Welcome to ServiceNow® Health Log Analytics
Quick Start Guide
If you’re just starting your predictive AIOps journey using Health Log Analytics (HLA), then you’ve come to the right place. This guide will help you get up to speed on activating and realizing value from HLA and is a great place to come back to as our products evolve over time.
Let’s get started!
Guide Overview:
Here’s an overview of the topics we will cover in the guide:
- What is HLA and how does it work?
- What are the business outcomes you can expect?
- What to know before getting started?
- Steps to quick success
- Other helpful resources
What is Health Log Analytics (HLA) and how does it work?
Health Log Analytics uses unsupervised machine learning to predict service issues before they happen. It identifies normal operating patterns in logs and other operational records, including distributed patterns that span multiple applications and infrastructure components. It then raises an actionable alert when it detects a significant anti-pattern indicating abnormal behavior, associating the alert with the corresponding application service.
Health Log Analytics introduces "predictive AIOps" from log data with features that include:
- Anomaly detection based on patterns within your log data regardless of source
- Grouped Alerts that incorporate all known data including CI metadata
- Reduced alert noise based on the learning algorithm and ability to mute and focus as desired
- Participation with ITOM Event Management alerts to enhance the whole experience
What are the business outcomes you can expect from Health Log Analytics?
Before you start to rely on Predictive AIOps with Health Log Analytics it’s critical to have a clear vision of what you want to accomplish. Health Log Analytics allows you to deliver several positive business outcomes, and you can achieve all this over time. However, by deciding which outcomes are most important for your organization and agreeing on them with your stakeholders, you can set clear expectations and tailor your initial implementation to realize these goals.
Health Log Analytics benefits:
- Avoid service disruptions or discover hidden defects or security issues before they rise to a disruptive level giving a true Predictive experience.
- Reduce mean-time-to-resolve by quickly investigate and resolve incidents by leveraging contextual recommendations, enhanced collaboration, and investigation capabilities
- Simplify incident investigation and remediation by leveraging integrations with monitoring tools
- Improve visibility across teams by leveraging the landing page and the incident overview to assigned tasks across the team, as well as highlight key items to drive awareness and alignment
- Support greater productivity by utilizing enhanced collaboration capabilities that provide easy access to relevant information and experts-on-call
Before Getting Started
Since Health Log Analytics is an observability mechanism relying on data in the form of logs from services and infrastructure, it is important to keep the following in mind:
|
Customer Type |
Customers are required to have entitlements and licensing to use Health Log Analytics. Consult with your account team for more information. The app has a dependency on ITOM Health and builds a supporting technical infrastructure along side your instance upon installation. |
|
Workspace Status |
Service Operations Workspace is a key component of working with alerts that originate from Health Log Analytics |
|
Release Strategy |
Consider how you will deploy Health Log Analytics to your production instance. It is highly recommended to activate Health Log Analytics in your sub-production environment and perform the data ingest and mapping to measure the quality it can deliver while also completing upgrade/regression testing to ensure your instance is operating as expected. Each environment that Health Log Analytics is setup within will require approximately a week of training time for the model to provide dependable recommendations. |
Steps to quick success
Step 0: Health Log Analytics (HLA) as part of ITOM Health
Learn about Health Log Analytics setup, function and techniques via our product documentation.
Step 1: Determine ServiceNow Version for the best experience
Upgrade to Washington on a sub-production instance if you haven't already. Health Log Analytics is being enhanced along with the overall AIOps experience therefore we encourage you to be on a later version if possible. We encourage you to read the family version release notes and follow your normal upgrade process. For helpful information see the upgrade planning checklist. If you're new to upgrades, check out our NowLearning course: ServiceNow Upgrade Essentials.
Step 2: Install Health Log Analytics
To get started with Health Log Analytics, install Health Log Analytics from ServiceNow Store, which includes multiple user roles, plugins, and store applications that help in fully utilizing the potential of ITOM Health and Predictive AIOps.
Store applications for incident management and related capabilities are:
- AIOps Experience
- Event Management
- Event Management Connectors
- Agent Client Collector Monitoring
- Agent Client Collector Log Monitoring
Step 3: Setup Data Inputs
Once HLA is installed it will be necessary to setup the data inputs to provide data to the instance for processing. This is a cyclical model per data source or log type illustrated in the diagram below. The steps are Discovery, Acquire, Configure, Learning, Validate and Alert. Health Log Analytics is a learning model product therefore adopting strategic data points around a service is important for accurate predictions and actionable alerts.
Step 3a: Discovery
Identify logs from data sources from application, infrastructure or important sources for an important business service and define their key elements like timestamp, severity, message and necessary external IDs like error or event numbers to use in mapping and correlation.
Step 3b: Acquire
Using a dedicated MID server for HLA inputs, define a data source and allow automatic map creation to occur. If fields were not easily identified by ingest then manual maps can be created. The Log Viewer can be used to assure that log data is captured and processing correctly. If you are using Cloud Observability and ingesting logs via OpenTelemetry you can have a direct connection via the Service Graph Connector for Cloud Observability to avoid the requirement of a dedicated MID server.
Step 3c: Configure
Health Log Analytics Setup describes the process of mapping data elements by type. This important step will deliver the necessary structure for HLA to quickly learn and deliver results.
Step 3d: Learning
Anomaly Detection and other elements of Predictive AIOps take some time to form baselines and detect patterns. Generally, a week of processing will offer a suitable delivery window to reduce noise and delivery patterns and anti-patterns for alerting.
Step 3e: Validate
The main deliverable from HLA are Alerts and the guide Working Alerts created by Health Log Analytics illustrates how to affirm results that appear in Service Operations Workspace and provide feedback if necessary to reduce noise.
Step 3f: Action
Assigning higher or lower significance to an alert in Health Log Analytics or Add a KB article to a Health Log Analytics alert are two examples of actions that can be done immediately with alerts surfacing into Service Operations Workspace. Workflows can be created for remediation and standard practices enabled by ITOM are available.
Step 4: Explore Further
Explore the community site to learn more about Health Log Analytics to ask questions and deepen in your experience. Our Product Innovation team is happy to work with you on this initial journey with Health Log Analytics and provide guidance on an initial use case.
Other helpful resources
- Health Log Analytics product documentation.
- If you are new to ServiceNow, we also strongly recommend that you take this very short Get Started with the Now Platform course to learn platform basics. If you want a deeper dive into using the Now Platform, a longer ServiceNow Fundamentals course is also available.
