Log Export Service (LES)

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Log Export Service (LES)

    Log Export Service (LES) enables ServiceNow customers to export system and application logs seamlessly into enterprise security analytic tools. It offers a highly scalable, near real-time integration that is easy to set up and maintain. LES empowers organizations to detect security threats, analyze incidents, troubleshoot and optimize application performance, and monitor user experience by leveraging external analytic solutions.

    Show full answer Show less

    LES uses the Hermes Messaging Service, a ServiceNow AI Platform capability built on Apache Kafka, for reliable data transport and queuing. Hermes supports multi-tenant, multi-cluster environments and enables instances to produce and consume large volumes of Kafka events. External log analytic systems—whether cloud-based or on-premises—can consume log events directly from Hermes.

    Connectivity Options

    • Dedicated MID Server: Installed on-premises or in the cloud, it continuously pulls log events from Hermes and forwards them to analytic tools via REST.
    • Kafka Connector from Log Analytic Solutions: Use native Kafka connectors from tools like Splunk to connect to Hermes, pull log events, and push them to analytic systems.
    • Direct Kafka System Connection: Connect your Kafka system directly to Hermes using native Kafka protocol commands to consume log events.

    Configuration and Management

    LES is installed via the ServiceNow Store and includes Guided Setups to facilitate installation, configuration, and rollout. Users can configure log sources, consumers, and destinations and generate reports to monitor log creation and consumption. Log sources include System Log Tables, the Audit Table, and Application Node Log Files.

    Key configuration tasks include creating log source configurations to regulate and filter forwarded logs, setting up secure connections to Hermes by generating instance-signed certificates, and reviewing log reports to analyze data log sizes.

    Roles and Setup Assistance

    LES installs with predefined roles for log sources, Kafka consumers, and MID server consumers. Guided Setup workflows assist customers through initial configurations and secure connectivity, ensuring a smooth rollout and operational readiness.

    Log Export Service (LES) lets you seamlessly export your instance system and application logs into your enterprise security analytic tools. The service provides a highly scalable and near real-time integration with your analytic tools that is easy to setup and maintain.

    The integration tool allows you to leverage your analytic solutions to perform the following:
    • Detect ServiceNow security threats and analyze security incidents
    • Troubleshoot and optimize ServiceNow app performance
    • Monitor and optimize ServiceNow user experience

    LES leverages a ServiceNow AI Platform capability called the Hermes Messaging Service, which is a multi-tenant, multi-cluster, data transport, and queuing service built on Apache Kafka that enables your instance to produce and consume large volumes of Kafka events. Apache Kafka is an open-source data streaming platform that provides a single integration point for exchanging data across business systems in your organization.

    LES forwards a copy of the log events as they are generated to the Hermes Messaging Service.

    The Hermes Messaging Service is a multi-tenant, multi-cluster, data transport, and queuing service built on Apache Kafka that enables your instance to produce and consume large volumes of Kafka events. The Hermes Messaging Service is a ServiceNow AI Platform capability that is available as part of Stream Connect, Log Export Service (LES), and Instance Data Replication (IDR).

    The external log analytic systems, either in the cloud or on-prem, can use and consume the log events from the Hermes Messaging Service. LES provides three connectivity options to consume the logs:
    • Dedicated MID Server: A dedicated MID Server is installed on-prem or in the cloud that automatically connects to Hermes Messaging Service, pulls log events from it continuously and then pushes them to log analytic tools via a REST connection.
    • Leverage Kafka connector from your log analytic solution (for example, Splunk): A Kafka connector from your log analytics product of choice is installed on-prem or in the cloud that automatically connects to Hermes Messaging Service, pulls log events from it continuously and then pushes them to log analytics tools.
    • Directly from your Kafka system: Your Kafka system connect directly with the Hermes Messaging Service and use its native Kafka protocol commands and connectivity to pull logs events from it.

    To configure and manage LES you need to install the it from ServiceNow Store. The LES application provides Guided Setups to help you install the service, pages to configure the service (log sources, consumers and destinations) and reports to understand log creation and consumption.

    Note:
    You can also create a new source configuration. See Create a log source configuration for more information.