Supported data inputs for Health Log Analytics

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Health Log Analytics (HLA) enables you to connect your ServiceNow instance to several types of data input.

    HLA supports the following data input types:
    • Passive data inputs (listeners), which wait for log data to be pushed to them. These data inputs require a network port to be open on the MID Server:

      Rsyslog, Beats, Splunk, TCP, UDP, MID Server, GCP PubSub, and REST API.

      The Agent Client Collector data input is supported for use with the Agent Client Collector Log Analytics application, available from the ServiceNow Store.

    • Active data inputs (pullers), which are connectors that pull data from data repositories:

      Elasticsearch, Amazon CloudWatch, Amazon S3, Microsoft Azure Log Analytics, Microsoft Azure Event Hubs, and Apache Kafka.

      For all active data inputs, Health Log Analytics supports MID Server clusters for failover protection. The active data input runs on a single MID Server in the cluster. If that MID Server fails, the system moves its tasks to the next available MID Server in the cluster in a configured order.

      The Elasticsearch data input fetches data from a data repository or database using credentials. If your data is in Elasticsearch, Health Log Analytics must have the following:
      • Permissions to query Elasticsearch
        One of the following types of credentials:
        • Basic authentication (user and password)
        • AWS, for Elasticsearch on Amazon AWS Cloud
      • Network connectivity to the relevant Elasticsearch cluster
      Note:
      Health Log Analytics must be pointed to the correct index to start pulling the data.

    Native ServiceNow data inputs

    Streaming logs from Cloud Observability to Health Log Analytics

    Health Log Analytics can process log data it ingests from the ServiceNow® Cloud Observability application, formerly  Lightstep. HLA automatically sets up the configuration needed to enable log streaming from Cloud Observability as part of its native integration. Setting up the connection from Cloud Observability to HLA must be done in the Cloud Observability application. In HLA, you handle log records from Cloud Observability in the same way as any other Data Input Mapping and Source Type Structure records, as explained in Log data auto-mapping and mapping and Source type structure adjustment. For more information about Cloud Observability, see Explore Cloud Observability documentation.