Review log data streaming status and sources of an integration
Review the log data streaming status and sources of an active integration for Health Log Analytics on the integration's Overview tab. From this tab, you can investigate streaming issues and refine the integration's configuration.
Before you begin
Confirm that the integration has been activated on the Integrations Launchpad. For more information, see Set up integrations from Integrations Launchpad.
Role required: evt_mgmt_admin
About this task
Procedure
-
From the left pane, select the Integrations Launchpad icon (
)
-
On the Installed integrations tab, search for an active integration and open it.
The Overview tab displays.
Figure 1. Overview tab and View menu items The Streaming status shows the integration's data streaming stats between the log source and the MID Server, and the MID Server and the AI engine. It also shows the total number of alerts that the AI engine created in the ServiceNow AIOps table. These statistics are updated when the Overview tab loads. If there's a streaming issue, an error message appears. If data streaming fails, the integration is automatically deactivated, and the Streaming status indicates where the failure happened. A banner explains the failure and steps to take.
Note:The ServiceNow System Logs Retriever integration doesn't run on a MID Server. Therefore, the Overview tab for this integration doesn’t display the MID Server streaming status.The Log streaming sources table displays the following information about the integration's log data sources.Table 1. Log streaming sources Column Description Name The name of the log data source. Status The streaming status: Active or Not active. MID Server The MID Server to which the log data is streaming. Data input The integration streaming the data to your ServiceNow instance. Last event time The date and time when the integration received the latest event. Raw log lines/sec The average number of raw log lines that streamed to the MID Server per second in the last one-minute interval. Note:This value represents the number of raw log lines before pre-processing.Pre-processed log lines/sec The average number of pre-processed log lines that streamed to the MID Server per second in the last one-minute interval. Note:This value can differ from the number of raw log lines per second. For example, the difference can be a result of logs having been dropped during pre-processing.Note:This table isn’t available for the ServiceNow System Logs Retriever integration. - Optional:
Adjust the configuration of the integration, if needed.
Navigate to relevant tables or the Log Viewer from the View menu (
).Note:The View menu content changes dynamically depending on whether the referenced tables contain data.Table 2. View menu options Option Description Data Input Mapping This option opens the Data Input Mapping page. On this page, you can map sources manually if HLA didn't discover properties automatically. For more information, see Map raw log data.
Source Type Structure This option opens the Source Type Structures page. In the Source Type Structure, log data is classified and organized based on its origin or type. You can adjust the structure and verify that the HLA AI engine extracts properties properly and classifies them correctly. For more information, see Source type structure adjustment.
Log Sources This option opens the Log Sources table. This table enables you to verify that HLA has created all your log sources. If a log source is missing, you can add it manually. For more information, see Verify your log sources.
Log Viewer This option opens the Log Viewer, which shows the frequency of anomalies in the log data during a specific time period. For more information, see Viewing the logs for an alert on the Log viewer. Note:The Log Viewer option appears only if the Service Operations Workspace Log Analytics application is installed.