Set up an Elasticsearch integration for Health Log Analytics

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 4 minutes de lecture

    • Set up an integration to stream log data seamlessly from Elasticsearch indices to your instance for Health Log Analytics processing.

    Avant de commencer

    Remarque :
    Health Log Analytics supports Elasticsearch versions above 7.10.2 and below 8.18.2. For advanced Elasticsearch log streaming guidance, see the Stream logs using Elasticsearch data input - Advanced guide [KB1080162] article in the Now Support Knowledge Base.
    • Verify that the Health Log Analytics application is installed and provisioned on your instance. For more information, see Install Health Log Analytics (HLA).
    • Verify that a service instance is available.
    • Verify that the Health Log Analytics AI Engine is up and running.
    • Verify that a MID Server is installed and configured with the Log Ingestion capability enabled. For more information, see MID Server system requirements.

      MID Server configuration with Log Ingestion capability enabled.

      Important :
      Health Log Analytics does not support IPv6. To work with the application, configure the MID Server to IPv4.
    • Unless the MID Server and external clients are on the same network, the MID Server must have a public IP address. This is required when its IP is exposed through network address translation (NAT), a load balancer, or a similar device. The public IP address enables external clients, such as Filebeat agents located outside its network, to reach the MID Server. Private IP addresses are not routable over the internet. Without a public IP, external clients cannot connect to the MID Server even if they are configured with its address. In the MID Server properties, add a property named mid.public_ip with the public IP address as the value. For more information, see Create a MID Server property. If the MID Server and external clients are on the same network, connections can be made using the private IP address.

    Role required: evt_mgmt_admin

    Pourquoi et quand exécuter cette tâche

    You set up integrations through the Integrations Launchpad in Service Operations Workspace, which you access from the ITOM AIOps configuration center. The AIOps configuration center is a centralized workspace for configuring and managing AIOps features from a single place. The integrations setup process reduces implementation time compared to manual data input setup in the classic interface in Health Log Analytics. For more information, see Integrations Launchpad in Service Operations Workspace for ITOM.

    Procédure

    1. Navigate to Workspaces > Service Operations Workspace.
    2. From the bottom of the navigation pane, select the AIOps configuration center icon ITOM AIOps configuration center icon.
      The ITOM AIOps configuration center page appears. The configuration center is a centralized workspace. Use it to configure and manage AIOps features from a single place.
    3. From the Integrate section, under Integrations, select Add integration.
      The Integrations Launchpad appears.
    4. In the Browse integrations tab, enter Elasticsearch in the search field.
    5. Select the Elasticsearch integration tile.
      Remarque :
      If you start an integration setup before meeting all prerequisites, a message appears. You can cancel the setup and complete the prior requirements first. Alternatively, you can continue in draft mode and complete the requirements later. Note that you can't activate the integration until you have completed all the prerequisites.
    6. On the Provide details form, fill in the fields.
      For a description of the fields, see the Provide details table in Elasticsearch integration configuration fields.
    7. Select Next.
    8. On the Set data retrieval method form, fill in the fields.
      For a description of the fields, see Elasticsearch integration configuration fields.
    9. Facultatif : Select Advanced settings to set advanced configuration fields.
      For a description of the fields, see the Advanced settings table in Elasticsearch integration configuration fields.
    10. Do one of the following:
      • If you completed all the prerequisites before starting the configuration, select Activate.

        In the pop-up window, select Test & Save to save the integration to the database and test connectivity. If an error is returned, adjust the configuration as suggested in the error message and then try to activate the integration again.

        When the test is successful, you can activate the integration either with or without AI-powered capabilities. Select the appropriate option:
        • Activate with AI enables AI-powered automatic mapping of log data. When the integration is activated successfully, the Overview tab is displayed. Now Assist collects and analyzes log data. An AI icon indicates that Now Assist auto-maps log data to service instances and components for contextual alert generation.
        • Activate activates the integration without AI-powered mapping. The integration is activated and the Overview tab is displayed.
      • If you didn't complete all the prior requirements, select Save draft.

        The system saves the integration as a draft in the Integrations Launchpad. It appears in the Installed integrations tab, under Waiting for your action. You can complete the prerequisites and activate the integration later. For more information, see Activate a draft integration in Health Log Analytics.

    Que faire ensuite

    On the Overview tab, do the following:

    If you activated the integration with AI, verify that AI correctly auto-mapped log data to service instances and components. To do this, select View mapping under Log context mapping. You can override the AI mapping by selecting a different log field from each list. For more information, see Map logs to service instances, components, and source types for contextual alerts in Health Log Analytics.