TCP data input configuration fields

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of TCP Data Input Configuration Fields

    The TCP data input configuration form allows you to set up log ingestion for Health Log Analytics in ServiceNow. This configuration includes essential fields to define how logs are collected from various sources and streamed to the appropriate MID Server.

    Show full answer Show less

    Key Features

    • Name: Required field for naming the data input.
    • Description: Optional description of the data input.
    • Port: Required unique port for the MID Server; ensure it is opened by the security team.
    • MID: Select a compatible MID Server for log streaming, limited to those supporting basic authentication.
    • Application Service: Required field for binding log data; create a new application service if none exists.

    Read-only fields include status, transport protocol, sources count, disabled since, last log time, and error messages, which provide insights into the data input's status and performance.

    Advanced Configuration

    • Use SSL/TLS: Option to enable secure connections.
    • Look up hostnames: Enables DNS resolution for IPs.
    • Boss thread count: Manages connection threads (default: 1).
    • Worker thread count: Handles incoming data threads (default: 4).
    • Read timeout seconds: Time after which the channel closes (default: 30 seconds).
    • Default timezone: Sets the timezone for events if unspecified (default: GMT).
    • Sub sample drop/receive ratio: Controls event sampling (default: -1 for no sampling).
    • Max length in bytes: Limits log message size (default: 32766 bytes).
    • Character encoding: Specifies encoding (default: UTF-8).
    • Drop if queue is full: Option to discard logs under load conditions.
    • Line breaker delimiters: Defines characters for separating log lines.

    Key Outcomes

    By properly configuring the TCP data input fields, ServiceNow customers can ensure efficient log ingestion, maintain optimal MID Server performance, and facilitate better data management within Health Log Analytics. This setup is crucial for accurate monitoring and troubleshooting within the ITOM framework.

    Description of the fields on the TCP data input configuration form.

    Basic configuration

    Field Description
    Name Name of the new data input. This field is required.
    Description Description of the data input.
    Port The port for the MID Server.

    Select a unique port from the array. The placeholder shows the range of ports from which to choose. Make sure that your organization’s security team opens the selected port.

    This field is required.
    MID The MID Server to which the logs are streamed.
    Note:
    • You can select only MID Servers with log ingestion capability that support basic authentication. MID Servers that support mTLS are not listed.
    • The default maximum number of data inputs streaming logs to a single MID Server is 10. You can modify this number in the MID Server properties.
    This field is required.
    Application service The application service to which to bind the log data. This field is required.
    Note:
    If no relevant application service exists, Create an application service and add CIs to it. Set the status of the new application service to Operational.

    The following fields show read-only information:

    Field Description
    Status Status of the data input.
    Transport Protocol used to send the log data.

    Rsyslog and Splunk send data using the TCP protocol.
    Sources count The number of log sources this data input has created.
    Disabled since The time when the data input stopped or failed.
    Last log time The time when the last log streamed in the data input.
    Error message The streaming error.

    This field is populated automatically. It displays only when a streaming error has occurred.

    Advanced configuration

    Table 1. Advanced configuration form
    Field Description Default value
    Use SSL/TLS Option for selecting to use SSL/TLS.
    Look up hostnames Option for selecting to perform DNS lookup to resolve IPs to hostnames. false
    Boss thread count The number of threads that manage connections. 1
    Worker thread count The number of threads that handle incoming data. 4
    Read timeout seconds The timeout in seconds since the last read. When the timeout expires, the system closes the channel. 30
    Default timezone The default time zone of events. The system uses this default when the log does not specify a time zone. GMT
    Sub sample drop ratio The ratio of events to drop. -1
    Sub sample receive ratio The ratio of events to receive. -1
    Max length in bytes The maximum length of log messages in bytes. 32766
    Character encoding The character encoding for this data input. UTF-8
    Drop if queue is full Option for selecting to discard logs if there is a load on the MID Server.
    Line breaker delimiters The line break character separating the raw log lines.

    Splitting values must be separated by a comma followed by a space: ", ". For example: "\r, \n, , splitHere, #".