasticsearch on Amazon AWS Cloud
      • Network connectivity to the relevant Elasticsearch cluster
      Note:
      Health Log Analytics must be pointed to the correct index to start pulling the data.

    In addition, Health Log Analytics supports Crible, Edge Delta, and Vector Agent data inputs. These data inputs enable HLA to process log messages that are streaming from these tools into your instance.

    Native ServiceNow data inputs

    Streaming logs from Cloud Observability to Health Log Analytics

    Health Log Analytics can process log data it ingests from the ServiceNow® Cloud Observability application, formerly  Lightstep. HLA automatically sets up the configuration needed to enable log streaming from Cloud Observability as part of its native integration. Setting up the connection from Cloud Observability to HLA must be done in the Cloud Observability application. In HLA, you handle log records from Cloud Observability in the same way as any other Data Input Mapping and Source Type Structure records, as explained in Log data auto-mapping and mapping in Health Log Analytics and Source type structure adjustment in Health Log Analytics. For more information about Cloud Observability, see Explore Cloud Observability documentation.