Set up integrations for Health Log Analytics from the Integrations Launchpad

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Set up integrations for Health Log Analytics from the Integrations Launchpad

    The Integrations Launchpad in Service Operations Workspace for ITOM provides a centralized interface to configure integrations that ingest raw log data from various external sources into ServiceNow. This enables Health Log Analytics to process and analyze log messages efficiently within your ServiceNow instance.

    Show full answer Show less

    Integrations for Health Log Analytics

    The Launchpad supports two main types of integrations to bring log data into ServiceNow:

    • Pull integrations: These periodically retrieve log data from external sources, often using a MID Server, and stream it into your instance.
    • Push integrations: These accept log data pushed from external sources into your instance, typically via a MID Server or over supported protocols.

    Pull Integrations

    Pull integrations enable log streaming from popular platforms and services including:

    • Amazon CloudWatch
    • Amazon S3 buckets
    • Apache Kafka
    • Elasticsearch indices
    • Microsoft Azure Event Hubs (both MID Server and MID-less)
    • Microsoft Azure Log Analytics
    • MID Server log collection
    • ServiceNow System Logs Retriever (admin-only, single instance)
    • Splunk Poller (periodic queries)

    These integrations enable automated retrieval of log data from key cloud, streaming, and logging infrastructures, ensuring your instance receives timely log inputs for analysis.

    Push Integrations

    Push integrations allow external sources to send log data directly to your instance using different protocols and agents, including:

    • ACC Log Analytics agent (via MID Server)
    • Amazon Data Firehose (direct to ITOM Gateway without MID Server)
    • Cribl log streaming
    • Edge Delta (via REST and TCP)
    • Google Cloud Pub/Sub
    • REST API (JSON format)
    • Splunk TCP and UDP (via heavy forwarder)
    • TCP and UDP socket direct streaming
    • Vector Agent streaming

    This variety of push methods provides flexibility to capture log data from diverse environments and streaming architectures, supporting real-time ingestion and processing.

    Practical Benefits for ServiceNow Customers

    • Unified setup experience through the Integrations Launchpad simplifies configuration and management of multiple log data sources.
    • Supports a broad range of popular log sources and protocols, enabling comprehensive log collection across hybrid cloud and on-premises systems.
    • Use of MID Server where applicable ensures secure and controlled data transfer from network-restricted environments.
    • Push and pull options allow you to choose the integration method best suited to your infrastructure and data flow requirements.
    • Direct integration with Health Log Analytics AI engine ensures that ingested logs are immediately available for advanced analysis and operational intelligence.

    Set up integrations from the Event Management Integrations Launchpad in Service Operations Workspace for ITOM.

    Integrations Launchpad

    The Integrations Launchpad tool provides a unified interface for convenient integration with connectors that feed raw log messages from external sources into your ServiceNow instance for processing and analysis. For more information, see Integrations Launchpad in Service Operations Workspace for ITOM.

    Integrations for Health Log Analytics

    The Integrations Launchpad enables the following integrations for Health Log Analytics:

    Pull integrations
    These integrations pull log data from external data sources and stream the data to your instance, typically via a MID Server. Select an integration in the table to open a page with the setup procedure.
    Table 1. Pull integrations
    Integration Description
    Amazon CloudWatch Streams log data from Amazon CloudWatch to your instance.
    Amazon S3 Streams log data from Amazon S3 (Simple Storage Service) buckets to your instance.
    Apache Kafka Streams log data from Apache Kafka to your instance.
    Elasticsearch Streams log data from Elasticsearch indices to your instance.
    Microsoft Azure Event Hubs Streams events from Microsoft Azure Event Hubs to your instance.
    Microsoft Azure Event Hubs (MID-less) Streams events from Microsoft Azure Event Hubs to your instance without a MID Server.
    Microsoft Azure Log Analytics Streams log data from Microsoft Azure Log Analytics to your instance. The connector points the Health Log Analytics AI engine to a data source in your Microsoft Azure Log Analytics account.
    MID Server Collects log messages from the MID Server and streams them to your instance.
    ServiceNow System Logs Retriever Sends log data from the ServiceNow System Log table to the Health Log Analytics AI engine.

    This integration doesn't run on a MID Server.

    Note:
    Only a single ServiceNow System Logs Retriever data input can exist in the system, and only users with the admin role can create and configure it.
    Splunk Poller Pulls log data from Splunk to your ServiceNow instance periodically by query.
    Push integrations
    These integrations connect to external data sources that push log data to your instance, typically via a MID Server. Select an integration in the table to open a page with the setup procedure.
    Table 2. Push integrations
    Integration Description
    Amazon Data Firehose Streams log messages from Amazon Data Firehose directly to the collector service in ITOM Gateway, where it’s queued for Health Log Analytics processing.

    This integration doesn't run on a MID Server.
    Cribl Enables Health Log Analytics to process Cribl log messages streaming into the ServiceNow instance.
    Edge Delta REST Enables Health Log Analytics to process logs it receives from Edge Delta in a distinct format. These logs stream into the ServiceNow instance via REST.
    Edge Delta TCP Enables Health Log Analytics to process logs it receives from Edge Delta in a distinct format. These logs stream into the ServiceNow instance over the TCP transport protocol.
    GCP PubSub Receives log messages that were published to a Google Cloud Pub/Sub topic and streams them to your instance.
    REST API Streams log data to your instance in JSON format.
    Splunk TCP Streams log messages to your ServiceNow instance over the TCP transport protocol using a Splunk heavy forwarder.
    Splunk UDP Streams log messages to your ServiceNow instance over the UDP transport protocol using a Splunk heavy forwarder.
    TCP Sends raw log messages to your instance directly over a TCP/SSL socket.
    UDP Sends raw log messages to your instance directly over a UDP socket.
    Vector Agent Enables Health Log Analytics to process log messages that are streaming into the ServiceNow instance via a Vector Agent.