Set up your Health Log Analytics data inputs for Health Log Analytics manually. Data input configuration is an essential step in setting up the Health Log Analytics application.

Before you begin

Note: Consider using the Health Log Analytics data input guided setup, which ensures that you have the minimum required setup for the data input process. For more information, see Set up data inputs using Health Log Analytics guided setup.
  • Ensure that a MID Server is installed and configured with the Log Ingestion capability enabled. For more information, see MID Server system requirements.

    MID Server configuration with Log Ingestion capability enabled.

    Important: Health Log Analytics does not support IPv6. To work with the application, configure the MID Server to IPv4.
  • If the MID Server IP address is exposed by network address translation (NAT), a load balancer, or a similar device, it must have a public IP address. In the MID Server properties, add a property named mid.public_ip with the public IP address as the value. For more information, see Create a MID Server property.
  • For shipping your logs encrypted using SSL TLS, see the Streaming Data With Rsyslog & Filebeat Using SSL [KB0866319] article in the Now Support Knowledge Base.

Role required: evt_mgmt_admin. For the ServiceNow System Logs data input: admin.

Procedure

  1. Configure a data input by performing the relevant procedure described in the product documentation.
    Note: Selecting Test connection at the end of the procedure ensures that your data input is configured correctly. You can only publish a data input configuration when the connection between the MID Server and the data repository has been established.
  2. Identify and address streaming issues to ensure that the data input is streaming log data to the MID Server from all sources.
    For more information, see Identify and resolve log streaming issues.
  3. (Optional) Edit raw log data before Health Log Analytics maps and structures it.
    For more information, see Edit your raw log data before processing.
  4. Determine how Health Log Analytics handles raw log data that is streaming into your instance.
    By default, every incoming log line is auto-mapped to the correct tag. If properties aren't discovered automatically, map the data input sources manually by defining a JavaScript function. For more information, see Map the raw data.
  5. (Optional) Tweak the source type structure to make sure that Health Log Analytics extracts and classifies all properties correctly.
    For more information, see Refine the source type structure.
  6. (Optional) Perform additional data input setup tasks.
    For more information, see Additional data input setup tasks.