Configure observability agents for Now Assist

  • Release version: Australia
  • Updated May 27, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configure observability agents for Now Assist

    This guide explains how to configure observability agents in Now Assist to integrate third-party Application Performance Monitoring (APM) and Network Performance Monitoring (NPM) vendors. These agents work with theanalyze alert impactagentic workflow to surface detailed alert information from external monitoring tools within the Service Operations Workspace. The agents are enabled by default, but require proper connection and credential setup to function.

    Show full answer Show less

    This integration helps you investigate alerts and incidents more effectively by providing comprehensive data such as alarm details, metric trends, logs, root cause analysis, and service context from various third-party systems.

    Before You Begin

    • Install Now Assist for IT Operations Management (ITOM).
    • Integrate third-party alerts with Event Management.
    • Gather connection and credential information for each vendor based on the provided requirements.
    • Ensure you have the connectionadmin and credentialadmin roles to create connections and credentials.

    Key Vendors and Configuration Details

    The agents connect through MCP (Management Communication Protocol) when available, falling back to API connections if necessary. Each vendor requires specific credentials and connection URLs. Below are examples of supported vendors and what they provide:

    • AWS CloudWatch MCP and API Agents: Return alarm details, metric trends, logs, and root cause analysis. Require AWS access keys and specific IAM permissions.
    • Datadog APM MCP Agent: Provides service health, distributed traces, SLO compliance, and incident data. Requires Datadog API and application keys.
    • Dynatrace MCP Agent: Offers insights on logs, topology, root causes, and impacted entities. Requires a platform token with specified IAM scopes and enabling generative AI features in Dynatrace Intelligence.
    • Kentik API Agent: Delivers network performance, connectivity, and anomaly data. Needs user email and API token.
    • New Relic MCP Agent: Supplies service impact and root cause theories. Requires an API key.
    • Prometheus API Agent: Provides metrics queries and alert data. Requires MID Server credentials.
    • SolarWinds API Agent: Returns node health, performance metrics, alerts, and baseline trends. Requires MID Server credentials and API access.
    • Splunk MCP Agent: Supplies SPL query results and investigation data. Requires Splunk MCP token with appropriate roles and permissions.
    • ThousandEyes MCP Agent: Offers network test metrics, anomalies, outages, and root cause analysis. Requires API key with Bearer prefix.

    Connection Setup Procedure

    1. Go to All > sysalias.LIST in ServiceNow.
    2. Search for the appropriate vendor connection alias as specified in the vendor tables.
    3. Select Create New Connection & Credential.
    4. Complete the form with the gathered credentials and connection details.
    5. Click Create to save the connection.

    Once configured, these agents will be automatically used by the analyze alert impact agentic workflow to enrich alert investigations.

    Configure observability agents for third-party application performance monitoring (APM) or network performance monitoring (NPM) vendors. These agents are invoked by the analyze alert impact agentic workflow. You must configure connections to those vendors before they can be invoked.

    Important:
    This agent is turned on by default. For more information, see Now Assist skills, agents, and agentic workflows on by default.

    After you configure the agent(s), they can surface information from alerts generated by third-party systems to help you investigate alerts and incidents in the Service Operations Workspace.

    Connections to vendors use MCP when possible, otherwise they use an API connection. You need connection and credential information to complete the connection process as shown in the following tables.

    Note:
    These agents are different from the data sources used in the Service Observability dashboards.

    Before you begin

    Before configuring the integration agents, you must do the following:

    Role required: connection_admin and credential_admin

    AWS CloudWatch MCP

    Connection information Value
    Agent name AWS CloudWatch MCP Server Agent
    Overview of data returned Alarm details, metric trend analysis, CloudWatch logs (anomalies, error patterns, log insights queries), CMDB resource context, correlated service metrics, and root cause analysis with recommended next steps
    Credential & Connection Alias name AWS CloudWatch MCP server
    Connection type MCP
    Returned data type APM
    Connection URL

    https://your-mcp-server-host/mcp

    This assumes you have deployed the CloudWatch MCP server using a MID Server instead of a publicly exposed EC2 instance. For more information about deploying the MCP server, see the AWS CloudWatch MCP Server — MID Server Deployment Guide [KB3030674] article in the Now Support Knowledge Base.
    Required credentials
    • AWS access key ID
    • AWS secret access key
    Required scope

    AWS IAM permissions:

    • cloudwatch:Describe*
    • cloudwatch:Get*
    • cloudwatch:List*
    • logs:Describe*
    • logs:Get*
    • logs:StartQuery
    • logs:StopQuery
    • logs:GetQueryResults

    AWS CloudWatch API

    Connection information Value
    Agent name AWS CloudWatch API Agent
    Overview of data returned Alarm details, metric trend analysis, CloudWatch logs (anomalies, error patterns, log insights queries), CMDB resource context, correlated service metrics, and root cause analysis with recommended next steps
    Credential & Connection Alias name AWS CloudWatch API Credentials
    Connection type API (MCP fallback mechanism)
    Returned data type APM
    Connection URL N/A
    Credential type AWS Credentials
    Authentication algorithm AWS CloudWatch Algorithm
    Required credentials
    • AWS access key ID
    • AWS secret access key
    Required scope

    AWS IAM permissions:

    • cloudwatch:Describe*
    • cloudwatch:Get*
    • cloudwatch:List*
    • logs:Describe*
    • logs:Get*
    • logs:StartQuery
    • logs:StopQuery
    • logs:GetQueryResults

    Datadog

    Connection information Value
    Agent name Datadog APM MCP Server Agent
    Overview of data returned Service health, distributed traces, triggered monitors, log analysis, incidents, SLO compliance, deployment events, and service dependencies
    Credential & Connection Alias name Datadog APM MCP Connection
    Connection type MCP
    Returned data type APM
    Connection URL https://mcp.datadoghq.com/api/unstable/mcp-server/mcp?toolsets=core,alerting,apm,error-tracking
    Required credentials
    • Datadog API key
    • Datadog application key
    Required scope N/A

    Dynatrace

    Connection information Value
    Agent name Dynatrace MCP Server Agent
    Overview of data returned Insights about logs, topology, recent changes, root causes, impacted entities, and environments.
    Credential & Connection Alias name Dynatrace MCP server
    Connection type MCP
    Returned data type APM
    Connection URL

    URL of your Dynatrace instance. Dynatrace URLs follow this format:

    https://<your-resource-name>.apps.dynatrace.com/platform-reserved/mcp-gateway/v0.1/servers/dynatrace-mcp/mcp
    Required credentials Platform token (must be prefixed with Bearer). For example, Bearer dt0s01.STABCDEF12345.G3HIJKLMNOP.
    Required scope

    IAM policy and group assignment that allows the following scopes:

    • davis-copilot:nl2dql:execute
    • davis-copilot:dql2nl:execute
    • davis-copilot:conversations:execute
    • davis:analyzers:read
    • davis:analyzers:execute
    • mcp-gateway:servers:invoke
    • mcp-gateway:servers:read
    • storage:buckets:read
    • storage:logs:read
    • storage:events:read
    • storage:security.events:read
    • storage:metrics:read
    • storage:bizevents:read
    • storage:spans:read
    • storage:entities:read
    • storage:smartscape:read
    • storage:system:read
    Required Dynatrace Intelligence settings
    • Enable generative AI
    • Enable document suggestions
    • Enable environment-aware queries

    Kentik

    Connection information Value
    Agent name Kentik analysis AI agent
    Overview of data returned Service network performance, connectivity, DDOS attacks, and anomalies
    Credential & Connection Alias name Kentik analysis AI agent
    Connection type API
    Returned data type APM
    Connection URL

    URL of your Kentik instance. Kentik URLs follow this format:

    https://<your-resource-name>.api.kentik.com
    Required credentials
    • User email
    • API token
    Required scope Can view devices

    New Relic

    Connection information Value
    Agent name New Relic MCP Server Agent
    Overview of data returned Service and user impact, root cause theories, and responsible teams.
    Credential & Connection Alias name New Relic MCP Connection
    Connection type MCP
    Returned data type APM
    Connection URL https://mcp.newrelic.com/mcp/
    Required credentials

    API key (also known as "User Key")

    Header name: api-key
    Required scope N/A

    Prometheus

    Connection information Value
    Agent name Prometheus API Agent
    Overview of data returned PromQL metric queries (CPU, memory, disk, network), active alerts, alert rule definitions, and scrape target health
    Credential & Connection Alias name Prometheus connection
    Connection type API
    Returned data type APM
    Connection URL https://<your-onprem-prometheus-server>
    Required credentials
    • MID Server Prometheus is installed on
    • User name (for outbound connection)
    • Password (for outbound connection)
    Required scope N/A

    SolarWinds

    Connection information Value
    Agent name SolarWinds analysis AI agent
    Overview of data returned On-premises data from SolarWinds Orion: node health/status, CPU/memory, packet loss/latency, interface utilization/errors/discards, active alerts/history, affected entities/services, and trend/baseline metrics used for root-cause investigation
    Credential & Connection Alias name SolarWinds AI Agent
    Connection type API
    Returned data type NPM
    Connection URL https://<your-onprem-solarwinds-server>
    Required credentials
    • MID Server SolarWinds is installed on
    • User name
    • Password
    Required scope SolarWinds Orion API/SWQL read access (NPM/APM) via MID Server

    Splunk

    Connection information Value
    Agent name Splunk MCP Server Agent
    Overview of data returned SPL query results from Splunk indexes, index/sourcetype metadata, and structured investigation findings including affected entities, root cause analysis, and recommended actions
    Credential & Connection Alias name Splunk MCP Connection
    Connection type MCP
    Returned data type APM
    Connection URL https://<your-splunk-instance>.splunkcloud.com
    Required credentials Splunk MCP token
    Required scope

    For Splunk token generation:

    • mcp_user role (or any role with mcp_tool_execute) required for all MCP tool calls
    • Search capability and read access to the relevant indexes for running queries
    • Knowledge object read permissions for Get Knowledge Objects
    • Token must be generated using the Splunk MCP Server app with audience = mcp (not a standard Splunk API token)

    ThousandEyes

    Connection information Value
    Agent name ThousandEyes MCP Server Agent
    Overview of data returned Test configuration and status, aggregated metrics (response time, packet loss, latency, jitter, throughput, availability), metric anomalies with deviation analysis, network events and routing changes, ISP/network outages with provider and ASN details, hop-by-hop path visualization, and root cause analysis with ranked probable causes and recommended next steps
    Credential & Connection Alias name ThousandEyes MCP Connection
    Connection type MCP
    Returned data type NPM
    Connection URL https://api.thousandeyes.com/mcp
    Required credentials API key prefixed with Bearer. For example, Bearer <api-key>.
    Required scope ThousandEyes API access with permissions to read tests, metrics, anomalies, events, outages, and path visualization data

    Procedure

    1. Navigate to All > sys_alias.LIST.
    2. Search for and select the vendor's connection name as shown in the preceding tables.
    3. Select Create New Connection & Credential.
    4. Fill in the form, using the information in the preceding tables.
    5. Select Create.

      Your connection appears in the Connections tab.

    The agents are now ready to be used by the analyze alert impact agentic workflow