Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Log Analytics -> Logs (Preview) blade needs Saved Searches-like feature

    The current "Logs" blade is pre-populated with "A few more queries to try" and heavily pre-populated "Saved Searches" for common queries. This UI feature was critical to my understanding of log queries. If the new "Logs (Preview)" blade is to supersede the current "Logs" blade: please bring over a similar each to find and use feature.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  2. Category dropdown when adding a saved search from Log Search blade

    While in the Log Search Blade, selecting Saved searches, then selecting Add, a category dropdown should appear to select existing categories to add to. The ability to add a new category should continue as well.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add a keyboard shortcut to comment / uncomment the current line in the query editor (like CTRL+K in VS)

    There already is a shortcut that allows to run the query (Shift+Enter), which is great.
    A shortcut to toggle wheter the current line is a comment or not (by adding / removing "//" at the beginning of the line) would be great and save a lot of time while editing queries / functions.

    Similar to the shortcut VS or any other IDE: https://blogs.msdn.microsoft.com/zainnab/2010/04/13/comment-and-uncomment-code/

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ignore the mouse (until click) when suggesting searches

    Ignore the mouse over suggestions in the search field, unless an option is clicked. When typing in a search query, I hit enter to execute the search and OMS selects one of it's suggested options because the mouse happened to be left in the middle of the screen.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  5. Running a query should not reset result view

    I've run a query and look at the line chart representing the data. I realize that the query should be altered.

    I alter the query and click Go in the upper right corner.
    Instead of the line chart I just had, I now get the "raw" table data. I then have to select Chart and then Line to get back to the view I just had.
    This is fairly inconvenient.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  6. Date facet and TimeGenerated in query are inconsistent - can we override or disable Date facet

    The Date facet in the log query screen seems to apply inconsistently - if I specificy the timeframe I want to query it may or may not override my query and use it's set default range
    e.g. I use TimeGenerated>NOW-30DAYS in my query, but as I have NOT adjusted the Date facet it restricts my results to the "Data based on the last 1 day" - which is what the Date facet is set to by default for each new query
    It would be good if Date filter could be turned off for queries

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  7. Table view of a Measure should include all groups

    Table view only displays the first column of multiple groupings. Example:
    Type:W3CIISLog | measure sum(TimeTaken) as TotalTime by sSiteName, csUriStem
    Click Table view.
    The column sSiteName shows up in Table view but csUriStem does not.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  8. "measure x interval" graph should go to zero when there are no data

    I want to get a graphical overview of the occurence of some event and I want to do so in a 5 minute interval. That search could fx be
    Type=Error_CL | measure count() interval 5minute
    The event occurs much less often than on a 5 minute interval, so I expect the graph to go to 0 most of the time but it doesn't.
    To be explicit, I expect:
    No graph until first event.
    No graph beyond last event.
    Graph in between first and last event is 0 when there are no events - not interpolated.
    See attachment.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  9. Create your own custom time ranges (i.e. last 26 hours)

    Create a personalized standard date / time filter:
    i.e. last 26 hours: 24 hours + 2 hours in which you can perform your daily checks, making sure you never miss out any log info while not having to manually customize every check

    Context:
    I perform daily checks in the first two hours of my working day: now I have to manually set the search window to make sure I don't miss out any data. (like today I checked 9AM, but yesterday 8AM, with 24 search i'll miss one hour)

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve Log Search UI and and Results

    I would like to see the following:
    - Larger query input field
    - Tabs
    - Table result column filtering
    - Table rows expand to show full results
    - Table scrolls horizontally so that you can actually read the data when there area lot of columns
    - More "Last" time slices (Last 15 min, Last 30 min, Last 1 hour, etc...)
    - Column selection mechanism in UI (drop down with checkboxes instead of having to | select x, y, z)

    Analytics for App Insights has all of these features, and I constantly find myself wishing Log Search had them

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  11. Increase number of distinct results for measure command (limit 100)

    Today measure command only support 100 distinct results. It´s a risk that alerts created with measure command don´t give correct results because of this limit. Now the first top 100 results is sent to measure.

    From documentation:

    Second, Measure count currently returns only the top 100 distinct results. This limit does not apply to the other statistical functions. So, you'll usually need to use a more precise filter first to search for specific items before you apply measure count().

    https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-log-searches#use-the-measure-command

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  12. custom field based on regex

    sorry if this has been asked I searched but could not find anything similar.

    would love to be able to create a custom field based on a regex. Like I have csUsername as a field but I want to know the domain of the users not the email address, the stuff after the @ is this possible or are you working on it.

    love oms so far,I hopefully I didn't miss something

    ps this doesn't need to be a regex could be things like split,trim,end, lastindexof, etc..

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  13. Editor for Favorites

    Need an editor for changing a favorite without the need having to delete it and recreate it.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow us to filter deduped data set (* | dedup * | where ??)

    Ok now with dedup we can almost achieve the "last data point by Computer" scenario, but we cannot use where after dedup as in: Type:Heartbeat | dedup Computer | where TimeGenerated < NOW-10MINUTE
    Just add the ability to use "| where" to process the deduped data set.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  15. session expired

    Q1. 經常在 OMS portal 使用中的情況下跳出 session expired 的提示,就需要重新登入,請問有設定可以更改 session 時間長短嗎?

    Q2. 在 measure count() 的使用方法中,能否 by 兩個欄位計算? 例如 Type=SecurityEvent EventID=4625| measure count() by Computer Account

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  16. Edit Alerts from Log Search UX bifurcation & UI bug

    Use case:


    1. Nav -> Log Search.

    2. Click Favorites.

    3. Select an 'Alert' favorite search.

    The top nav bar with Favorites and History now includes 2 new buttons:
    1. Alert
    2. Save

    This is naturally how you created the Alert or saved a search.

    But now there is no way to Save the existing search or update the existing Alert's search query (which is what I just clicked on).


    1. Save should track changes (and provide a prompt for save existing or create new)

    2. Clicking Alert, when the search was selected from the Alerts section, should take you to the existing alert. If…
    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  17. Change a saved search (hassle free)

    Add the ability to change a saved search, without having to remember the exact same name and group to override the existing query. At the same time a rename function would be nice.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  18. Save Time frame Scope

    Save time scope along with query, so we don't have to adjust in the GUI each time we click on a saved query. This should also apply to dashboard elements, so we don't end up with "half" graphs when you have limited TimeGenerated.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  19. portal site title mistake(Japanese)

    English UI Page title "Overview "
    Japanese UI page title "概要 - サンプルポータル" (overview - sample portal)

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  20. Search Result Column Re-Sizing is Broken

    When query results are returned the columns need to be fully re-sizable. The far right column restricts how wide you can make the other columns which makes other columns un-viewable if the content is to long. Example attached.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base