GCP PubSub data input configuration fields

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of GCP PubSub data input configuration fields

    This document explains the configuration fields for setting up a GCP PubSub data input in ServiceNow Health Log Analytics (HLA), specifically for the Yokohama release. It guides customers on how to configure the data input form to stream log data from Google Cloud Pub/Sub to ServiceNow via MID Servers or MID Server clusters.

    Show full answer Show less

    Basic Configuration

    • Name: Required field to give a unique name to the data input.
    • Port: Required field for selecting a unique port on the MID Server; ensure the port is open by your security team.
    • Execute on: Choose whether to use a specific MID Server or a MID Server cluster for log ingestion.
    • MID (Specific MID Server option): Select a MID Server with log ingestion enabled that supports basic authentication (mTLS is not supported). HLA enables log ingestion automatically if disabled. By default, a MID Server supports up to 10 simultaneous data inputs.
    • MID Server Cluster (Specific MID Server cluster option): Select a failover MID Server cluster with basic authentication support. The data input runs on one MID Server at a time, failing over to others as needed. Clusters must have at least one MID Server below capacity for validation. Log ingestion is auto-enabled if necessary.
    • Service instance: Bind the log data to a ServiceNow service instance, which must be set to Operational. Create one if needed.

    Read-Only Fields

    • Transport: Fixed to PubSub.
    • Sources count: Number of log sources created by this data input.
    • Status: Current state of the data input.
    • Disabled since: Timestamp when the input stopped or failed.
    • Last log time: Timestamp of the last received log.

    Transport Tab Configuration

    • Project ID: Google Cloud project identifier.
    • Topic Name: Pub/Sub topic subscribed to for log data.
    • GCP Credential Alias: Credential alias used for authentication; can select existing or create new. Defaults to snocc.HLACredentialAlias.
    • Subscription Name: Pub/Sub subscription used by HLA; defaults to ServiceNow-Subscription if left blank.

    Advanced Configuration

    • Subscriber Thread Pool Size: Number of concurrent threads downloading messages; default is 1.
    • Default timezone: Time zone applied to events lacking time zone info; default is GMT.
    • Max length in bytes: Maximum size allowed for log messages; default is 32,766 bytes.
    • Character encoding: Read-only, set to UTF-8.
    • Sub sample drop ratio and receive ratio: Controls for sampling event ingestion; default is -1 (disabled).
    • Rate limit: Maximum events processed per second; default is -1 (no limit).
    • Drop if queue is full: Option to discard logs if MID Server queue is overloaded; default is not selected.

    Practical Considerations for ServiceNow Customers

    • Ensure the selected MID Server(s) support basic authentication and have log ingestion enabled; HLA will enable it if not.
    • Choose ports carefully and coordinate with your security team to open them.
    • Utilize MID Server clusters for failover protection to maintain continuous log streaming.
    • Manage credential aliases securely to authenticate with Google Cloud Pub/Sub.
    • Adjust advanced settings like thread pool size and rate limits to optimize performance based on your environment.
    • Bind incoming logs to appropriate service instances for better data organization and operational visibility.

    Description of the fields on the GCP PubSub data input configuration form.

    Basic configuration

    Field Description
    Name Name of the new data input. This field is required.
    Port The port for the MID Server.

    Select a unique port from the array. The placeholder shows the range of ports from which to choose. Make sure that your organization’s security team opens the selected port.

    This field is required.
    Execute on Option to select whether to use a specific MID Server or a MID Server cluster. This field is required.
    MID

    (Only when the Execute on field is set to Specific MID Server)

    The MID Server to which the logs are streamed.
    Note:
    • You can select only MID Servers with log ingestion capability that support basic authentication. MID Servers that support mTLS are not listed.
    • The default maximum number of data inputs streaming logs to a single MID Server is 10. You can modify this number in the MID Server properties.
    • If log ingestion is not enabled for the selected MID Server, Health Log Analytics enables it automatically.
    This field is required.
    MID Server Cluster

    (Only when Execute on is set to Specific MID Server cluster.)

    The MID Server cluster to which the log data is pulled. This field is required.

    The data input runs on a single MID Server in the cluster until that MID Server fails. The system then moves all the data input tasks to the next available MID Server in the cluster according to the configured order.

    Note:
    • Health Log Analytics supports only failover MID Server clusters. In these clusters, multiple MID Servers are grouped together for failover protection. When selecting a cluster from the data input or integration form, the MID Server clusters list displays only failover clusters.
    • The MID Server cluster must include only MID Servers that support basic authentication. mTLS is not supported for log ingestion.
    • Log ingestion must be enabled for each MID Server in the cluster. If log ingestion is not enabled for the active MID Server, Health Log Analytics enables it automatically.
    • The default maximum number of data inputs or integrations streaming logs to a single MID Server is 10. A cluster passes capacity validation if it contains at least one MID Server with fewer than 10 data inputs or integrations running on it, even when that MID Server is down.
    For more information about MID Server clusters, see Configure a MID Server cluster.
    Service instance The service instance to which to bind the log data. This field is required.
    Note:
    If no relevant service instance exists, Create an service instance and add CIs to it. Set the status of the new service instance to Operational.

    The fields in the following table show read-only information.

    Field Description
    Transport Protocol used to send the log data: PubSub.
    Sources count The number of log sources this data input has created.
    Status Status of the data input.
    Disabled since The time when the data input stopped or failed.
    Last log time The time when the last log streamed in the data input.
    Table 1. Transport tab
    Field Description
    Project ID The project ID of the Google Cloud project. For example, my-project-id.
    Topic Name The Google Cloud Pub/Sub topic to which to subscribe Health Log Analytics. For example, my_topic.
    GCP Credential Alias The credential alias to be used.

    Specify one GCP credential alias by selecting the magnifying glass icon and then either selecting an existing credential alias from the Connection & Credential Aliases list, or selecting New to create a new record. The default is sn_occ.HLA_Credential_Alias.

    For information about creating a credential alias, see Credential aliases for Discovery.
    Subscription Name The subscription Health Log Analytics uses to receive log data that is published on the Google Cloud Pub/Sub topic.

    If you leave this field blank, Health Log Analytics uses ServiceNow-Subscription.

    Advanced configuration

    Table 2. Advanced tab
    Field Description Default value
    Subscriber Thread Pool Size The number of concurrent threads that are downloading files from the Google Cloud Pub/Sub topic. 1
    Default timezone The default time zone of events. The system uses this default when the log does not specify a time zone. GMT
    Max length in bytes The maximum length of log messages, in bytes. 32,766
    Character encoding (Read-only) The character encoding for this data input. UTF-8
    Sub sample drop ratio The ratio of events to drop. -1
    Sub sample receive ratio The ratio of events to receive. -1
    Rate limit The maximum number of events per second that this data input processes. -1
    Drop if queue is full Option for selecting to discard logs if many processes are waiting in the queue to access the MID Server. Clear