ACC Log Analytics (ACC-L) integration configuration fields
Summarize
Summary of ACC Log Analytics (ACC-L) integration configuration fields
This document details the configuration fields available for setting up the ACC Log Analytics (ACC-L) integration within ServiceNow’s Health Log Analytics. The ACC-L integration enables streaming of log data using a ServiceNow Agent through a designated MID Server, facilitating centralized log management and analysis.
Show less
The integration setup requires specifying key connection parameters and offers advanced settings to customize log processing and data flow control.
Configuration Fields
The main configuration form includes the following critical fields:
- Transport: Indicates the protocol used to send log data. This is read-only and fixed to use the ServiceNow Agent.
- Port: Specifies the port on the MID Server that the ACC-L agent connects to. This is mandatory and must differ from the MID Web Server port.
- Description: Optional brief text to identify the integration.
- ACC Listener MID Server: The MID Server receiving the logs. Only one ACC-L integration per MID Server is allowed. Must have AgentClientCollector capability with basic authentication (mTLS-supported MID Servers are excluded). The maximum number of streaming data inputs per MID Server is 10 by default, adjustable via MID Server properties. The MID Server choice becomes read-only once the integration is activated.
- MID Web Server port: Auto-populated port for MID Server data reception, read-only, and must be accessible through firewalls.
Advanced Settings
Additional options allow fine-tuning of the integration’s behavior:
- Lookup hostnames: Enables DNS lookups to resolve IP addresses to hostnames.
- Use SSL: Option to secure communication using SSL.
- Client inactivity timeout: Defines the time in seconds to close inactive connections.
- Sub sample drop ratio: Controls the proportion of logs to drop (default is -1, meaning no logs are dropped). For example, setting to 5 drops one out of every five logs.
- Max length in bytes: Limits the size of individual log messages.
- Character encoding: Set to UTF-8 and is read-only.
- Worker thread count: Number of threads handling incoming data to optimize performance.
- Sub sample receive ratio: Defines the proportion of logs to receive (default -1 means all logs are received). For example, a value of 5 means one in five logs is processed.
- Default timezone: Specifies the timezone used when logs lack time zone data.
- Drop if queue is full: Option to discard logs if the processing queue is overloaded, helping maintain system stability under heavy load.
Practical Implications for ServiceNow Customers
Understanding and correctly configuring these fields is essential for ensuring reliable log streaming from ACC-L agents to the MID Server, optimizing performance, and maintaining system stability. Customers should carefully plan port assignments to avoid conflicts, select appropriate MID Servers with required capabilities, and use advanced settings to tailor log ingestion rates and resource usage according to their environment and monitoring needs.
After activation, key configuration elements like the MID Server cannot be changed, so precise initial setup is critical. Proper firewall configuration to allow the MID Web Server port is also necessary to ensure connectivity.
Description of the fields on the ACC Log Analytics (ACC-L) integration configuration forms for Health Log Analytics.
For the ACC Log Analytics (ACC-L) integration setup procedure, see Set up an ACC Log Analytics integration for Health Log Analytics.
| Field | Description |
|---|---|
| Transport | The protocol used to send the log data. This field is read-only. The ACC-L integration uses a ServiceNow Agent to send data. |
| Port | The port on the MID Server to which the ACC-L agent connects. This field is required. Important: This port can't be the same as the MID Web Server port. |
| Description | Option to add a brief description of the integration to help identify it. |
| ACC Listener | |
| MID Server | The MID Server to which the logs stream. This field is required. Note:
|
| MID Web Server port | Port used by the MID Server to receive data from ACC agents. This field is auto-populated and read-only when a MID Server has been configured. Note: The MID Web Server port must be reachable through your firewall. |
| Field | Description |
|---|---|
| Lookup hostnames | Option to perform DNS lookup to resolve IPs to hostnames. |
| Use SSL | Option to use SSL. |
| Client inactivity timeout (seconds) | The timeout, in seconds, to close an inactive channel. |
| Sub sample drop ratio | The ratio of logs to drop. The default value is -1: no logs are dropped. For example: If you want one out of every five logs to be dropped, change the value to 5. |
| Max length in bytes | The maximum length of log messages, in bytes. |
| Character encoding | The character encoding for this integration: UTF-8. This field is read-only. |
| Worker thread count | The number of threads that handle incoming data. |
| Sub sample receive ratio | The ratio of logs to receive. The default value is -1: no logs are received. For example: If you want one out of every five logs to be received, change the value to 5. |
| Default timezone | The default time zone of events. The system uses this default when the log does not specify a time zone. |
| Drop if queue is full | Option to discard logs if many processes are waiting in the queue to access the MID Server. |