Cribl integration configuration fields

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Cribl Integration Configuration Fields

    This document outlines the configuration fields necessary for setting up the Cribl integration for Health Log Analytics in ServiceNow. Proper configuration allows for effective streaming of log data to ServiceNow, enhancing log analysis capabilities.

    Show full answer Show less

    Key Features

    • Integration Name: A unique identifier for the integration, required for proper setup.
    • Service Instance: Specifies the ServiceNow instance for binding log data, also required.
    • MID Server Name: Required field indicating the MID Server where Cribl logs will be streamed.
    • Port: Required port selection (6000-6200) for the MID Server, ensuring no conflicts with other processes.
    • Cribl URL: The URL for the Cribl instance, required for establishing a connection and making API calls.
    • Authentication Method: Indicates the method of authentication used, with options for token-based or basic authentication.
    • Worker Group: Required selection of the Cribl Worker Group for log data streaming, with a drop-down menu for available groups.
    • Cribl Route: Auto-populated selection directing log data to a specific destination, required for configuration.
    • Cribl Destination: Read-only field indicating where log data is directed, populated by Health Log Analytics.

    Key Outcomes

    By correctly configuring these fields, ServiceNow customers can ensure seamless integration with Cribl, allowing for efficient log data management and improved analytics capabilities within the Health Log Analytics environment.

    Description of the fields on the Cribl integration configuration forms for Health Log Analytics.

    For the Cribl integration setup procedure, see Set up a Cribl integration for Health Log Analytics.

    Table 1. Provide details
    Field Description
    Integration Name Unique name of this integration. For example: My Cribl integration. This field is required.
    Note:
    When you fill in this field, the generic name displayed on the form adjusts automatically to match the name you entered.
    Service Instance The service instance (formerly the application service) to which to bind the log data. This field is required.
    MID Server name The MID Server to which the Cribl logs are streamed. This field is required.
    Port The port on the MID Server. This field is required.

    Choose a port within the range 6000-6200 from the array. The port must not be occupied by another process. Make sure that your organization’s security team opens the selected port on the MID Server.
    Description Option to add a brief description of the integration to help identify it.
    Transport (for push integrations) The protocol used for streaming log messages to your ServiceNow instance: TCP. This field is read-only.
    Source (for pull integrations) The source of the log data that the integration pulls to your ServiceNow instance: Cribl. This field is read-only.
    Table 2. Set up connection
    Field Description
    Cribl URL The URL of the Cribl instance. This field is required.

    HLA uses this URL to establish the connection with the Cribl instance and make the necessary API calls.

    For example:
    • On-Prem: https://my-cribl.company.com:9000
    • Cloud: https://myorg-12345abcde.cribl.cloud
    • Sandbox: https://sandbox-xyz789.sandbox.cribl.io
    Authentication method The authentication method used by the Cribl integration. This field is required.
    The Cribl integration supports:
    • Token-based authentication: Required for Cribl Cloud and also supported for self-hosted (On-Prem) Cribl instances.
    • Basic authentication: Preferred for self-hosted (On-Prem) Cribl instances.
    Both of these authentication methods use the default credential alias: Cribl_Credential_Alias.
    For information about setting up credentials for the authentication method used by the Cribl integration, see Set up authentication credentials for the Cribl integration in Health Log Analytics.
    Important:
    Verify that only one active credential record of each credentials type exists under the credential alias.
    Worker Group The Cribl Worker Group from which to stream log data to the instance. This field is required.

    The drop-down list displays Worker Groups based on the provided Cribl cloud instance URL and authentication method.

    For example:
    • default
    • dev-workers
    • prod-workers
    • staging-workers
    Cribl route The Cribl route that directs log data to a specific destination.

    This field is auto-populated with a drop-down list of all available routes, each configured with a default destination. Select the desired route from the list. This field is required.

    For example:
    • default
    • demo-route
    Cribl destination The Cribl destination to which the log data is directed. This field is auto-populated and read-only.

    When HLA populates this field, it provides a link to the destination on the Cribl server.

    For example: sn_hla_cribl_tcp_json_abcdef