Troubleshoot sending data from Amazon Data Firehose to HLARecommended troubleshooting workflow There are many components involved in MID-less ingest for HLA. It's best to try and narrow down where the issue is as early as possible, which could include: Your corporate and/or cloud network is preventing data egress to the ServiceNow data center.There is a misconfiguration of CloudWatch and logs are not being forwarded to a Data Firehose.There is a misconfiguration of Firehose and data is not being forwarded correctly to ServiceNow.There is a misconfiguration of your ServiceNow instance and/or the HLA backend and data is not able to be received correctly. HLA-specific and instance-specific troubleshooting suggestions Review the requirements and ensure HLA is property deployed to your instance and app versions are up-to-date in KB2117152. Amazon Data Firehose-specific troubleshooting suggestions Additional links to AWS tutorials and product documentation are available in KB2117152. As of the May 2025 release, only Amazon CloudWatch logs are supported as an input to HLA via Amazon Data Firehose. Troubleshooting recommendation DetailsCheck Firehose ConfigurationEnsure the Firehose delivery stream is active and not in a failed state. Verify if the stream type is CloudWatch Logs.Buffering ConfigurationIf logs are sent in batches, check buffer size (MB) and buffer interval (seconds) settings. Try reducing the buffer interval to test if data gets sent faster.Validate IAM PermissionsEnsure it has permissions for firehose:PutRecord, firehose:PutRecordBatch, and firehose:DescribeDeliveryStream.IAM Role for CloudWatch LogsIf logs are coming from CloudWatch, ensure firehose:PutRecordBatch permission is granted. IAM PassRoleEnsure the execution role has iam:PassRole for Firehose to assume the necessary IAM roles.Verify CloudWatch Input into FirehoseIf Firehose isn't receiving data, confirm if the data source CloudWatch is properly pushing data. Use aws firehose describe-delivery-stream to check IncomingBytes and IncomingRecords.Inspect Firehose Logs and Metrics DeliveryToS3.Bytes → If data is going to S3 as a backup, the remote endpoint may be failing. DeliveryToHttpEndpoint.Success → Indicates successful delivery to the remote HTTP endpoint. DeliveryToHttpEndpoint.Failure → Indicates failed requests to the endpoint. Check HTTP Endpoint URLMake sure the endpoint URL matches the value and path provided in Integration Launchpad. Also verify the header values are correct.Check HTTP Response CodesA high number of 4xx (client errors) → Issue with request format, missing headers, or authentication.A high number of 5xx (server errors) → Issue with the remote service, check API availability.Enable Firehose Retry MechanismCheck RetryOptions.DurationInSeconds. If retries are exhausted, data may be lost or stored in S3 backup.