Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Use Windows Event Forwarding (WEF) to send events to OpInsights

    Would it be cool if you could configure Windows Server WEF (Windows Event Forwarding - http://technet.microsoft.com/en-us/library/cc748890.aspx ) to send to Advisor for Log Management scenario, without using the SCOM agent ?
    Alternatively, if one already has a forwarder/collector (WEF/WEC) architecture in place, could it be possible to use just one SCOM agent/gateway to pull the 'forwarded' logs stored on that collector from that single box to the cloud.

    332 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Collect Azure Web Apps IIS Logs and Application Logs

    OMS can collect IIS logs for web roles. Extend this capability to Azure Web Apps IIS logs as well as Azure Web Apps application logs

    292 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    triaged  ·  10 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Collect IIS Advanced logs

    Allow the collection and addition of custom fields using advanced logging or custom IIS modules. Example is to add x-forwarded-for to IIS logs in W3WC format.

    241 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Data Retention Intervals By Data Type

    Would like to request a data retention interval by data type (Similar to what is done in SCOM.) Specifically, the ability to set retention timeframes on "Performance Data", "Event data", and "Analytic Data."

    109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Populate ComputerIP field with agent manager Computer IP address

    ComputerIP is populated with the IP Address from which Azure Log Analytics is receiving data. For nodes behind a firewall/proxy or OMS Gateway this mean to have the external IP Address of the proxy.
    ComputerIP must contain IP(s) information collected by the Agent on the computer hosting it to enable Compliance and Security Scenario on the console.
    RemoteIPAddress could be added as the External IP address for proxy based agents or will contains the same address of the ComputerIP for agents not behind a proxy/firewall/Gateway.
    This have a serious impact on compliance in the actual implementation.

    102 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Delete Custom Logs sended by HTTP Data Collector API

    Hi,

    It's possible delete Custom Logs sended by HTTP Data Collector API?

    Thanks in advance :)

    Best Regards

    Hugo Faria

    97 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Modify Extraction for Existing Custom Fields

    Need to have the ability to modify the extraction criteria for existing Custom Fields. I have added a handful based on SharePoint ULS, but they aren't always matching properly. The only way that I have found to "improve" them is to remove the column and re-add it again.

    88 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. Log Filtering

    I want to be able to filter stuff I don't want to collect in logs. For example with ACS (in SCOM) I could apply filters that didn't collect system logins. I would like this functionality in all logs, for example I would want to filter IIS logs to remove data from certain IP addresses.
    I can see customers wanting to use this type of functionality when the costs of data start to pile up.

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Collect Azure Storage Logging files

    On Microsoft Azure you can enable Azure Storage logging. The logging information is saved in a $logs container in your StorageAccount. It would be great if we can add this log information to OpInsights. More information about how you can enable this type of logging: https://msdn.microsoft.com/en-us/library/azure/dn782840.aspx

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Collect ETW Trace Logs

    Windows Events collected today are only from the 'classic' NT-style eventlogs (Application/System) as well as from the Crimson logs (Vista and above) that are saved in ETVX format.

    It would be nice to enable collection of ETW Trace Logs too (.ETL), like /Analytics and /Debug logs.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Make the OMS agent work on Linux with ARM architecture

    Since there are devices like Raspberry PI with ARM architecture, it would be great if you provided binaries for ARM based Linux systems as well. Currently, I am unable to run the agent on Raspberry with Raspbian despites the tutorials available on various sites.

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. 49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Here the requirement is clear/obvious. We just have not prioritized this work yet.

    The overall ‘performance’ data collection needs to be refined – not just for Linux.

    Right now we only collect/provide hourly aggregates of some specific performance counters related to HyperV for the ‘Capacity Intelligence Pack’ scenario.

    Real time monitoring scenario might need some different shape of performance data to start with, before we enable this for Linux or for Windows alike, i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519061-collect-custom-windows-performance-counters

  13. User specified delimiter for custom logs

    Request to introduce user defined delimiter for Custom logs

    We run into issues where we're unable to delimit RabbitMQ log timestamp format
    dd-MMM-yyyy::HH:mm:ss
    Unfortunately, there is no configuration for us to change that timestamp format in RabbitMQ and have to implement a heavy workaround in order to work around this to convert it to a date time format supported by Microsoft then forwarding it to OMS.

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Custom Logs (import and delete) and add custom timestamps

    One amazing idea is create custom fields on custom log sample process. Another good idea is add more timestamp samples (like ISO 8601 format, YYYYMMDDThhmmss.fffK where YYYY: Year, MM: Month, DD: Day in month, T: Delimiter, hh: Hour, mm: Minutes, ss: Seconds, fff: Milliseconds, K: Time zone offset) or add the possobility to create a custom timestamp.
    It will be possible delete some imported custom logs to make some tests?

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’re planning on allowing you to import/export Custom Logs & Fields via the UI & ARM Templates. We’re currently implementing the ARM support today for most of Settings in OMS.

    Thanks for sharing some of the timestamps you need. Feel free to e-mail them to me here: evanhi(at)microsoft.com

    We’re actively planning way for you to specify timestamps yourselves.

  15. NLog target for OMS data collector API

    Please implement a NLog target for the OMS data collector API

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Recursive Log Collection paths

    Recursive Log collection paths for Custom Logs

    This will help users like me with folders that have logs + subfolders with logs.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Send logs for all Office 365 audit log entries/schemas

    Currently O365 logs are only collected for AzureActiveDirectory, Exchange, SharePoint and OneDrive workloads. Please add support for other audit log schemas as well, eg. the ones that are exposed via Office 365 Management Activity API: Teams, PowerBI, Sway, Yammer, ...

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valuable feedback. Your feedback is open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  18. Fix Operations Manager Health Service Modules Event ID 26007

    Operations Manager fails to collect events from the Windows Security Event log, because the EventLog service concludes the Security Event log is corrupt. The underlying reason appears to be corrupt events in the Security Event log generated by the Microsoft Monitoring Agent. See attached screenshot.

    I'd like some help troubleshooting this issue. Thanks.

    Marco

    Log Name: Operations Manager
    Source: Health Service Modules
    Date: 2/3/2016 3:36:30 PM
    Event ID: 26007
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: ***
    Description:
    The EventLog service reported that the Security event log on computer '***' is corrupt. The Windows Event Log Provider…

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. sccm support\configuration manager

    connection for SCCM 2012 R2 so that we can see all hardware inv data on all managed servers

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. Collect Log Analytics Logs by vNet not through internet.

    We would like to collect logs without going through the internet.
    We need to be able to connect some URLs on the Azure Datacenter via the Internet.
    Communication is encrypted and URLs are fixed, but important data such as security logs are sent, so it is more secure if we can collect it simply by connecting to vNet.
    If this feature is implemented, we can collect more important data such a customer data and audit information.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base