Troubleshoot sending data from Amazon Data Firehose to HLA - Support and Troubleshooting

Troubleshoot sending data from Amazon Data Firehose to HLA Recommended troubleshooting workflow There are many components involved in MID-less ingest for HLA. It's best to try and narrow down where the issue is as early as possible, which could include:

Your corporate and/or cloud network is preventing data egress to the ServiceNow data center. Your data input is marked as inactive or has not been activated yet. There is a misconfiguration of CloudWatch and logs are not being forwarded to a Data Firehose. There is a misconfiguration of Firehose and data is not being forwarded correctly to ServiceNow. There is a misconfiguration of your ServiceNow instance and/or the HLA backend and data is not able to be received correctly. HLA-specific and instance-specific troubleshooting suggestions Review the requirements and ensure HLA is property deployed to your instance and app versions are up-to-date in KB2117152 .

Network troubleshooting suggestions # see if you can reach a ServiceNow data center and receive a 400 (use the appropriate regional endpoint for your instance) curl -v -X GET https://itomgw-prod-gateway-ausord.sncapps.service-now.com:443/ingest/awsfirehose/cloudwatch/logs # Response from command Amazon Data Firehose-specific troubleshooting suggestions Additional links to AWS tutorials and product documentation are available in KB2117152 .

Troubleshooting recommendation Details Check Firehose Configuration Ensure the Firehose delivery stream is active and not in a failed state.Verify if the stream type is CloudWatch Logs. Buffering Configuration If logs are sent in batches, check buffer size (MB) and buffer interval (seconds) settings.

Try reducing the buffer interval to test if data gets sent faster.

Validate IAM Permissions Ensure it has permissions for firehose:PutRecord, firehose:PutRecordBatch, and firehose:DescribeDeliveryStream. IAM Role for CloudWatch Logs If logs are coming from CloudWatch, ensure firehose:PutRecordBatch permission is granted. Verify CloudWatch Input into Firehose If Firehose isn't receiving data, confirm if the data source CloudWatch is properly pushing data. Use aws firehose describe-delivery-stream to check IncomingBytes and IncomingRecords. Inspect Firehose Logs and Metrics in AWS CloudWatch

DeliveryToHttpEndpoint.Success (see above) → Indicates successful delivery to the remote HTTP endpoint.

DeliveryToS3.Bytes → If data is going to S3 as a backup, the remote endpoint may be failing.

DeliveryToHttpEndpoint.Failure → Indicates failed requests to the endpoint.

Check HTTP Endpoint URL Make sure the endpoint URL matches the value and path provided in Integration Launchpad. Also verify the header values are correct. Check HTTP Response Codes A high number of 4xx (client errors) → Issue with request format, missing headers, or authentication. A high number of 5xx (server errors) → Issue with the remote service, check API availability. Enable Firehose Retry Mechanism Check RetryOptions.DurationInSeconds. If retries are exhausted, data may be lost or stored in S3 backup.