Configure a connector for Health Log Analytics

  • Release version: Xanadu
  • Updated August 14, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configure a connector for Health Log Analytics

    This guide explains how to integrate log data connectors with your ServiceNow instance to enable seamless streaming of log messages for Health Log Analytics. Health Log Analytics supports various connectors available from the ServiceNow Store and third parties, facilitating the ingestion of external log data into your instance. The Integrations Launchpad in Service Operations Workspace provides a unified interface to manage these integrations efficiently.

    Show full answer Show less

    Integrations for Health Log Analytics

    Health Log Analytics supports two main types of log data integrations, each designed to handle data flow differently:

    • Pull integrations: These connectors pull log data from external sources and stream it into your instance via a MID Server.
    • Push integrations: These connectors accept log data pushed from external sources to your instance through a MID Server or direct network sockets.

    Pull Integrations

    Pull integrations extract log data from specific external systems using MID Servers to stream data into ServiceNow:

    • Elasticsearch: Streams log data from Elasticsearch indices.
    • ServiceNow System Logs Retriever: Sends log data from the ServiceNow System Log table directly to the Health Log Analytics AI engine. Note that only one such data input can be created and configured by admin users, and it does not use a MID Server.
    • Apache Kafka: Streams log data from Apache Kafka.
    • Microsoft Azure Log Analytics: Connects to a Microsoft Azure Log Analytics data source to stream logs.
    • MID Server: Collects log messages directly from the MID Server to the instance.

    Push Integrations

    Push integrations allow external sources to send log data to your ServiceNow instance through various protocols or services, often using a MID Server:

    • UDP: Receives raw log messages over a UDP socket.
    • TCP: Receives raw log messages over TCP/SSL sockets.
    • REST API: Streams log data in JSON format.
    • GCP PubSub: Receives log messages published to Google Cloud Pub/Sub topics.
    • Splunk UDP & TCP: Streams log messages using Splunk heavy forwarders over UDP or TCP transport protocols.
    • Amazon Data Firehose: Streams log messages to ITOM Gateway’s collector service, which queues them for Health Log Analytics processing.

    Practical Benefits for ServiceNow Customers

    By configuring these connectors, customers can centralize and automate the ingestion of diverse log data into ServiceNow, empowering the Health Log Analytics AI engine to provide actionable insights. The use of the Integrations Launchpad simplifies setup and management, while the variety of pull and push connectors ensures compatibility with many common logging platforms and protocols. This integration enhances operational visibility and accelerates incident detection and resolution.

    Integrate log data connectors with your ServiceNow instance to enable seamless streaming of log messages for Health Log Analytics.

    Health Log Analytics supports numerous connectors to pull or push log data from external sources into your instance. The connectors are available from the ServiceNow store as well as from third parties. The Integrations Launchpad provides a unified interface for convenient integration with log data connectors. For more information, see Integrations Launchpad in Service Operations Workspace for ITOM.

    Integrations for Health Log Analytics

    The Integrations Launchpad enables the following integrations for Health Log Analytics:

    Pull integrations
    These integrations pull log data from external data sources and stream the data to your instance via a MID Server. Select an integration in the table to open a page with the setup procedure.
    Table 1. Pull integrations
    Integration Description
    Elasticsearch Streams log data from Elasticsearch indices to your instance.
    ServiceNow System Logs Retriever Sends log data from the ServiceNow System Log table to the Health Log Analytics AI engine.
    Note:
    Only a single ServiceNow System Logs Retriever data input can exist in the system, and only users with the admin role can create and configure it. This data input doesn't run on a MID Server.
    Apache Kafka Streams log data from Apache Kafka to your instance.
    Microsoft Azure Log Analytics Streams log data from Microsoft Azure Log Analytics to your instance. The connector points the Health Log Analytics AI engine to a data source in your Microsoft Azure Log Analytics account.
    MID Server Collects log messages from the MID Server and streams them to your instance.
    Push integrations
    These integrations connect to external data sources that push log data to your instance via a MID Server. Select an integration in the table to open a page with the setup procedure.
    Table 2. Push integrations
    Integration Description
    UDP Sends raw log messages to your instance directly over a UDP socket.
    TCP Sends raw log messages to your instance directly over a TCP/SSL socket.
    REST API Streams log data to your instance in JSON format.
    GCP PubSub Receives log messages that were published to a Google Cloud Pub/Sub topic and streams them to your instance.
    Splunk UDP Streams log messages to your ServiceNow instance over the UDP transport protocol using a Splunk heavy forwarder.
    Splunk TCP Streams log messages to your ServiceNow instance over the TCP transport protocol using a Splunk heavy forwarder.
    Amazon Data Firehose Streams log messages from Amazon Data Firehose directly to the collector service in ITOM Gateway, where it’s queued for Health Log Analytics processing.