Microsoft Azure Event Hubs data input configuration fields

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Microsoft Azure Event Hubs Data Input Configuration Fields

    This section outlines the configuration fields necessary for setting up Microsoft Azure Event Hubs data inputs in ServiceNow’s Health Log Analytics application. Understanding these fields allows customers to efficiently ingest log data from Azure Event Hubs for monitoring and analysis.

    Show full answer Show less

    Key Features

    • Name: Required field for naming the data input.
    • Description: Brief description of the data input.
    • Execute on: Determine whether to use a specific MID Server or a cluster, with support for basic authentication.
    • MID: Select a specific MID Server when applicable; note restrictions with mTLS support.
    • MID Server Cluster: Choose a failover cluster for log data; only clusters with basic authentication MID Servers are supported.
    • Application Service: Required binding for log data; create a new service if none exists.
    • Status, Transport, Sources Count, Disabled Since, Last Log Time, Error Message: Read-only fields providing information about the data input status and performance.

    Key Outcomes

    By configuring the data input fields correctly, ServiceNow customers can:

    • Stream log data efficiently from Microsoft Azure Event Hubs to their ServiceNow instance.
    • Ensure redundancy and failover with properly configured MID Server clusters.
    • Monitor the health and performance of their log data ingestion process.

    Customers can expect enhanced monitoring capabilities and improved operational insights through effective configuration of these data inputs.

    Description of the fields on the Microsoft Azure Event Hubs data input configuration form.

    Basic configuration

    Field Description
    Name Name of the new data input. This field is required.
    Description Description of the data input.
    Execute on Option to determine whether to use a specific MID Server or a MID Server cluster.

    This feature is supported in the Health Log Analytics application, Version 26.0.17 - February 2023 and later, available from the ServiceNow Store.
    MID

    (Only when the Execute on field is set to Specific MID Server)

    MID Server to which log data from Microsoft Azure Event Hubs is pulled.
    Note:
    • You can select only MID Servers that support basic authentication. MID Servers that support mTLS are not listed.
    • The default maximum number of data inputs streaming logs to a single MID Server is 10. You can modify this number in the MID Server properties.
    • If log ingestion is not enabled for the selected MID Server, Health Log Analytics enables it automatically.
    This field is required.
    MID Server Cluster

    (Only when the Execute on field is set to Specific MID Server Cluster)

    The MID Server cluster to which the log data is pulled.

    The data input runs on a single MID Server in the cluster until that MID Server fails. The system then moves all the data input tasks to the next available MID Server in the cluster according to the configured order.

    This feature is supported in the Health Log Analytics application, Version 26.0.17 - February 2023 and later, available from the ServiceNow Store.

    Note:
    • Health Log Analytics supports only failover MID Server clusters. In these clusters, multiple MID Servers are grouped together for failover protection. When selecting a cluster from the data input form, the MID Server Clusters list displays only failover clusters.
    • The MID Server cluster must include only MID Servers that support basic authentication. mTLS is not supported for log ingestion.
    • Log ingestion must be enabled for each MID Server in the cluster. If log ingestion is not enabled for the active MID Server, Health Log Analytics enables it automatically.
    • The default maximum number of data inputs streaming logs to a single MID Server is 10. A cluster passes capacity validation if it contains at least one MID Server with fewer than 10 data inputs running on it, even when that MID Server is down.
    For more information about MID Server clusters, see Configure a MID Server cluster.

    This field is required.
    Application service The application service to which to bind the log data.
    Note:
    If no relevant application service exists, Create an application service and add CIs to it. Set the status of the new application service to Operational.
    This field is required.
    The following fields show read-only information:
    Field Description
    Status Status of the data input.
    Transport Protocol used to stream the log data.

    This data input uses Microsoft Azure Event Hubs to stream log data to your instance.
    Sources count The number of log sources this data input has created.
    Disabled since The time when the data input stopped or failed.
    Last log time The time when the last log streamed in the data input.
    Error message The streaming error.

    This field is populated automatically. It displays only when a streaming error has occurred.
    Table 1. Query settings tab
    Field Description Example
    From Starting date and time for reading the data. Data older than this date and time is not read.
    Note:
    Setting this value to a past date might require the system to read large amounts of data, causing congestion.

    This field is required.

    		 Now -1 week
    Max batch size The maximum number of events passed to a single process call. 100
    Table 2. Transport tab
    Field Description
    Event Hubs namespace The scoping container for the event hub or hubs. This field is required.
    Event Hub name The event hub from which to fetch log data. This field is required.
    Event Hub credentials Shared access authorization policy with which to authenticate to the event hub. This field is required.
    Consumer Group name The Consumer Group to use.

    This field is required.

    Advanced configuration

    Table 3. Advanced configuration form
    Field Description Default value
    Restore point rate The number of events the data input can read before a restore point is saved. 100
    Processor threads count The total number of processor threads. 2
    Operation timeout The number of seconds to wait before timing out event hubs operations. 120
    Receive idle timeout The number of seconds to wait before timing out receive operations. 60
    Prefetch count The number of events received in advance of event hubs operations. 500
    Default timezone The default timezone if the log doesn't include timezone information. GMT
    Sub sample drop ratio The number of events to batch together, out of which one will be discarded. This setting is used to reduce the number of fetched events. -1
    Sub sample receive ratio The number of events to batch together, out of which all but one will be discarded. This setting is used to decrease the number of received events. -1
    Max length in bytes The maximum length, in bytes, of events. 32766
    Character encoding The character encoding for this data input. UTF-8
    Sleep interval The interval, in seconds, to wait before querying again after a query has returned no events. 60
    Polling interval The interval, in seconds, to wait before polling for new events. 0
    Drop if queue is full Option for selecting to discard logs if there is a load on the MID Server. False