Microsoft Azure Event Hubs integration configuration fields

  • Release version: Xanadu
  • Updated July 31, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Microsoft Azure Event Hubs integration configuration fields

    This documentation details the configuration fields for integrating Microsoft Azure Event Hubs with ServiceNow's Health Log Analytics. It guides you through setting up the integration to pull log data from Azure Event Hubs into your ServiceNow instance, enabling centralized log management and analysis.

    Show full answer Show less

    Integration Setup

    • Integration Name: Assign a unique name to identify your Event Hubs integration.
    • Service Instance: Specify the ServiceNow instance where log data will be bound; this is required.
    • Source: The log data source is fixed as PubSub (read-only).
    • Description: Optionally add a brief description for easier identification.

    Execution Environment

    • Execute on: Choose whether to use a specific MID Server or a MID Server cluster to stream logs.
    • MID Server Selection: If using a specific MID Server, select one that supports basic authentication for log ingestion; mTLS is not supported.
    • MID Server Cluster: If using a cluster (supported from Health Log Analytics version 26.0.17), ensure it is a failover cluster of MID Servers with basic authentication and log ingestion enabled. The system handles failover by moving data input tasks among MID Servers.
    • Capacity Limits: By default, each MID Server can handle up to 10 data inputs; this can be adjusted in MID Server properties.

    Data Retrieval Configuration

    • Event Hubs Namespace: Enter the container name housing your event hubs (required).
    • Event Hub Name: Specify the event hub from which logs are fetched (required).
    • Consumer Group Name: Choose or create a consumer group to manage log consumption; defaults to $Default.
    • Event Hub Credentials: Use existing Azure Shared Access Signature (SAS) credentials or create new ones by providing SAS policy name and key (required).

    Advanced Settings

    • Restore Point Rate: Determines how many logs are read before saving a restore point.
    • Processor Threads Count: Sets the number of processing threads to use.
    • Sub Sample Drop Ratio: Controls the proportion of logs discarded to reduce volume; a value of -1 means no logs are dropped.
    • Sub Sample Receive Ratio: Controls the proportion of logs received; -1 means all logs are received.
    • Operation Timeout (seconds): Timeout duration for Event Hubs operations.
    • Receive Idle Timeout (seconds): Timeout for receive operations when idle.
    • Max Length in Bytes: Maximum log message size; default is 32,766 bytes.
    • Prefetch Count: Number of logs fetched in advance to optimize performance.
    • Max Batch Size: Maximum events processed in a single call; default is 100.
    • Default Timezone: Time zone applied when logs lack timezone info; default is GMT.
    • Character Encoding: Encoding used for log data; default is UTF-8.
    • Drop if Queue is Full: Option to discard logs when MID Server is under load to prevent overload.

    Practical Considerations for ServiceNow Customers

    By properly configuring these fields, customers can efficiently stream and manage Azure Event Hubs log data within ServiceNow’s Health Log Analytics application. Selecting the right MID Server or cluster ensures high availability and failover support. Using appropriate credentials and consumer groups controls secure and organized data ingestion. Advanced settings allow tuning performance and resource usage to match organizational needs.

    Description of the fields on the Microsoft Azure Event Hubs integration configuration forms for Health Log Analytics.

    Table 1. Provide details
    Field Description
    Integration Name Unique name of this integration. For example: My Event Hubs integration. This field is required.
    Note:
    When you fill in this field, the generic name displayed on the form adjusts automatically to match the name you entered.
    Service Instance The service instance (formerly the application service) to which to bind the log data. This field is required.
    Source The source of the log data that the integration pulls to your ServiceNow instance: PubSub. This field is read-only.
    Description Option to add a brief description of the integration to help identify it.
    Execute on Option to determine whether to use a specific MID Server or a MID Server cluster.

    This feature is supported in the Health Log Analytics application, Version 26.0.17 - February 2023 and later, available from the ServiceNow Store.
    MID Server name

    (Only when Execute on is set to Specific MID Server.)

    The MID Server to which the logs are streamed.
    Note:
    • You can only select a MID Server with log ingestion capability that supports basic authentication. MID Servers that support mTLS are not listed.
    • If log ingestion is not enabled on the selected MID Server, Health Log Analytics enables it automatically.
    • The default maximum number of data inputs streaming logs to a single MID Server is 10. You can modify this number in the MID Server properties.
    This field is required.
    MID Server cluster

    (Only when the Execute on field is set to Specific MID Server Cluster)

    The MID Server cluster to which the log data is pulled.

    The data input runs on a single MID Server in the cluster until that MID Server fails. The system then moves all the data input tasks to the next available MID Server in the cluster according to the configured order.

    This feature is supported in the Health Log Analytics application, Version 26.0.17 - February 2023 and later, available from the ServiceNow Store.

    Note:
    • Health Log Analytics supports only failover MID Server clusters. In these clusters, multiple MID Servers are grouped together for failover protection. When selecting a cluster from the data input form, the MID Server Clusters list displays only failover clusters.
    • The MID Server cluster must include only MID Servers that support basic authentication. mTLS is not supported for log ingestion.
    • Log ingestion must be enabled for each MID Server in the cluster. If log ingestion is not enabled for the active MID Server, Health Log Analytics enables it automatically.
    • The default maximum number of data inputs streaming logs to a single MID Server is 10. A cluster passes capacity validation if it contains at least one MID Server with fewer than 10 data inputs running on it, even when that MID Server is down.
    For more information about MID Server clusters, see Configure a MID Server cluster.

    This field is required.
    Table 2. Set data retrieval method
    Event Hubs namespace The scoping container for the event hub or hubs. This field is required.
    Event Hub name The event hub from which to fetch log data. This field is required.
    Consumer Group name The Consumer Group to use. This field is required.

    Enter an existing Consumer group or create one in the event hub. The default value is $Default.
    Event Hub Credentials The Event Hub credentials to use. This field is required.

    Select existing Azure Shared Access Signature (SAS) credentials or create the Azure SAS credentials to use. If you create new Azure SAS credentials, you must provide the SAS policy name and key.
    Table 3. Advanced settings
    Field Description
    Restore point rate The number of logs the integration can read before a restore point is saved.
    Processor threads count The total number of processor threads.
    Sub sample drop ratio The ratio of logs to discard.

    This setting determines the number of logs to group together, out of which one is dropped. It reduces the number of fetched logs.

    The default value is -1: no logs are discarded. For example, if you want one log out of every five to be dropped, change the value to 5.
    Sub sample receive ratio The ratio of logs to receive.

    This setting determines the number of logs to group together, out of which one is received. It reduces the number of logs you receive.

    The default value is -1, meaning no logs are received. For example, if you want to receive one log out of every five, change the value to 5.
    Operation timeout (seconds) The number of seconds to wait before timing out event hubs operations.
    Receive idle timeout (seconds) The number of seconds to wait before timing out receive operations.
    Max length in bytes The maximum length, in bytes, of log messages. The default value is 32766.
    Prefetch count The number of logs received in advance of event hubs operations.
    Max batch size The maximum number of events passed to a single process call. The default value is 100.
    Default timezone The default time zone of logs. The system uses this default when the log does not specify a time zone. The default value is GMT.
    Character encoding The character encoding for this integration. The default value is UTF-8.
    Drop if queue is full Option for selecting to discard logs if there is a load on the MID Server.