Automation 360

Configuring the Log to Server action in an API Task

Download as PDF

Configuring the Log to Server action in an API Task

Download as PDF

Updated: 2025/10/29

Configuring the Log to Server action in an API Task

Use the Log to Server action to forward the runtime and custom logs to an external SIEM server for centralized monitoring and compliance. You can add necessary headers, log levels and data source tags to custom log.

In this example, configure a Log to Server action to forward the runtime logs and the variables to a Pipedream HTTP endpoint when you retrieve details of a ServiceNow Incident record.

Prerequisites

Ensure that the following conditions are met:

Permissions to create and run API Tasks.
Permissions to configure the SIEM server.
Active OAuth connections to the ServiceNow instance. For more information about setting up a ServiceNow OAuth connection, see Create OAuth connection.
A Pipedream account with a source named Logging. In the Pipedream portal, go to Sources > HTTP/Webhook > New Requests to create a source. When you create a source, the portal creates a custom HTTP endpoint. Use this endpoint as the SIEM server to collect the logs.

Procedure

Log in to your Control Room.
Perform the following actions to add the Pipedream HTTP endpoint as the SIEM server for logging.
1. Go to Administration > Settings > SIEM Integration Configuration.
2. Select Enabled in the External SIEM Integration Configuration.
3. Enter the Pipedream HTTP endpoint in SIEM server endpoint.
  The Pipedream HTTP endpoint is in the following format https://<unique_source_id>.m.pipedream.net. The Pipedream portal automatically generates the unique_source_id when you create a source.
4. Select POST as the HTTP request method in HTTP Method.
5. Enter message as the event attribute for the JSON file in Event attribute.
6. Click Save changes to save the configuration.
Perform the following steps to create an API Task.
1. Go to Automation > Create > API Task to create an API Task in the Automation page.
2. Enter servicenow-logging in the name field of Create API Task modal, and then click Create & edit.
  The API Task with the name logging appears on the editor page.
Perform the following steps to add and configure ServiceNow Authentication action.
1. Go to ServiceNow > Authentication to add the action.
2. Select Control room OAuth connection in Authentication type.
3. Click Pick to select the configured ServiceNow OAuth connection.
4. Optional: Enter a custom name in Session name.
  By default, Default is set as the session name.
Perform the following steps to add and configure ServiceNow Get Record action.
1. Go to ServiceNow > Get Record to add the action.
2. Enter incident in Table name.
3. Enter the sys_id of the incident record in Record sys_id.
4. Select Multiple variables and add the following variables in Assign output to a dictionary variable.
  - incident_state: String variable with the key state to capture the state of the record.
  - incident_short_description: String variable with the key short_description to capture the short description of the record.
  - incident_sys_id: String variable with the key sys_id to capture the sys_id of the incident.
Perform the following steps to add and configure Log to Server action.
1. Go to Actions > Logging, and add Log to Server action to the automation.
2. Enter servicenow incident logs in Text to log field to set the log content header.
3. Select Custom selection tab in Variables to log (optional) setting.
4. Enable the variables created in the previous step.
  Enabling check boxes forwards the string variables and their values to the endpoint.
5. Enter incident_record in Data source tag (optional) field to set the unique identifier for the log content on the server.
  Tagging allows easy filtering of the logs. You can also use a string variable for tagging the log content.
6. Select Info (6) to set the log level.
Select Save to save the automation.

When you run the automation using Run API Task > Run now option from the vertical ellipsis menu in the Repository page, the automation retrieves the details of the ServiceNow incident record and forwards all the runtime and custom logs to Pipedream HTTP endpoint.

Next steps

Log in to the Pipedream portal and go to Sources > Logging > Events to view the logs. The final log entry contains the custom logs that the Log to Server action generates. The system forwards the custom logs to the HTTP endpoint in the following format:

{
  "method": "POST",
  "path": "/",
  "query": {},
  "client_ip": "35.155.28.36",
  "url": "https://04038b46964107d148cfdd251d89c826.m.pipedream.net/",
  "headers": {
    "host": "04038b46964107d148cfdd251d89c826.m.pipedream.net",
    "content-length": "459",
    "accept-encoding": "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
    "accept": "*/*",
    "user-agent": "Ruby",
    "content-type": "application/x-ndjson"
  },
  "bodyRaw": "{\"logMessage\":{\"logContent\":\"servicenow incident logs\",\"variableValues\":{\"incident_state\":\"1\",\"incident_sys_id\":\"57af7aec73d423002728660c4cf6a71c\",\"incident_short_description\":\"API call issue\"}},\"executionId\":\"b2e45a6d-186b-4b96-a2a2-3509808909f9_88f3a7ff9e646cc7\",\"logLevel\":\"INFO\",\"sysLogSource\":\"incident_record\",\"botName\":\"servicenow-logging\",\"botId\":\"45\",\"logCreatedTime\":\"2025-10-24T18:13:41.267798Z\",\"_tenantId\":\"dc170ff6-42d0-4f3d-8e9f-1904278d77f8\"}\n",
  "body": {
    "logMessage": {
      "logContent": "servicenow incident logs",
      "variableValues": {
        "incident_state": "1",
        "incident_sys_id": "57af7aec73d423002728660c4cf6a71c",
        "incident_short_description": "API call issue"
      }
    },
    "executionId": "b2e45a6d-186b-4b96-a2a2-3509808909f9_88f3a7ff9e646cc7",
    "logLevel": "INFO",
    "sysLogSource": "incident_record",
    "botName": "servicenow-logging",
    "botId": "45",
    "logCreatedTime": "2025-10-24T18:13:41.267798Z",
    "_tenantId": "dc170ff6-42d0-4f3d-8e9f-1904278d77f8"
  }
}