Health Log Analytics release notes
Summarize
Summary of Health Log Analytics Release Notes - Yokohama
The ServiceNow Health Log Analytics (HLA) application enables IT teams to proactively predict and address IT issues by ingesting, analyzing, and correlating machine-generated log data in real time. When deviations from normal patterns are detected, HLA alerts users to potential problems before they impact end users. The Yokohama release introduces enhancements that improve data ingestion, integration flexibility, and alert management to help customers streamline their log analytics workflows and increase operational efficiency.
Show less
Key Features
- Enhanced Splunk Integration: Customers can now ingest preprocessed, structured data from Splunk using existing Splunk data inputs, and regularly pull data through the new Splunk Polling data input. This enables more consistent data workflows with minimal additional configuration.
- Unified Integrations Launchpad Interface: A centralized interface simplifies setup of log data integrations across multiple sources including Splunk TCP/UDP, MID Server, Apache Kafka, Microsoft Azure Log Analytics, REST API, and Amazon Data Firehose.
- Support for High Volume Log Tools: Dedicated data inputs for Cribl and Edge Delta help efficiently ingest large volumes of logs aggregated from multiple sources before forwarding to HLA.
- Amazon Data Firehose Integration: Enables streaming of real-time log data from multiple sources directly to the ITOM Gateway collector service without requiring a MID Server, facilitating faster log ingestion.
- Alert Management Improvements: The previous component-based alert grouping model has been deprecated in favor of a streamlined two-tier alert structure that aligns alerts with service-level anomalies, improving visibility and simplifying alert correlation.
- Now Assist Integration: Generates descriptions for Health Log Analytics alerts to aid in issue understanding and response.
- UI Updates: The Glide Syslog data input has been renamed to ServiceNow System Logs data input for clarity.
Activation and Availability
Health Log Analytics is available for installation through the ServiceNow Store. Customers can request the application there and access cumulative release notes and version history. The application supports multiple languages including US English, UK English, French, German, Italian, Japanese, and Spanish, with US English as the default.
Related ServiceNow Applications and Integration Points
- Event Management: Health Log Analytics sends anomaly events to Event Management, which then generates alerts based on configured rules.
- Agent Client Collector and MID Server: These components are used to stream logs securely from various sources into the ServiceNow instance.
- Service Operations Workspace: Alerts generated by HLA are accessible within this unified workspace, which consolidates IT Operations Management workflows for streamlined incident handling.
Overall, the Yokohama release enhances Health Log Analytics’ ability to ingest diverse log data efficiently, improve alert accuracy and management, and integrate smoothly with ServiceNow’s ITOM ecosystem—helping customers detect and resolve IT issues proactively.
The ServiceNow® Health Log Analytics application helps you predict IT issues before they impact users by ingesting, analyzing, and correlating machine-generated log data in real time. When Health Log Analytics detects a deviation from a normal pattern, it alerts you of a possible issue. Health Log Analytics was enhanced and updated in the Yokohama release.
Health Log Analytics highlights for the Yokohama release
- Use the enhanced Splunk data input to ingest data from Splunk in a preprocessed structured format. You can also pull data from Splunk regularly using the new Splunk Polling data input.
- Take advantage of a unified interface for convenient data input integration by setting up integrations from the Integrations Launchpad.
- Streamline HLA data ingestion with tools for handling large log volumes by using dedicated Cribl and Edge Delta data inputs.
- Configure log data integrations for Splunk TCP/UDP, Splunk Poller, MID Server, Apache Kafka, Microsoft Azure Log Analytics, REST API, and Amazon Data Firehose conveniently from the Integrations Launchpad.
- Generate a description of Health Log Analytics alerts using Now Assist.
See Health Log Analytics for more information.
New in the Yokohama release
- Pull data from Splunk regularly using the Splunk Polling data input
- Make your data workflows more consistent and productive by fetching data consistently over time using the Splunk Polling data input, which sends recurring queries (polls) to Splunk. Handling most configurations on the HLA side means you need minimal additional stakeholder involvement, which enables swift integration with your existing Splunk setup. This enhancement accelerates proofs of concept (POCs) and enables faster iterations using real data.
- Use your Splunk data input to ingest preprocessed data from Splunk
- Ingest data from Splunk in a preprocessed, structured format using your existing Splunk data input.
- Integrate with log data connectors from the Integrations Launchpad
- Take advantage of the Integrations Launchpad's unified interface for convenient integration with log data connectors that feed raw log data from external sources into your instance. You set up log data connectors for HLA from the Event Management Integrations Launchpad in Service Operations Workspace for ITOM. In this release, the Integrations Launchpad enables integration with the following connectors: Elasticsearch, ServiceNow System Logs, UDP, and TCP.
- Use Cribl and Edge Delta data inputs to streamline HLA data ingestion with tools handling large log volumes
- Use dedicated data inputs to facilitate data ingestion from Cribl or Edge Delta when using these tools to handle large volumes of log data from multiple sources before sending it to HLA.
- Configure log data integrations from the Integrations Launchpad
- Starting in version 36.0.19, benefit from additional log data integrations for Splunk TCP/UDP, Splunk Poller, MID Server, Apache Kafka, Microsoft Azure Log Analytics, and REST API that can be easily set up through the Integrations Launchpad.
- Set up an Amazon Data Firehose integration for real-time log data streaming from multiple sources
- Starting in version 36.0.19, leverage an integration for streaming log data from Amazon Data Firehose directly to the collector service in ITOM Gateway, where it is queued and then processed by Health Log Analytics. This integration doesn't run on a MID Server and can be configured from the Integrations Launchpad.
Changed in this release
- Component-based alert grouping is deprecated
- Starting in version 36.0.19, the adoption of a streamlined two-tier alert model, Log Analytics Group to Single Alert, has replaced component-based alert groups, which have been removed. This model aligns alert representation with the service-level anomalies identified by Health Log Analytics, rather than individual host CIs. The update improves alert visibility, simplifies correlation, and enhances overall alert management efficiency.
UI changes
- ServiceNow System Logs data input
- The Glide Syslog data input has been renamed ServiceNow System Logs data input.
Activation information
Install Health Log Analytics by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Localization information
The current available languages for Health Log Analytics are US English, UK English, French, German, Italian, Japanese, and Spanish. The default language is US English.