ACC data input configuration fields

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of ACC Data Input Configuration Fields

    The ACC data input configuration form allows ServiceNow customers to set up log streaming to a specified MID Server, ensuring efficient data collection and management. Each MID Server can support only one ACC data input, with specific configurations required for optimal performance.

    Show full answer Show less

    Key Features

    • MID: Designates the MID Server for log streaming. Only MID Servers with AgentClientCollector capability are selectable. A maximum of 11 data inputs can be defined, including one ACC data input.
    • Port: Specifies the active port on the MID Server for log streaming. The port must be opened by the security team, and updates to the port are applied seamlessly.
    • Description: Provides a description of the data input.
    • Status: Displays the current status of the data input.
    • Transport: Indicates the protocol used for sending log data, specifically through a ServiceNow Agent.
    • Sources Count: Totals the number of log sources from all ACC data inputs, available in the Health Log Analytics application.
    • Error Message: Automatically populated field that shows any streaming errors.
    • Advanced Configuration Options: Includes settings for DNS lookup, SSL usage, client inactivity timeout, worker thread count, default time zone, sub-sample ratios, maximum log length, character encoding, and queue management.

    Key Outcomes

    By configuring these fields correctly, ServiceNow customers can ensure reliable log streaming, monitor the health of log data inputs, and maintain efficient performance of their logging infrastructure. Proper setup minimizes potential data loss and enhances real-time data processing capabilities.

    Description of the fields on the ACC data input configuration form.

    Table 1. Basic configuration
    Field Description
    MID The MID Server to which the logs stream.
    Note:
    • Only one ACC data input can be defined per MID Server. You can select only MID Servers with AgentClientCollector capability that support basic authentication. MID Servers that support mTLS are not listed.
    • The default maximum number of data inputs streaming logs to a single MID Server is 10. You can modify this number in the MID Server properties. However, when 10 data inputs that are not ACC data inputs have been defined for a MID Server, one ACC data input can still be defined for it, making a total of 11 data inputs defined for that MID Server.
    • When you submit the form, this field becomes read-only.
    This field is required.
    Port

    The port on the MID Server.

    The port must be configured and active. It must not be occupied by another process. Make sure that your organization’s security team opens the port before you assign it.

    Note:
    When you update the port, the system updates the Agent Client Collector with the new port configuration. Log streaming continues seamlessly without log loss after 1-3 minutes.
    This field is required.
    Description Description of the data input.

    The fields in the following table show read-only information.

    Field Description
    Name The name of the data input: Agent Log Analytics.
    Note:
    All ACC data inputs have the same name. You can identify an ACC data input by the name of the MID Server that is defined for it.
    Status The status of the data input.
    Transport The protocol used to send the log data.

    The ACC data input sends data using a ServiceNow Agent.
    Sources count

    The total number of log sources originating from all ACC data inputs together.

    This feature is supported in the Health Log Analytics application, Version 22.0.12 - December 2021 and later, available from the ServiceNow Store.
    Disabled since The time when the data input stopped or failed.
    Last log time The time when the last log streamed in the data input.
    Error message The streaming error.

    This field is populated automatically. It displays only when a streaming error has occurred.
    Table 2. Advanced configuration
    Field Description Default value
    Look up hostnames Option for selecting to perform DNS lookup to resolve IPs to hostnames. false
    Use SSL Option for selecting to use SSL. true
    Client inactivity timeout (sec) The timeout, in seconds, to close an inactive channel. 15
    Worker thread count The number of threads that handle incoming data. 4
    Default time zone The default time zone of events. The system uses this default when the log does not specify a time zone. GMT
    Sub sample drop ratio The ratio of events to drop. -1
    Sub sample receive ratio The ratio of events to receive. -1
    Max length in bytes The maximum length of log messages, in bytes. 32,766
    Character encoding The character encoding for this data input. UTF-8
    Drop if queue is full Option for selecting to discard logs if many processes are waiting in the queue to access the MID Server. false