Components installed with Health Log Analytics
Activating the Health Log Analytics, Health Log Analytics Viewer and Health Log Analytics Core plugins adds several components.
Note:
The Application Files table lists the components that are
installed with this application. For instructions on how to access this table, see Find components installed with an
application.
Plugins
| Plugin | Description |
|---|---|
| Health Log Analytics | Health Log Analytics is an AI-powered log analysis solution capable of preventing IT incidents before users are affected. It automatically identifies your environment and logs, predicts IT
incidents, generates alerts, and provides expert suggestions for fixing issues. Health Log Analytics is a ServiceNow Store app. Once installed, the module is available, but you can choose not to interact with it. Dependency:
|
| Health Log Analytics Viewer | Event Management operators use the Health Log Analytics Viewer plugin to browse logs by timestamp or time range. Health Log Analytics Viewer enables Event Management operators to search for a specific log text and visualize the frequency of hits in a particular time period. Dependency: The ServiceNow® Event Management application. |
| Health Log Analytics Core | This plugin contains essential components for Health Log Analytics, such as the AI Engine and Elasticsearch. Health Log Analytics Core is a ServiceNow Store app. Once installed, the module is available, but you can choose not to interact with it. Dependency: The ServiceNow® Event Management application. |
Roles
Health Log Analytics uses the following roles.
| Role title [name] | Description |
|---|---|
| Event Management Administrator [evt_mgmt_admin] | Has read and write access to all Event Management features to configure Health Log Analytics. |
| Event Management Operator [evt_mgmt_operator] | Has read access to all Event Management features. Has write access to alerts to manage the alert life cycle. Has the itil role to manage incidents created from alerts. Can also activate operations on alerts, such as to acknowledge, close, and open an incident and run remediation. |
Lists
Health Log Analytics adds the following lists.
| Table [name] | Description |
|---|---|
| Advanced Log Alert Filtering [sn_occ_advanced_alert_filtering] | Controls processing of alert metrics with feedback options. Enables providing more complex feedback to the AI engine. Beginning with the Health Log Analytics application, Version 20.0.11 - July 2021, available from the ServiceNow Store, this representation no longer displays. |
| Advanced Log Alert Filter [sn_occ_advanced_alert_filter] | Controls processing of alert metrics with feedback options. Enables providing more complex feedback to the AI engine. Note:
This feature is supported in the Health Log Analytics application, Version 20.0.11 - July 2021, available from the ServiceNow Store. |
| Data Inputs [sn_occ_base_data_input_config] | Enables setting up data input connectors to stream log data into the instance. |
| Data Input Mapping [sn_occ_event_mapper] | Enables mapping raw log data that streams into the instance to determine how Health Log Analytics processes it. |
| Data Input Preprocessor [sn_occ_data_input_preprocess_screen] | Enables editing raw log data before the system maps and structures it. |
| Define Alert [sn_occ_custom_alert] | Enables creating custom alerts based on a predefined set of rules. |
| Excluded Values [sn_occ_auto_service_normalizer] | Enables configuring Health Log Analytics to stop extracting specific log data that is not descriptive enough or contains redundant text or information. |
| Extracted Values [sn_occ_auto_service_mapper] | Enables configuring Health Log Analytics to extract a specific term found in a field and map it to a specified component. |
| Features [sn_occ_features] | Lists all Health Log Analytics features. The features can be activated and deactivated. |
| Lexical Keywords [sn_occ_lexical_keywords] | Shows all default lexical keywords that Health Log Analytics looks for in log data. |
| Log Correlator [sn_occ_log_correlator] | Shows all correlators that determine whether to correlate different alerts to the same group. Enables adding correlators to Health Log Analytics. |
| Log Sources [sn_occ_sources] | Provides a view of all data input sources when the log data has been mapped. Enables controlling properties and correlators for these sources. |
| Muted Metrics [sn_occ_metric_state] | Shows all muted alert metrics together with the muted components. Enables reactivating the muted alert metrics. |
| Source Type [sn_occ_source_type] | Contains the source types extracted in the mapping process. |
| Source Type Structure [sn_occ_source_type_structure] | Enables fine-tuning the source type structure. Provides a view of all source types when the log data has been mapped. Source types define how Health Log Analytics treats specific sources and how it parses the logs. |
| Streaming Sources [sn_occ_log_streaming_source_stats] | Enables monitoring all entities that stream log data to the instance. |
| System Health – Notifications [sn_occ_health_check] | Shows all system health notifications together and enables updating their status. |
| System Properties [sn_occ_system_settings] | Displays system properties and enables customizing their values. |
| Timestamp Formats [sn_occ_timestamp_formats] | Displays predefined timestamp formats. Enables defining and adding timestamp formats. |
| Time Zones [sn_occ_time_zones] | Enables deleting records in sn_occ_time_zones for users with the evt_mgmt_admin role. |
Forms
Health Log Analytics adds the following forms.
| Table [name] | Description |
|---|---|
| Beats Data Input [sn_occ_data_input_config_filebeat] | Enables configuring advanced settings for Beats data input connectors. |
| Beats Linux (Filebeat) [sn_occ_data_input_connector_filebeat] | Enables configuring Filebeat data input connectors. |
| Elasticsearch Data Input [sn_occ_data_input_config_elastic] | Enables configuring an Elasticsearch data input. |
| MID Server Data Input [sn_occ_data_input_config_midserver] | Enables configuring a MID Server data input. |
| Rsyslog [sn_occ_data_input_connector_rsyslog] | Enables configuring Rsyslog data input connectors. |
| Rsyslog Data Input [sn_occ_data_input_config_rsyslog] | Enables configuring advanced settings for Rsyslog data input connectors. |
| TCP Data Input Configuration [sn_occ_data_input_config_tcp] | Enables configuring advanced settings for TCP data input connectors. |
| Windows Beats [sn_occ_data_input_connector_winbeat] | Enables configuring Windows Beats data input connectors. |
| WinLog Beats [sn_occ_data_input_connector_winlogbeat] | Enables configuring WinLog Beats data input connectors. |