Supported data inputs for Health Log Analytics

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Supported data inputs for Health Log Analytics

    Health Log Analytics (HLA) enables ServiceNow customers to integrate various data inputs into their ServiceNow instance for centralized log data analysis. It supports multiple input types, including both passive listeners and active pullers, enhancing your ability to collect and analyze log data from diverse sources efficiently.

    Show full answer Show less

    Supported Data Input Types

    • Passive data inputs (listeners): These wait for log data to be pushed and require open network ports on the MID Server. Supported listeners include Rsyslog, Beats, Splunk, TCP, UDP, MID Server, GCP PubSub, and REST API.
    • Agent Client Collector: Supported via the Agent Client Collector Log Analytics application available on the ServiceNow Store.
    • Active data inputs (pullers): These retrieve log data from repositories. Supported pullers include Elasticsearch, Splunk Polling, Amazon CloudWatch, Amazon S3, Microsoft Azure Log Analytics, Microsoft Azure Event Hubs, and Apache Kafka.

    MID Server Clustering and Failover

    For active data inputs, HLA supports MID Server clusters to ensure failover protection. The data pull runs on a single MID Server within the cluster, and if that server fails, tasks automatically shift to the next available MID Server in the configured order, ensuring continuous data ingestion.

    Elasticsearch Integration Requirements

    • HLA requires querying permissions and appropriate credentials: basic authentication, AWS credentials (for Elasticsearch on Amazon AWS Cloud), and network connectivity to the Elasticsearch cluster.
    • It is essential to specify the correct Elasticsearch index for data retrieval.

    Additional Supported Data Inputs

    HLA also supports Crible, Edge Delta, and Vector Agent data inputs, enabling ingestion from these streaming log tools directly into your ServiceNow instance.

    Native ServiceNow Data Inputs and Cloud Observability Integration

    HLA integrates natively with ServiceNow Cloud Observability (formerly Lightstep) for streaming log data. The configuration for log streaming is set up within the Cloud Observability application, while HLA manages the log records similarly to other data input mappings, allowing consistent handling of log data across sources.

    Health Log Analytics (HLA) enables you to connect your ServiceNow instance to several types of data input.

    HLA supports the following data input types:
    • Passive data inputs (listeners), which wait for log data to be pushed to them. These data inputs require a network port to be open on the MID Server:

      The Agent Client Collector data input is supported for use with the Agent Client Collector Log Analytics application, available from the ServiceNow Store.

    • Active data inputs (pullers), which pull data from repositories:

      For all active data inputs, Health Log Analytics supports MID Server clusters for failover protection. The active data input runs on a single MID Server in the cluster. If that MID Server fails, the system moves its tasks to the next available MID Server in the cluster in a configured order.

      The Elasticsearch data input fetches data from a data repository or database using credentials. If your data is in Elasticsearch, Health Log Analytics must have the following:
      • Permissions to query Elasticsearch
        One of the following types of credentials:
        • Basic authentication (user and password)
        • AWS, for Elasticsearch on Amazon AWS Cloud
      • Network connectivity to the relevant Elasticsearch cluster
      Note:
      Health Log Analytics must be pointed to the correct index to start pulling the data.

    In addition, Health Log Analytics supports Crible, Edge Delta, and Vector Agent data inputs. These data inputs enable HLA to process log messages that are streaming from these tools into your instance.

    Native ServiceNow data inputs

    Streaming logs from Cloud Observability to Health Log Analytics

    Health Log Analytics can process log data it ingests from the ServiceNow® Cloud Observability application, formerly  Lightstep. HLA automatically sets up the configuration needed to enable log streaming from Cloud Observability as part of its native integration. Setting up the connection from Cloud Observability to HLA must be done in the Cloud Observability application. In HLA, you handle log records from Cloud Observability in the same way as any other Data Input Mapping and Source Type Structure records, as explained in Log data auto-mapping and mapping in Health Log Analytics and Source type structure adjustment in Health Log Analytics. For more information about Cloud Observability, see Explore Cloud Observability documentation.