Set up a Splunk UDP integration for Health Log Analytics

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 3 minutes de lecture

    • Set up an integration to stream log messages to your ServiceNow instance over the UDP transport protocol using a Splunk heavy forwarder. Health Log Analytics processes the ingested log data.

    Avant de commencer

    • Verify that a MID Server is installed and configured with the Log Ingestion capability enabled. For more information, see MID Server system requirements.

      MID Server configuration with Log Ingestion capability enabled.

      Important :
      Health Log Analytics does not support IPv6. To work with the application, configure the MID Server to IPv4.
    • Unless the MID Server and external clients are on the same network, the MID Server must have a public IP address. This is required when its IP is exposed through network address translation (NAT), a load balancer, or a similar device. The public IP address enables external clients, such as Filebeat agents located outside its network, to reach the MID Server. Private IP addresses are not routable over the internet. Without a public IP, external clients cannot connect to the MID Server even if they are configured with its address. In the MID Server properties, add a property named mid.public_ip with the public IP address as the value. For more information, see Create a MID Server property. If the MID Server and external clients are on the same network, connections can be made using the private IP address.
    • For shipping your logs encrypted using SSL TLS, see the Streaming Data With Rsyslog & Filebeat Using SSL [KB0866319] article in the Now Support Knowledge Base.

    Role required: evt_mgmt_admin

    Pourquoi et quand exécuter cette tâche

    You set up integrations through the Integrations Launchpad in Service Operations Workspace, which you access from the ITOM AIOps configuration center. The AIOps configuration center is a centralized workspace for configuring and managing AIOps features from a single place. The integrations setup process reduces implementation time compared to manual data input setup in the classic interface in Health Log Analytics. For more information, see Integrations Launchpad in Service Operations Workspace for ITOM.

    Procédure

    1. Navigate to Workspaces > Service Operations Workspace.
    2. From the bottom of the navigation pane, select the AIOps configuration center icon ITOM AIOps configuration center icon.
      The ITOM AIOps configuration center page appears. The configuration center is a centralized workspace. Use it to configure and manage AIOps features from a single place.
    3. From the Integrate section, under Integrations, select Add integration.
      The Integrations Launchpad appears.
    4. In the Browse integrations tab, enter Splunk in the search field.
    5. Select the Splunk UDP integration tile.
      Remarque :
      If you start an integration setup before meeting all prerequisites, a message appears. You can cancel the setup and complete the prior requirements first. Alternatively, you can continue in draft mode and complete the requirements later. Note that you can't activate the integration until you have completed all the prerequisites.
    6. On the Provide details form, fill in the fields.
      For a description of the fields, see Provide details table in Splunk UDP integration configuration fields.
    7. Facultatif : Select Advanced settings and fill in the advanced configuration fields.
      For a description of the fields, see the Advanced settings table in Splunk UDP integration configuration fields.
    8. Select Next.
    9. Follow the procedure on the Set-up instruction screen to install the integration in the third-party console.
      Remarque :
      The procedure varies based on your configurations.
    10. Do one of the following:
      • If you completed all the prerequisites before starting the configuration, select Activate.

        When the integration is activated successfully, the Overview tab is displayed. On the Integrations Launchpad, the integration tile is available in the Installed integrations tab.

      • If you didn't complete all the prior requirements, select Save draft.

        The system saves the integration as a draft in the Integrations Launchpad. It appears in the Installed integrations tab, under Waiting for your action. You can complete the prerequisites and activate the integration later. For more information, see Activate a draft integration in Health Log Analytics.

    Que faire ensuite

    On the Overview tab, do the following: