Splunk UDP integration configuration fields
Summarize
Summary of Splunk UDP Integration Configuration Fields
The Splunk UDP integration configuration form for Health Log Analytics allows you to set up and manage the integration efficiently. It includes essential fields that facilitate the connection between Splunk log data and your ServiceNow instance.
Show less
Key Features
- Integration Name: A unique identifier for the integration, required for setup.
- MID Server Name: Specifies the MID Server for pulling Splunk log data. Only MID Servers that support basic authentication are listed, and log ingestion is automatically enabled if not already active.
- Port: The designated port for the MID Server, which must be approved by your organization's security team.
- Description: An optional field to provide additional context for the integration.
- Transport: Indicates that UDP is the protocol used for streaming log messages, which is read-only.
Advanced Settings
- Lookup Hostnames: Enables DNS resolution for IP addresses; default is false.
- Sub Sample Receive Ratio: Controls the proportion of logs to receive, with a default of -1 (no logs). For example, setting it to 5 means one out of every five logs will be received.
- Character Encoding: Specifies the encoding for the data input, defaulting to UTF-8.
- Drop if Queue is Full: Option to discard logs when the MID Server is under load.
- Sub Sample Drop Ratio: Determines how many logs to drop, also defaulting to -1 (no logs dropped).
- Max Length in Bytes: Sets the maximum size for log messages, with a default of 32766 bytes.
- Default Timezone: Specifies the timezone for events when not defined in the log, defaulting to GMT.
Key Outcomes
By configuring these fields accurately, you ensure seamless log data integration from Splunk into ServiceNow, improving your Health Log Analytics capabilities and ensuring efficient data management.
Description of the fields on the Splunk UDP integration configuration forms for Health Log Analytics.
For the Splunk UDP integration setup procedure, see Set up a Splunk UDP integration for Health Log Analytics.
| Field | Description |
|---|---|
| Integration Name | Unique name of this integration. For example: My Splunk UDP integration. This field is required. Note: When you fill in this field, the generic name displayed on the form adjusts automatically to match the name you entered. |
| MID server name | MID Server to which log data from Splunk is pulled. This field is required. Note:
|
| Port | The port for the MID Server. This field is required. Note: Make sure that your organization’s security team opens the selected port on the MID Server. |
| Description | Option to add a brief description of the integration to help identify it. |
| Transport | The protocol used for streaming log messages to your ServiceNow instance: UDP. This field is read-only. |
| Field | Description |
|---|---|
| Lookup hostnames | Option to perform DNS lookup to resolve IPs to hostnames. The default value is false. |
| Sub sample receive ratio | The ratio of logs to receive. The default value is -1: no logs are received. For example: If you want one out of every five logs to be received, change the value to 5. |
| Character encoding | The character encoding for this data input. The default value is UTF-8. This field is read-only. |
| Drop if queue is full | Option to discard logs if there is a load on the MID Server. |
| Sub sample drop ratio | The ratio of logs to drop. The default value is -1: no logs are dropped. For example: If you want one out of every five logs to be dropped, change the value to 5. |
| Max length in bytes | The maximum length of log messages in bytes. The default value is 32766. |
| Default timezone | The time zone of events that the system will use if a log does not specify the time zone. By default, the system uses GMT in such cases, but you can specify a different time zone. |