Exploring Log Export Service (LES)

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Log Export Service (LES)

    The Log Export Service (LES) provides a scalable, near real-time integration with analytic tools to enhance your ServiceNow experience. It enables you to detect security threats, troubleshoot application performance, and monitor user experience. Access to LES can be confirmed through your entitlements.

    Show full answer Show less

    Key Features

    • Integration with Hermes Messaging Service: LES utilizes this multi-tenant, data transport service based on Apache Kafka to facilitate the production and consumption of large volumes of log events.
    • Three Connectivity Options:
      • Dedicated MID Server: Automatically connects to Hermes and pushes log events to analytic tools via REST.
      • Kafka Connector: Connects your log analytics solution directly to Hermes to pull log events.
      • Direct Kafka System Connection: Allows your Kafka system to use native commands to pull log events from Hermes.
    • Guided Setups: The LES application provides guided setups for installing and configuring the service, including log sources, consumers, and destinations.

    Key Outcomes

    • Log Source Configuration: Users can create configurations to filter logs.
    • Dashboard Analytics: Admins can examine log reports to analyze data log sizes effectively.
    • User Roles: Application admins can use the LES application with specific capabilities, while system administrators manage the setup.

    Next Steps

    For further details on utilizing LES, you can explore resources on administering, configuring, and using the Log Export Service.

    The LES service provides a highly scalable and near real-time integration with your analytic tools that is easy to set up and maintain. If you're new to LES, read this overview section to learn what the tool can do.

    Check your entitlements to determine whether you have access to Log Export Service.

    Log Export Service overview

    The integration tool allows you to leverage your analytic solutions to perform the following:
    • Detect ServiceNow security threats and analyze security incidents
    • Troubleshoot and optimize ServiceNow app performance
    • Monitor and optimize ServiceNow user experience

    LES leverages a ServiceNow AI Platform capability called the Hermes Messaging Service, which is a multi-tenant, multi-cluster, data transport, and queuing service built on Apache Kafka that enables your instance to produce and consume large volumes of Kafka events. Apache Kafka is an open-source data streaming platform that provides a single integration point for exchanging data across business systems in your organization.

    Log Export Service

    LES forwards a copy of the log events as they're generated to the Hermes Messaging Service.

    The Hermes Messaging Service is a multi-tenant, multi-cluster, data transport, and queuing service built on Apache Kafka that enables your instance to produce and consume large volumes of Kafka events. The Hermes Messaging Service is a ServiceNow AI Platform capability that is available as part of Stream Connect, Log Export Service (LES), and Instance Data Replication (IDR).

    The external log analytic systems, either in the cloud or on-prem, can use and consume the log events from the Hermes Messaging Service. LES provides three connectivity options to consume the logs:
    • Dedicated MID Server: A dedicated MID Server is installed on-prem or in the cloud that automatically connects to Hermes Messaging Service, pulls log events from it continuously and then pushes them to log analytic tools via a REST connection.
    • Leverage Kafka connector from your log analytic solution (for example, Splunk): A Kafka connector from your log analytics product of choice is installed on-prem or in the cloud that automatically connects to Hermes Messaging Service, pulls log events from it continuously and then pushes them to log analytics tools.
    • Directly from your Kafka system: Your Kafka system connect directly with the Hermes Messaging Service and use its native Kafka protocol commands and connectivity to pull logs events from it.
    Note:
    If your Kafka message exceeds the configured memory buffer, Hermes may return an error indicating that it's larger than the total memory buffer you've configured.

    To configure and manage LES you need to install it from ServiceNow Store. The LES application provides Guided Setups to help you install the service, pages to configure the service (log sources, consumers and destinations) and reports to understand log creation and consumption.

    Navigation filter

    Note:
    You can also create a new source configuration. See Create a log source configuration for more information.

    Log Export Service users

    Log Export Service has the following users.
    Users Description
    Application admin [sn_logstoanalytics.admin] This role is installed along with the LES application and allows a non-admin to use the application.
    System administrator [admin] Admin role is required for the setup of the LES store application.

    Log Export Service benefits

    Benefit Feature Users
    Create log source configuration to set filters on the logs Create a log source configuration Application admin
    Experience guided setup for Kafka consumers Guided setup for Kafka consumers System administrator
    Experience guided setup for MID server consumers Guided setup for MID Server consumers System administrator
    Examine the log report dashboard to analyze the size of each data log Review log report System administrator or Application admin

    What to explore next

    To learn more about using Log Export Service, see: