ACC data input configuration fields
Summarize
Summary of ACC data input configuration fields
The ACC (Agent Client Collector) data input configuration form enables ServiceNow customers to set up and manage log streaming from MID Servers to the platform. This configuration is essential for capturing and analyzing log data efficiently through the Agent Log Analytics process.
Show less
Basic Configuration
- MID Server: Selects the MID Server that streams logs. Only one ACC data input is allowed per MID Server, which must have AgentClientCollector capability and support basic authentication. MID Servers using mTLS are excluded. By default, up to 10 data inputs (plus one ACC data input, totaling 11) can stream to a single MID Server. After form submission, this field becomes read-only and is mandatory.
- Port: Specifies the active and unoccupied port on the MID Server used for streaming. The port must be opened by the organization’s security team. Changing the port updates the Agent Client Collector configuration seamlessly within 1-3 minutes, preventing log loss. This field is required.
- Description: Optional field to provide details about the data input.
Read-only Information Fields
- Name: Always "Agent Log Analytics" for ACC data inputs. Identification is primarily by the associated MID Server name.
- Status: Indicates current data input status.
- Transport: Protocol used to send logs, which is the ServiceNow Agent.
- Sources count: Total log sources from all ACC inputs combined, supported in Health Log Analytics app version 22.0.12 and later.
- Disabled since: Timestamp when data input stopped or failed.
- Last log time: Timestamp of the most recent log streamed.
- Error message: Shows streaming errors automatically when they occur.
Advanced Configuration
These optional settings allow customization of log streaming behavior:
- Look up hostnames: Enables DNS lookup to resolve IPs to hostnames (default: false).
- Use SSL: Enables SSL encryption for data transmission (default: true).
- Client inactivity timeout: Time in seconds before closing inactive channels (default: 15 seconds).
- Worker thread count: Number of threads handling incoming data (default: 4).
- Default time zone: Applied when log events lack time zone info (default: GMT).
- Sub sample drop ratio and receive ratio: Controls the proportion of events dropped or received (default: -1, meaning no subsampling).
- Max length in bytes: Maximum size for log messages (default: 32,766 bytes).
- Character encoding: Encoding used for log data (default: UTF-8).
- Drop if queue is full: Option to discard logs if MID Server queue is congested (default: false).
Practical Implications for ServiceNow Customers
This configuration ensures reliable, secure, and efficient log streaming from MID Servers into ServiceNow’s analytics tools. Customers should carefully select the MID Server and port, configure advanced options based on their environment, and monitor status and error fields to maintain uninterrupted log collection and processing. Understanding these fields helps optimize log analytics and troubleshoot streaming issues effectively.
Description of the fields on the ACC data input configuration form.
| Field | Description |
|---|---|
| MID | The MID Server to which the logs stream. Note: This field is required.
|
| Port | The port on the MID Server. The port must be configured and active. It must not be occupied by another process. Make sure that your organization’s security team opens the port before you assign it. Note: When you update the port, the system updates the Agent Client Collector with the new port configuration. Log
streaming continues seamlessly without log loss after 1-3 minutes. |
| Description | Description of the data input. |
The fields in the following table show read-only information.
| Field | Description |
|---|---|
| Name | The name of the data input: Agent Log Analytics. Note: All ACC data inputs
have the same name. You can identify an ACC data input by the name of the MID Server that is defined for it. |
| Status | The status of the data input. |
| Transport | The protocol used to send the log data. The ACC data input sends data using a ServiceNow Agent. |
| Sources count |
The total number of log sources originating from all ACC data inputs together. This feature is supported in the Health Log Analytics application, Version 22.0.12 - December 2021 and later, available from the ServiceNow Store. |
| Disabled since | The time when the data input stopped or failed. |
| Last log time | The time when the last log streamed in the data input. |
| Error message | The streaming error. This field is populated automatically. It displays only when a streaming error has occurred. |
| Field | Description | Default value |
|---|---|---|
| Look up hostnames | Option for selecting to perform DNS lookup to resolve IPs to hostnames. | false |
| Use SSL | Option for selecting to use SSL. | true |
| Client inactivity timeout (sec) | The timeout, in seconds, to close an inactive channel. | 15 |
| Worker thread count | The number of threads that handle incoming data. | 4 |
| Default time zone | The default time zone of events. The system uses this default when the log does not specify a time zone. | GMT |
| Sub sample drop ratio | The ratio of events to drop. | -1 |
| Sub sample receive ratio | The ratio of events to receive. | -1 |
| Max length in bytes | The maximum length of log messages, in bytes. | 32,766 |
| Character encoding | The character encoding for this data input. | UTF-8 |
| Drop if queue is full | Option for selecting to discard logs if many processes are waiting in the queue to access the MID Server. | false |