Configure Microsoft Azure Log Analytics integrations

Release version: Washingtondc

Updated April 8, 2025

3 minutes to read

Configure an integration for streaming log data from Microsoft Azure Log Analytics to your ServiceNow instance. The integration points the Health Log Analytics AI engine to a data source in your Microsoft Azure Log Analytics account.

Before you begin

You must have an installed and configured MID Server with the log ingestion capability enabled.
If the IP address of the MID Server is exposed by network address translation (NAT), a load balancer or a similar device, it must have a public IP address. In the MID Server properties, add a property named mid.public_ip with the public IP address as the value. For more information, see Create a MID Server property.

Role required: evt_mgmt_admin

Procedure

Navigate to Workspaces > Service Operations Workspace.
From the left pane, select the Integrations Launchpad icon ()
In the Browse integrations tab, enter Azure Log in the search field.
The Azure Log Analytics integration tile is displayed.
Select the tile.

Note:
If you started the integration process without meeting all the prerequisites listed in the Before you begin section, a message appears. You have the option to cancel the integration and complete the missing requirements, or continue in draft mode and fulfill them later. Keep in mind that you can only activate a configured integration when all the prerequisites are met.
On the Provide details form, fill in the fields and then select Next.
For a description of the fields, see the Provide details table in Microsoft Azure Log Analytics integration configuration fields.
On the Set data retrieval method form, fill in the fields.
For a description of the fields, see the Set data retrieval method table in Microsoft Azure Log Analytics integration configuration fields.
Optional: Select Advanced settings and fill in the advanced configuration fields.
For a description of the fields, see the Advanced settings table in Microsoft Azure Log Analytics integration configuration fields.
Ensure that the integration is configured correctly by selecting Test and save.
Health Log Analytics tests the MID Server connectivity. If the test fails, a message appears prompting you to correct the faulty field settings. When you have fixed the configuration, select Save.
Select Activate to activate the integration.

Note:
You can only activate a configured integration when you have fulfilled all the prerequisites listed in the Before you begin section.

The integration is activated. Its Overview tab is displayed.
Optional: If you installed the integration in draft mode, perform these steps to activate it:
1. Complete the integration prerequisites.
2. In the Integrations Launchpad Installed integrations tab, under Waiting for your action, locate and select the integration.
3. On the Set data retrieval method tab, select Activate to activate the integration.

Result

Log data starts streaming from Microsoft Azure Log Analytics to your ServiceNow instance. The tile for the integration is available in the Installed integrations tab on the Integrations Launchpad.

Users with the evt_mgmt_user role can use Event Management to monitor the logs and view the alerts that Health Log Analytics generates from them.

What to do next

Review the log data streaming status and sources of the integration on the Overview tab. Leverage the displayed information to refine how HLA reads the log data by adjusting your integration configuration. For more information, see Review log data streaming status and sources of an integration.

Note:

You can go directly from this tab to the Data Input Mapping, Source Type Structures, and Log Sources pages with context from the integration. If the log data is not properly mapped, structured, or sourced, you can go back and adjust the configuration of the integration.

Select the View menu icon ().
Choose the appropriate menu option.
Review the displayed information.
Adjust the integration configuration if needed.