Exploring Log Export Service (LES)
Summarize
Summary of Exploring Log Export Service (LES)
The Log Export Service (LES) in ServiceNow provides a highly scalable, near real-time integration with external analytic tools, enabling advanced monitoring and analysis of your ServiceNow environment. LES helps detect security threats, analyze incidents, troubleshoot application performance, and monitor user experience by exporting log events efficiently. It leverages the Hermes Messaging Service, a multi-tenant, multi-cluster data transport and queuing service built on Apache Kafka, to stream large volumes of log events from your instance to analytic solutions.
Show less
Key Features
- Integration with Analytic Tools: LES supports three connectivity options for consuming logs:
- Dedicated MID Server that pulls logs continuously and pushes them via REST.
- Kafka connector from your log analytic tool (e.g., Splunk) to pull logs continuously.
- Direct Kafka system connection using native Kafka protocols.
- Hermes Messaging Service: Acts as the central data streaming layer built on Apache Kafka, enabling seamless log event export and consumption.
- Guided Setup and Configuration: LES application, installed from the ServiceNow Store, provides guided setups for configuring log sources, Kafka consumers, and MID Server consumers, along with dashboards for log analysis.
- Log Source Options: Supports exporting logs from System Log Tables, Audit Tables, and Application Node Log Files.
Key Outcomes
- Improved Security and Incident Management: Quickly detect and analyze security threats within your ServiceNow environment.
- Enhanced Performance Monitoring: Troubleshoot and optimize application and user experience performance using your preferred analytic tools.
- Operational Efficiency: Simplified setup and maintenance through guided workflows reduce administrative overhead.
- Flexible Integration: Multiple connectivity options allow you to integrate LES with both cloud and on-premises analytic solutions according to your infrastructure needs.
Roles and Responsibilities
- Application Admin: Manages log source configurations and can use the LES application without full admin rights.
- System Administrator: Responsible for installing the LES application, setting up Kafka and MID Server consumers, and overall system administration tasks.
Next Steps
To fully leverage LES, explore detailed guides on administering, configuring, and using Log Export Service. Begin by installing the application from the ServiceNow Store and follow the guided setup to configure your log sources and consumers.
The LES service provides a highly scalable and near real-time integration with your analytic tools that is easy to set up and maintain. If you're new to LES, read this overview section to learn what the tool can do.
Check your entitlements to determine whether you have access to Log Export Service.
Log Export Service overview
- Detect ServiceNow security threats and analyze security incidents
- Troubleshoot and optimize ServiceNow app performance
- Monitor and optimize ServiceNow user experience
LES leverages a ServiceNow AI Platform capability called the Hermes Messaging Service, which is a multi-tenant, multi-cluster, data transport, and queuing service built on Apache Kafka that enables your instance to produce and consume large volumes of Kafka events. Apache Kafka is an open-source data streaming platform that provides a single integration point for exchanging data across business systems in your organization.
LES forwards a copy of the log events as they're generated to the Hermes Messaging Service.
The Hermes Messaging Service is a multi-tenant, multi-cluster, data transport, and queuing service built on Apache Kafka that enables your instance to produce and consume large volumes of Kafka events. The Hermes Messaging Service is a ServiceNow AI Platform capability that is available as part of Stream Connect, Log Export Service (LES), and Instance Data Replication (IDR).
- Dedicated MID Server: A dedicated MID Server is installed on-prem or in the cloud that automatically connects to Hermes Messaging Service, pulls log events from it continuously and then pushes them to log analytic tools via a REST connection.
- Leverage Kafka connector from your log analytic solution (for example, Splunk): A Kafka connector from your log analytics product of choice is installed on-prem or in the cloud that automatically connects to Hermes Messaging Service, pulls log events from it continuously and then pushes them to log analytics tools.
- Directly from your Kafka system: Your Kafka system connect directly with the Hermes Messaging Service and use its native Kafka protocol commands and connectivity to pull logs events from it.
To configure and manage LES you need to install it from ServiceNow Store. The LES application provides Guided Setups to help you install the service, pages to configure the service (log sources, consumers and destinations) and reports to understand log creation and consumption.
Log Export Service users
| Users | Description |
|---|---|
| Application admin [sn_logstoanalytics.admin] | This role is installed along with the LES application and allows a non-admin to use the application. |
| System administrator [admin] | Admin role is required for the setup of the LES store application. |
Log Export Service benefits
| Benefit | Feature | Users |
|---|---|---|
| Create log source configuration to set filters on the logs | Create a log source configuration | Application admin |
| Experience guided setup for Kafka consumers | Guided setup for Kafka consumers | System administrator |
| Experience guided setup for MID server consumers | Guided setup for MID Server consumers | System administrator |
| Examine the log report dashboard to analyze the size of each data log | Review log report | System administrator or Application admin |