Amazon CloudWatch integration configuration fields

Release version: Australia

Updated March 12, 2026

4 minutes to read

Summarize

Summarized using AI

Summary of Amazon CloudWatch Integration Configuration Fields

This document outlines the configuration fields necessary for integrating Amazon CloudWatch with ServiceNow's Health Log Analytics. It details the required settings and options for setting up the integration, ensuring efficient log data retrieval from Amazon CloudWatch to ServiceNow.

Show full answer Show less

Key Features

Integration Name: A unique identifier for the integration, essential for configuration.
Service Instance: Specifies the ServiceNow instance for binding log data.
Execute On: Choose between a specific MID Server or a MID Server cluster for log data processing.
Data Source: Identifies the source of log data as CloudWatch, which is read-only.
Authentication Method: Requires AWS credentials to access CloudWatch resources.
Group Name(s): Designate log groups from which to fetch data, with options for multiple or all groups.
AWS Region: Specify the region where the CloudWatch cluster is located.
Filter Pattern: Allows filtering of log events based on specified patterns.
Connection and Socket Timeout: Set timeouts for AWS connection attempts and data transfers.
Batch Settings: Manage log retrieval through batch size, sub-sampling ratios, and character encoding.

Key Outcomes

By configuring these fields correctly, ServiceNow customers can efficiently ingest and analyze log data from Amazon CloudWatch. This integration enables better monitoring, alerting, and management of log data, thus enhancing operational insights and responsiveness. Customers can expect streamlined data processing and improved log management through the flexibility of configuring various parameters, tailored to their specific needs.

Description of the fields on the Amazon CloudWatch integration configuration forms for Health Log Analytics.

For the Amazon CloudWatch integration setup procedure, see Set up an Amazon CloudWatch integration for Health Log Analytics.

Table 1. Provide details
Field	Description
Integration Name	Unique name of this integration. For example: My CloudWatch integration. This field is required. Note: When you fill in this field, the generic name displayed on the form adjusts automatically to match the name you entered.
Service instance	The service instance (formerly the application service) to which to bind the log data. This field is required.
Execute on	Option to select whether to use a specific MID Server or a MID Server cluster. This field is required.
MID server name	(Only when the Execute on field is set to Specific MID Server) The MID Server to which log data from Amazon CloudWatch is pulled. This field is required. Note: You can select only MID Servers that support basic authentication. MID Servers that support mTLS are not listed. The default maximum number of integrations streaming logs to a single MID Server is 10. You can modify this number in the MID Server properties. If log ingestion is not enabled for the selected MID Server, Health Log Analytics enables it automatically.
MID Server Cluster	(Only when Execute on is set to Specific MID Server cluster.) The MID Server cluster to which the log data is pulled. This field is required. The data input runs on a single MID Server in the cluster until that MID Server fails. The system then moves all the data input tasks to the next available MID Server in the cluster according to the configured order. Note: Health Log Analytics supports only failover MID Server clusters. In these clusters, multiple MID Servers are grouped together for failover protection. When selecting a cluster from the data input or integration form, the MID Server clusters list displays only failover clusters. The MID Server cluster must include only MID Servers that support basic authentication. mTLS is not supported for log ingestion. Log ingestion must be enabled for each MID Server in the cluster. If log ingestion is not enabled for the active MID Server, Health Log Analytics enables it automatically. The default maximum number of data inputs or integrations streaming logs to a single MID Server is 10. A cluster passes capacity validation if it contains at least one MID Server with fewer than 10 data inputs or integrations running on it, even when that MID Server is down. For more information about MID Server clusters, see Configure a MID Server cluster.
Data source	The source of the log data that the integration pulls to your ServiceNow instance: CloudWatch. This field is read-only.
Description	Option to add a brief description of the integration to help identify it.

Table 2. Set data retrieval method
Field	Description
How to extract data from AWS CloudWatch?
Authentication method	The AWS credentials needed to access resources in AWS service accounts. This field is required. Choose AWS credentials from the list, or add new AWS credentials to the list by selecting Manage Credentials and then defining new credentials on the AWS Credentials page.
Group Name(s)	The log group(s) to fetch log data from in Amazon CloudWatch. This field is required. If you want the integration to search multiple log groups, specify the relevant groups in a comma-separated list. To fetch log data from all groups, use an asterisk (*) as a wildcard character.
AWS Region	The AWS region where the Amazon CloudWatch cluster is hosted. For example: us-west-1. This field is required. For a list of AWS regions, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions
Which data to send to ServiceNow?
Filter pattern	The pattern by which to filter incoming events. Various types of filter patterns are supported. For example: A pattern for fetching log events that contain a single term. A pattern for fetching log events that contain multiple terms. A pattern for fetching log events that include a term and exclude another. Note: Filter patterns are case sensitive. For more information, see https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
Prefix	Option to define a name prefix for Amazon CloudWatch log streams to read from. The integration reads only from log streams with this name prefix. Note: Only a single log stream prefix per data item is supported. For multiple prefixes, create multiple integrations.

Table 3. Advanced settings
Field	Description
Connection timeout (ms)	The number of milliseconds to wait before timing out the AWS connection attempt.
Socket timeout (ms)	The number of milliseconds to wait before timing out a data transfer over an established connection.
Sub sample drop ratio	The number of logs to batch together, out of which one will be dropped. The default value is -1: No logs are dropped. This setting is used to reduce the number of fetched logs. For example, if you want one log out of every five to be dropped, change the value to 5.
Polling interval	The interval, in seconds, to wait before polling for new logs.
Character encoding	The character encoding used for this integration: UTF-8.
Batch size	The maximum number of logs retrieved per query.
Max length in bytes	The maximum length of log messages, in bytes.
Sub sample receive ratio	The number of logs to batch together, out of which one log will be received and the remaining ones dropped. The default value is -1: No logs are received. This setting is used to reduce the number of received logs. For example, if you want to receive one log out of every five, change the value to 5.
Sleep interval (seconds)	The interval, in seconds, to wait before querying again after a query has returned no logs.
Default timezone	The default timezone if the log date and time doesn't include timezone information.
Drop if queue is full	Option to select discarding logs if there is a load on the MID Server.