Set up log streaming via ITOM Gateway for Health Log Analytics

  • Release version: Australia
  • Updated May 4, 2026
  • 2 minutes to read

    • Set up log streaming via ITOM Gateway to enable Health Log Analytics (HLA) to receive log data directly from external sources without a MID Server.

    Before you begin

    • Review the MID-less log streaming via ITOM Gateway in Health Log Analytics documentation.
    • Verify that Health Log Analytics version 36.0.19 or higher is installed on your instance.
    • Verify that HLA provisioning is complete. Confirm that the AI Engine and Elasticsearch show green status at: https://<instance>.service-now.com/xmlstats.do?include=services_status.
    • Verify that ITOM Cloud Services Core is installed on your instance.
    • Verify that a JWT provider and token are configured on your instance. For more information, see Configure a JSON Web Token (JWT) provider and token for Health Log Analytics.
    • (High-volume deployments only) If you expect 30,000 or more log events per second, contact ServiceNow Support to request infrastructure scaling. Proceed to the log streaming via ITOM Gateway setup procedure only after ServiceNow confirms that scaling is complete.
      Provide the following information:
      Table 1. Required information for infrastructure scaling
      Information Example
      Expected maximum log events per second 100,000 log events per second from all sources
      Environment URL or URLs <customer>prod.service-now.com
      Preferred migration date and time Sundays, overnight US time preferred
      Note:
      Scaling requires a 6-hour change window and expected HLA downtime of 2–6 hours.

    Role required: evt_mgmt_admin

    About this task

    Log streaming via ITOM Gateway removes the MID Server from the log ingestion path. External log sources send data directly to the ITOM Gateway, which routes it through the  Hermes  Messaging Service to the HLA AI Engine. For more information, see MID-less log streaming via ITOM Gateway in Health Log Analytics.

    Setup involves two stages: enabling ITOM Gateway and Hermes on your instance, and creating an integration from Integrations Launchpad.

    Supported log sources include AWS Firehose, Cribl Stream, and OpenTelemetry Collector.

    Procedure

    1. Enable ITOM Gateway and the  Hermes  Messaging Service.
      1. Navigate to All.
      2. In the navigation filter, enter sys_service.list and press Enter.
      3. In the Services table, verify that an entry for itom-hla-gw exists with a corresponding sys_service_endpoint entry.
      4. Navigate to All > MID Server > Properties.
      5. Search for the property mid.hla.itom_gateway_streaming.enabled and set it to true.
        All MID Servers automatically switch to ITOM Gateway streaming mode.
      Note:
      MID Servers re-establish gRPC connections. Data inputs are not restarted.
    2. Set up the integration from Integrations Launchpad.
      For more information, see Set up integrations for Health Log Analytics from the Integrations Launchpad.
    3. On the Overview tab of the integration, confirm that the ITOM Gateway URL, Integration ID, and Token values are populated.
      If these values appear, log streaming via ITOM Gateway setup is complete.