Microsoft Azure Log Analytics integration configuration fields

Washington DC IT Operations Management

Release

washingtondc

ft:locale

en-US

ft:publication_title

Washington DC IT Operations Management

ft:clusterId

itom

bundleId

itom

workflow

Technology

Microsoft Azure Log Analytics integration configuration fields

Release version: Washingtondc

Updated April 7, 2025

4 minutes to read

Summarize

Summarized using AI

Summary of Microsoft Azure Log Analytics Integration Configuration

The Microsoft Azure Log Analytics integration is designed for ServiceNow's Health Log Analytics, enabling efficient log data retrieval from Azure. This configuration allows ServiceNow customers to set up their integrations seamlessly by completing essential fields that dictate how and where log data is sourced and managed.

Show full answer Show less

Key Features

Integration Name: A unique identifier for the integration, which adjusts the form's generic name automatically.
Execute On: Choose between a specific MID Server or a MID Server cluster for log data processing.
MID Server Configuration: Specify the MID Server or cluster, ensuring it supports basic authentication for log ingestion.
Service Instance: Required binding of log data to a specific service instance.
Data Source: The source of log data, which is read-only and set to Azure Log Analytics.
Authentication Method: Required credentials for accessing Azure resources, with options to create new Azure Service Principal credentials.
Advanced Settings: Options for configuring event processing, query customization, and data retrieval methods to optimize log handling.

Key Outcomes

By completing the Microsoft Azure Log Analytics integration configuration, ServiceNow customers can expect:

Streamlined log data retrieval from Azure, enhancing overall operational visibility.
Improved log management through customizable settings for event processing and querying.
Automated adjustments for log ingestion capabilities, ensuring continuous data flow.
Enhanced troubleshooting and monitoring capabilities through efficient log analytics.

Description of the fields on the Microsoft Azure Log Analytics integration configuration forms for Health Log Analytics.

Table 1. Provide details
Field	Description
Integration Name	Unique name of this integration. For example: My Azure Log Analytics integration. This field is required. Note: When you fill in this field, the generic name displayed on the form adjusts automatically to match the name you entered.
Execute on	Option to determine whether to use a specific MID Server or a MID Server cluster. This feature is supported in the Health Log Analytics application, Version 26.0.17 - February 2023 and later, available from the ServiceNow Store.
MID server name	(Only when the Execute on field is set to Specific MID Server) MID Server to which log data from Microsoft Azure Log Analytics is pulled. This field is required. Note: You can select only MID Servers that support basic authentication. MID Servers that support mTLS are not listed. The default maximum number of integrations streaming logs to a single MID Server is 10. You can modify this number in the MID Server properties. If log ingestion is not enabled for the selected MID Server, Health Log Analytics enables it automatically.
MID MID Server Cluster	(Only when the Execute on field is set to Specific MID Server Cluster) The MID Server cluster to which the log data is pulled. The data input runs on a single MID Server in the cluster until that MID Server fails. The system then moves all the data input tasks to the next available MID Server in the cluster according to the configured order. This feature is supported in the Health Log Analytics application, Version 26.0.17 - February 2023 and later, available from the ServiceNow Store. Note: Health Log Analytics supports only failover MID Server clusters. In these clusters, multiple MID Servers are grouped together for failover protection. When selecting a cluster from the data input form, the MID Server Clusters list displays only failover clusters. The MID Server cluster must include only MID Servers that support basic authentication. mTLS is not supported for log ingestion. Log ingestion must be enabled for each MID Server in the cluster. If log ingestion is not enabled for the active MID Server, Health Log Analytics enables it automatically. The default maximum number of data inputs streaming logs to a single MID Server is 10. A cluster passes capacity validation if it contains at least one MID Server with fewer than 10 data inputs running on it, even when that MID Server is down. For more information about MID Server clusters, see Configure a MID Server cluster. This field is required.
Service instance	The service instance (formerly the application service) to which to bind the log data. This field is required.
Data source	The source of the log data that the integration pulls to your ServiceNow instance: Azure Log Analytics. This field is read-only.
Description	Option to add a brief description of the integration to help identify it.

Table 2. Set data retrieval method
Field	Description
Redirect url	The redirect URL of the access log application. This field is required. The URL refers to the Microsoft Azure redirect_uri authorization property. For more information, see the Authorization code URL (GET request) section in the Microsoft Azure documentation.
Authentication method	The credentials used to access Microsoft Azure resources. This field is required. If no credentials exist, select Create new Azure Service Principal credential. Create a credential by filling in the fields and then selecting Submit. For information on the Tenant ID, Client ID, and Secret key fields, refer to the Microsoft Azure documentation. When you have created a credential, you can select it from the drop-down list.
Workspace ID	The Customer ID used to call the Microsoft Azure Log Analytics REST API. This field is required.
Table name	The name of the table in Microsoft Azure Log Analytics where the data input fetches the log data. For more information, see the View table information section in the Microsoft Azure documentation. This field is required.
Event time property name	The Microsoft Azure Log Analytics field in which to detect the event time. This field is required.

Table 3. Advanced settings
Field	Description
Event Processor workers	The number of concurrent event processing workers, where each worker processes a batch of events independently.
Workers queue size	The queue size of the Event Processor workers.
Sub sample drop ratio	The number of events to batch together, out of which one will be discarded. This setting is used to reduce the number of fetched events.
Sub sample receive ratio	The number of events to batch together, out of which all but one will be discarded. This setting is used to decrease the number of received events.
Max documents per query	The highest number of rows retrieved in each query.
Columns to select	Comma-separated list of column names to return. Note: This field is ignored when you provide a custom query.
Character encoding	The character encoding for this data input.
Sleep interval (seconds)	The interval, in seconds, to wait before querying again after a query has returned no events.
Polling interval	The interval, in seconds, to wait before polling for new events.
Drop if queue is full	Option for selecting to discard logs if there is a load on the MID Server.
Log Query	Option to define your own Log Analytics query. This field overrides the values configured in the other query settings fields. Note: If this field is empty, Health Log Analytics generates the query using the values set in the other fields. For your custom query, use the following JSON format: `{"query": "query \| where TimeGenerated > %s \| take 500"}` For example: `{ "query":"ContainerLog \| where LogEntry contains 'cartservice' \| where TimeGenerated > %s \| take 500", "workspaces": ["defaultworkspace-3ab145ff-f9cd-433f-8533-d1b1ee24aee6-eus"], "project": ["TimeGenerated", "LogEntry", "LogEntrySource"] }`