Hi My friend,

 It’s generally NOT best practice to send all Elasticsearch logs into ServiceNow.

Elastic is built to store and analyze large volumes of raw logs. ServiceNow is better used for what comes out of that like alerts, correlations, and incidents.

Most teams either:

• send only alerts/events from Elastic into ServiceNow, or

• ingest a small, curated set of logs for AIOps/Health Log Analytics.

Moving everything usually creates noise, cost, and little operational value. The goal is to send actionable signals, not the full log stream. Hope this helps my friend

@VigneshV4790469  - If help answer, Please mark Accepted Solution & Thumbs Up.