How to Fetch Logs in Your ServiceNow App

ServiceNow offers a robust logging system of the events that take place within your system. You can retrieve your logs as well as your log archives using the app. We’ve detailed the main steps you’ll need below.

How to retrieve logs with the browser?

To browse your system log entries and download the log files, you can retrieve them in your ServiceNow Log File Browser.

To access this, follow the path: System Logs > Utilities > Node Log File Browser.

Types of System Logs

ServiceNow maintains a number of logs that detail different types of events.

Log Description
Transactions These logs detail all application activity in an instance.
Email and Push These logs show all email notifications and Push messages sent from all instances within the system.
Events These logs show all events that occur within the system.
Import These logs detail data import activity within the platform.
Table Changes These logs detail changes made to all tables in the system.
Outbound HTTP Requests These logs detail all outbound web services requests, such as REST and SOAP requests.
Signature Images These logs show the electronic signatures from the HR signature pad.
System These logs list warnings and errors for instance processes, records, and non-critical events.

Filtering Your Searches

Inside the Log File Browser, you can filter your searches for more specificity using these fields:

Field Description
Start time This field adjusts the start date of the time range you wish to search.
Session ID This string helps identify the sessions that generated each log entry.
End time This field adjusts the end date of the time range you wish to search.
Message This field focuses on the system-generated descriptions of each occurrence.
Level This field refers to the level of the message displayed, such as Debug, Error or Warning.
Thread name This field focuses on the system-generated identifier of the thread that created the log file.
Max rows This field allows you to set the maximum number of records you wish to retrieve.

Archived Logs and Log History

There are various tables that store logs and the system uses a specific schedule depending on the table. Below are the log archiving schedules:

Logs Archived Daily

  • Event [ecc_event]
  • Queue [ecc_queue]

Logs Archived Weekly

  • Event [sysevent]
  • Log [syslog]
  • Transaction Log [syslog_transaction]

Logs Archived Monthly (Every 30 Days)

  • Email [sys_email]

Archived logs can be retrieved from your log history by following the path System Logs > Utilities > Node Log File Download. Once there, select an archive from the list and hit Download.

Note that to retrieve logs for a different node, you will need to navigate there under System Diagnostics > Stats.

Metron has experience integrating Cybereason with multiple security platforms. If you are considering any custom solution, please send a note to connect@metronlabs.com.