Set up integrations for Health Log Analytics from the Integrations Launchpad

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Set up integrations for Health Log Analytics from the Integrations Launchpad

    The Integrations Launchpad in Service Operations Workspace for ITOM offers a centralized interface to set up and manage integrations that bring raw log data from external sources into ServiceNow for Health Log Analytics. This enables efficient processing and analysis of log messages to improve IT operations monitoring.

    Show full answer Show less

    Pull Integrations

    Pull integrations retrieve log data from various external sources and stream it into your ServiceNow instance, often via a MID Server. Key pull integrations include:

    • Elasticsearch: Streams logs from Elasticsearch indices.
    • ServiceNow System Logs Retriever: Sends log data from the internal System Log table; requires admin role and only one instance allowed.
    • Apache Kafka: Streams logs from Kafka topics.
    • Splunk Poller: Periodically pulls logs from Splunk via queries.
    • Amazon CloudWatch and S3: Streams logs from AWS CloudWatch and S3 buckets.
    • Microsoft Azure Log Analytics and Event Hubs: Streams logs and events from Azure services, with options to operate with or without a MID Server.
    • MID Server: Collects and streams log messages to your instance.

    Push Integrations

    Push integrations allow external systems to send log data directly to your ServiceNow instance, typically over network protocols or APIs, often using a MID Server. Notable push integrations include:

    • ACC Log Analytics: Uses an agent on monitored hosts to send logs via MID Server.
    • UDP and TCP: Receive raw log messages over network sockets.
    • REST API: Streams log data in JSON format.
    • GCP PubSub: Receives logs published to Google Cloud Pub/Sub topics.
    • Splunk UDP and TCP: Uses Splunk heavy forwarders to stream logs.
    • Amazon Data Firehose: Streams logs directly to ITOM Gateway without MID Server.
    • Cribl, Edge Delta (REST/TCP), and Vector Agent: Integrations for processing logs streaming into ServiceNow in specific formats or via particular agents.

    Practical Benefits for ServiceNow Customers

    By leveraging the Integrations Launchpad, ServiceNow customers can quickly configure and maintain a broad set of log data sources, improving visibility and analysis for IT Health Log Analytics. This unified approach simplifies integration management, supports diverse log ingestion methods, and enhances operational insights without manual data handling.

    Set up integrations from the Event Management Integrations Launchpad in Service Operations Workspace for ITOM.

    Integrations Launchpad

    The Integrations Launchpad tool provides a unified interface for convenient integration with connectors that feed raw log messages from external sources into your ServiceNow instance for processing and analysis. For more information, see Integrations Launchpad in Service Operations Workspace for ITOM.

    Integrations for Health Log Analytics

    The Integrations Launchpad enables the following integrations for Health Log Analytics:

    Pull integrations
    These integrations pull log data from external data sources and stream the data to your instance, typically via a MID Server. Select an integration in the table to open a page with the setup procedure.
    Table 1. Pull integrations
    Integration Description
    Elasticsearch Streams log data from Elasticsearch indices to your instance.
    ServiceNow System Logs Retriever Sends log data from the ServiceNow System Log table to the Health Log Analytics AI engine.

    This integration doesn't run on a MID Server.

    Note:
    Only a single ServiceNow System Logs Retriever data input can exist in the system, and only users with the admin role can create and configure it.
    Apache Kafka Streams log data from Apache Kafka to your instance.
    Splunk Poller Pulls log data from Splunk to your ServiceNow instance periodically by query.
    Amazon CloudWatch Streams log data from Amazon CloudWatch to your instance.
    Amazon S3 Streams log data from Amazon S3 (Simple Storage Service) buckets to your instance.
    Microsoft Azure Log Analytics Streams log data from Microsoft Azure Log Analytics to your instance. The connector points the Health Log Analytics AI engine to a data source in your Microsoft Azure Log Analytics account.
    Microsoft Azure Event Hubs Streams events from Microsoft Azure Event Hubs to your instance.
    Microsoft Azure Event Hubs (MID-less) Streams events from Microsoft Azure Event Hubs to your instance without a MID Server.
    MID Server Collects log messages from the MID Server and streams them to your instance.
    Push integrations
    These integrations connect to external data sources that push log data to your instance, typically via a MID Server. Select an integration in the table to open a page with the setup procedure.
    Table 2. Push integrations
    Integration Description
    UDP Sends raw log messages to your instance directly over a UDP socket.
    TCP Sends raw log messages to your instance directly over a TCP/SSL socket.
    REST API Streams log data to your instance in JSON format.
    GCP PubSub Receives log messages that were published to a Google Cloud Pub/Sub topic and streams them to your instance.
    Splunk UDP Streams log messages to your ServiceNow instance over the UDP transport protocol using a Splunk heavy forwarder.
    Splunk TCP Streams log messages to your ServiceNow instance over the TCP transport protocol using a Splunk heavy forwarder.
    Amazon Data Firehose Streams log messages from Amazon Data Firehose directly to the collector service in ITOM Gateway, where it’s queued for Health Log Analytics processing.

    This integration doesn't run on a MID Server.
    Cribl Enables Health Log Analytics to process Cribl log messages streaming into the ServiceNow instance.
    Edge Delta REST Enables Health Log Analytics to process logs it receives from Edge Delta in a distinct format. These logs stream into the ServiceNow instance via REST.
    Edge Delta TCP Enables Health Log Analytics to process logs it receives from Edge Delta in a distinct format. These logs stream into the ServiceNow instance over the TCP transport protocol.
    Vector Agent Enables Health Log Analytics to process log messages that are streaming into the ServiceNow instance via a Vector Agent.