Apache Kafka data input configuration fields

  • Release version: Zurich
  • Updated July 31, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Apache Kafka data input configuration fields

    This configuration guide explains the fields required to set up Apache Kafka data inputs for streaming log data into ServiceNow using MID Servers. It covers basic, query, transport, and advanced configuration settings, focusing on how to bind Kafka log streams to ServiceNow instances efficiently and securely.

    Show full answer Show less

    Basic Configuration

    • Name and Description: Required fields to identify and describe the data input.
    • Execute on: Choose whether the data input runs on a specific MID Server or a failover MID Server cluster. Only MID Servers supporting basic authentication are selectable; mTLS is not supported.
    • MID Server / Cluster Selection: When selecting a specific MID Server or cluster, log ingestion must be enabled; if not, Health Log Analytics enables it automatically. Each MID Server can stream up to 10 data inputs by default, configurable through MID Server properties.
    • Failover Clusters: The data input runs on one MID Server and switches to another if a failure occurs. Clusters must consist of MID Servers supporting basic authentication and have log ingestion enabled on each server.
    • Service Instance Binding: Bind the data input to a ServiceNow service instance set to Operational status. If none exists, create one and associate Configuration Items (CIs).
    • Read-only Fields: Status, transport protocol (Kafka), number of log sources created, last log time, disabled timestamp, and automatic error messages provide operational visibility.

    Query Settings

    • From: Set the start date/time for reading Kafka log data. This is required and helps avoid congestion by limiting the data volume read initially (e.g., "Now -1 week").

    Transport Settings

    • Kafka Node Names: Specify Kafka brokers as a comma-separated list of HOST:PORT entries. Not all cluster servers need to be listed.
    • Topics: Required list of Kafka topics to subscribe to for log data.
    • Kafka Credentials: Reference credentials for authenticating to Kafka with options for SSL, SASLSSL, or SASLPLAINTEXT protocols. Credentials are managed via the Kafka SSL credentials form.
    • Group Id: Defines the Kafka consumer group name for managing consumption.

    Advanced Configuration

    • Timeouts: Poll timeout (default 500 ms) and node discovery timeout (default 30 ms) control Kafka communication responsiveness.
    • Timezone: Default timezone (GMT) applied if logs lack timezone info.
    • Sub-sample Ratios: Parameters to reduce the volume of fetched or received events by selectively dropping events, helping control load.
    • Max Length: Maximum event size in bytes (default 32766).
    • Character Encoding: Set to UTF-8 by default for consistent log interpretation.
    • Drop if Queue Full: Option to discard logs if MID Server load is high, preventing overload (default false).

    Kafka SSL Credentials Form

    This form manages authentication details for Kafka connections, allowing selection of security protocols and configuring SSL credentials to secure data ingestion.

    Description of the fields on the Apache Kafka data input configuration form.

    Basic configuration

    Field Description
    Name Name of the new data input. This field is required.
    Description Description of the data input.
    Execute on Option to select whether to use a specific MID Server or a MID Server cluster. This field is required.
    MID

    (Only when the Execute on field is set to Specific MID Server)

    MID Server to which log data from Apache Kafka is pulled.
    Note:
    • You can select only MID Servers that support basic authentication. MID Servers that support mTLS are not listed.
    • The default maximum number of data inputs streaming logs to a single MID Server is 10. You can modify this number in the MID Server properties.
    • If log ingestion is not enabled for the selected MID Server, Health Log Analytics enables it automatically.
    This field is required.
    MID Server Cluster

    (Only when Execute on is set to Specific MID Server cluster.)

    The MID Server cluster to which the log data is pulled. This field is required.

    The data input runs on a single MID Server in the cluster until that MID Server fails. The system then moves all the data input tasks to the next available MID Server in the cluster according to the configured order.

    Note:
    • Health Log Analytics supports only failover MID Server clusters. In these clusters, multiple MID Servers are grouped together for failover protection. When selecting a cluster from the data input or integration form, the MID Server clusters list displays only failover clusters.
    • The MID Server cluster must include only MID Servers that support basic authentication. mTLS is not supported for log ingestion.
    • Log ingestion must be enabled for each MID Server in the cluster. If log ingestion is not enabled for the active MID Server, Health Log Analytics enables it automatically.
    • The default maximum number of data inputs or integrations streaming logs to a single MID Server is 10. A cluster passes capacity validation if it contains at least one MID Server with fewer than 10 data inputs or integrations running on it, even when that MID Server is down.
    For more information about MID Server clusters, see Configure a MID Server cluster.
    Service instance The service instance to which to bind the log data.
    Note:
    If no relevant service instance exists, Create an service instance and add CIs to it. Set the status of the new service instance to Operational.
    This field is required.
    The following fields show read-only information:
    Field Description
    Status Status of the data input.
    Transport Protocol used to stream the log data.

    This data input uses Apache Kafka to stream log data to your instance.
    Sources count The number of log sources this data input has created.
    Disabled since The time when the data input stopped or failed.
    Last log time The time when the last log streamed in the data input.
    Error message The streaming error.

    This field is populated automatically. It displays only when a streaming error has occurred.
    Table 1. Query Settings tab
    Field Description Example
    From Starting date and time for reading the data. Data older than this date and time is not read.
    Note:
    Setting this value to a past date might require the system to read large amounts of data, causing congestion.

    This field is required.

    		 Now -1 week
    Table 2. Transport tab
    Field Description Example
    Kafka node names A comma-separated list in the format HOST:PORT,HOST:PORT. The list does not have to include all the Apache Kafka Cluster servers. 123.4.5.6:9092,123.3.4.5:9093
    Topics A comma-separated list of topics to which the data input must subscribe.

    This field is required.

    		 FirstTopic,SecondTopic,ThirdTopic
    Kafka credentials Reference to the Apache Kafka credentials.
    You can display the Kafka SSL credentials form by selecting the Search icon () and opening a record. The form enables you to choose the security protocol used for authenticating with Apache Kafka from the following options:
    • SSL - SSL channel.
    • SASL_SSL - SASL authenticated, SSL channel.
    • SASL_PLAINTEXT - SASL authenticated, non-encrypted channel.
    For a description of the fields on the Kafka SSL credentials form, see Kafka SSL credentials fields.
    		 None
    Group Id The name of the Apache Kafka Consumer Group. logs

    Advanced configuration

    Table 3. Advanced configuration form
    Field Description Default value
    Timeout The time, in milliseconds, spent waiting in the poll if data is not available in the topics. 500
    Node discovery timeout The time, in milliseconds, before node discovery times out. 30
    Default timezone The default timezone if the log doesn't include timezone information. GMT
    Sub sample drop ratio The number of events to batch together, out of which one will be discarded. This setting is used to reduce the number of fetched events. -1
    Sub sample receive ratio The number of events to batch together, out of which all but one will be discarded. This setting is used to decrease the number of received events. -1
    Max length in bytes The maximum length, in bytes, of events. 32766
    Character encoding The character encoding for this data input. UTF-8
    Drop if queue is full Option for selecting to discard logs if there is a load on the MID Server. False