Splunk UDP integration configuration fields
Description of the fields on the Splunk UDP integration configuration forms for Health Log Analytics.
For the Splunk UDP integration setup procedure, see Set up a Splunk UDP integration for Health Log Analytics.
| Field | Description |
|---|---|
| Integration Name | Unique name of this integration. For example: My Splunk UDP integration. This field is required. 注: When you fill in this field, the generic name displayed on the form adjusts automatically to match the name you entered. |
| MID server name | MID Server to which log data from Splunk is pulled. This field is required. 注:
|
| Port | The port for the MID Server. This field is required. 注: Make sure that your organization’s security team opens the selected port on the MID Server. |
| Description | Option to add a brief description of the integration to help identify it. |
| Transport | The protocol used for streaming log messages to your ServiceNow instance: UDP. This field is read-only. |
| Field | Description |
|---|---|
| Lookup hostnames | Option to perform DNS lookup to resolve IPs to hostnames. The default value is false. |
| Sub sample receive ratio | The ratio of logs to receive. The default value is -1: no logs are received. For example: If you want one out of every five logs to be received, change the value to 5. |
| Character encoding | The character encoding for this data input. The default value is UTF-8. This field is read-only. |
| Drop if queue is full | Option to discard logs if there is a load on the MID Server. |
| Sub sample drop ratio | The ratio of logs to drop. The default value is -1: no logs are dropped. For example: If you want one out of every five logs to be dropped, change the value to 5. |
| Max length in bytes | The maximum length of log messages in bytes. The default value is 32766. |
| Default timezone | The time zone of events that the system will use if a log does not specify the time zone. By default, the system uses GMT in such cases, but you can specify a different time zone. |