ACC data input configuration fields
Summarize
Summary of ACC data input configuration fields
The ACC data input configuration form in ServiceNow Yokohama release enables you to define and manage data inputs for streaming logs via the Agent Client Collector (ACC). This configuration is essential for integrating log data through a specified MID Server, ensuring secure and efficient log streaming for analytics and monitoring purposes.
Show less
Basic Configuration
- MID Server: Assigns the MID Server for log streaming. Only one ACC data input can be linked per MID Server, which must have the AgentClientCollector capability and support basic authentication. MID Servers with mTLS support are excluded. By default, a MID Server can handle up to 10 data inputs, but one additional ACC data input can be added, totaling 11. This field is mandatory and becomes read-only after submission.
- Port: Specifies the active and unoccupied port on the MID Server for log streaming. Coordination with your security team is required to ensure the port is open. Changing the port updates the Agent Client Collector configuration automatically, enabling seamless log streaming with minimal delay. This field is required.
- Description: Allows for descriptive text about the data input.
Read-only Information Fields
- Name: Always set to "Agent Log Analytics" for ACC data inputs; identification is based on the associated MID Server name.
- Status: Indicates the current operational state of the data input.
- Transport: Shows the protocol used, which is via a ServiceNow Agent.
- Sources count: Displays the total log sources from all ACC data inputs combined; available in Health Log Analytics version 22.0.12 and later.
- Disabled since: Timestamp of when the input stopped or failed.
- Last log time: Timestamp of the most recent streamed log.
- Error message: Automatically populated upon streaming errors.
Advanced Configuration
The form includes several adjustable settings to optimize log data handling:
- Look up hostnames: Enable DNS lookup to resolve IP addresses to hostnames (default: false).
- Use SSL: Enable SSL for secure data transmission (default: true).
- Client inactivity timeout (sec): Time in seconds before closing an inactive channel (default: 15).
- Worker thread count: Number of threads processing incoming data (default: 4).
- Default time zone: Time zone used when logs lack time zone information (default: GMT).
- Sub sample drop ratio and receive ratio: Controls the ratio of events dropped or received, both defaulting to -1 (no subsampling).
- Max length in bytes: Maximum size of log messages allowed, set to 32,766 bytes by default.
- Character encoding: Encoding format for log data, default is UTF-8.
- Drop if queue is full: Option to discard logs when the MID Server queue is overloaded (default: false).
Practical Implications
Understanding and correctly configuring these fields allows ServiceNow customers to ensure reliable, secure, and performant streaming of log data through their MID Servers. Proper port configuration and MID Server selection are critical for seamless operation. Advanced settings provide flexibility to optimize performance based on organizational needs and log volume.
Description of the fields on the ACC data input configuration form.
| Field | Description |
|---|---|
| MID | The MID Server to which the logs stream. Note: This field is required.
|
| Port | The port on the MID Server. The port must be configured and active. It must not be occupied by another process. Make sure that your organization’s security team opens the port before you assign it. Note: When you update the port, the system updates the Agent Client Collector with the new port configuration. Log
streaming continues seamlessly without log loss after 1-3 minutes. |
| Description | Description of the data input. |
The fields in the following table show read-only information.
| Field | Description |
|---|---|
| Name | The name of the data input: Agent Log Analytics. Note: All ACC data inputs
have the same name. You can identify an ACC data input by the name of the MID Server that is defined for it. |
| Status | The status of the data input. |
| Transport | The protocol used to send the log data. The ACC data input sends data using a ServiceNow Agent. |
| Sources count |
The total number of log sources originating from all ACC data inputs together. This feature is supported in the Health Log Analytics application, Version 22.0.12 - December 2021 and later, available from the ServiceNow Store. |
| Disabled since | The time when the data input stopped or failed. |
| Last log time | The time when the last log streamed in the data input. |
| Error message | The streaming error. This field is populated automatically. It displays only when a streaming error has occurred. |
| Field | Description | Default value |
|---|---|---|
| Look up hostnames | Option for selecting to perform DNS lookup to resolve IPs to hostnames. | false |
| Use SSL | Option for selecting to use SSL. | true |
| Client inactivity timeout (sec) | The timeout, in seconds, to close an inactive channel. | 15 |
| Worker thread count | The number of threads that handle incoming data. | 4 |
| Default time zone | The default time zone of events. The system uses this default when the log does not specify a time zone. | GMT |
| Sub sample drop ratio | The ratio of events to drop. | -1 |
| Sub sample receive ratio | The ratio of events to receive. | -1 |
| Max length in bytes | The maximum length of log messages, in bytes. | 32,766 |
| Character encoding | The character encoding for this data input. | UTF-8 |
| Drop if queue is full | Option for selecting to discard logs if many processes are waiting in the queue to access the MID Server. | false |