When I click on the "Locked-out Accounts" view from the Security IP, I am brought to the search section. There is no way on this page to tell what I am looking at without analysing the search. In the search bar it shows "EventID=4740" but who in their right mind has every event id memorized. There should be a title that shows I clicked on "Locked-out Accounts".6 votes
Thanks for the feedback.
This is similar to the behavior the mobile app has for ‘saved searches’ – they do show the title there.
Coded drill-downs today don’t carry a title across pages, and changing this has an overall impact on the breadcrumb code, most likely – see this other idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519263-moving-across-pages-needs-to-be-seamless-clickable
Keep in mind that the default drill down pages are meant as a convenience: once you identified a search you care about, you can SAVE it to your Saved Searches, and pin it on your own dashboard – those tiles in dashboards have a title (=the name of the saved search).
I would like to see the following:
- Larger query input field
- Table result column filtering
- Table rows expand to show full results
- Table scrolls horizontally so that you can actually read the data when there area lot of columns
- More "Last" time slices (Last 15 min, Last 30 min, Last 1 hour, etc...)
- Column selection mechanism in UI (drop down with checkboxes instead of having to | select x, y, z)
Analytics for App Insights has all of these features, and I constantly find myself wishing Log Search had them6 votes
auto correction when typing a query.
e.g. "Type:SecurityEVent" (wrong capital 'V') will be auto corrected to "Type:SecurityEvent"6 votes
Thanks for the feedback.
Now, OMS portal site is not localized to other languages.
such as assessment intelligent pack, it has useful information, but many customer (in Japan) cannot understand English information...
Please localize portal site to famous language.6 votes
Thank you for your feedback, this might be something we’ll look at in the future.
Create a personalized standard date / time filter:
i.e. last 26 hours: 24 hours + 2 hours in which you can perform your daily checks, making sure you never miss out any log info while not having to manually customize every check
I perform daily checks in the first two hours of my working day: now I have to manually set the search window to make sure I don't miss out any data. (like today I checked 9AM, but yesterday 8AM, with 24 search i'll miss one hour)6 votes
The Date facet in the log query screen seems to apply inconsistently - if I specificy the timeframe I want to query it may or may not override my query and use it's set default range
e.g. I use TimeGenerated>NOW-30DAYS in my query, but as I have NOT adjusted the Date facet it restricts my results to the "Data based on the last 1 day" - which is what the Date facet is set to by default for each new query
It would be good if Date filter could be turned off for queries6 votes
Some searches seem very slow. For example, try
Type=SecurityEvent (EventID="4624") for the last 7 days and it never completes. I do see an 'Internal Server Error' in the UI, but it give no details.5 votes
Now it automatically adjusts - i.e. when looking at 7 days, each bar becomes 6 hours. It would be nice to decide what interval to choose.
6 hours is an odd interval. If I am looking at 7 days I would rather see how many of those results are there each day/24 hrs intervals/buckets.
If I am querying 1 or 2 days, I probably want to see a hourly breakdown.
The idea is to offer a drop down to allow selecting specific aggregation intervals.5 votes
Thanks for offering this feature. Currently the plan is to upgrade the portal with many new features, the timeline is being re-designed as part of it.
Until that, I can only recommend you to use the query to generate charts that describe this in the manner that fits your data best.
We’ve recently upgraded the query language. Here’s an example of the new syntax, using 3-hour bins over the last two days of events:
| where TimeGenerated > now(-2d)
| summarize count() by bin(TimeGenerated, 3h)
| render timechart
It would be great if you could provide a set of entities without case sensitive names, or at least provide a set of entities that do not have the same name. I have found clientIps and clientIPs ..... they are different!
A bit difficult to filter !4 votes
Thanks for your feedback.
For various reasons our engine is case sensitive and we will not be able to change it without breaking compatibility.
When query results are returned the columns need to be fully re-sizable. The far right column restricts how wide you can make the other columns which makes other columns un-viewable if the content is to long. Example attached.4 votes
I've noticed a reference to Operational Insights (old name) reference in the portal.4 votes
Thanks Stan. We’ve created a ticket regarding this issue.
The current "Logs" blade is pre-populated with "A few more queries to try" and heavily pre-populated "Saved Searches" for common queries. This UI feature was critical to my understanding of log queries. If the new "Logs (Preview)" blade is to supersede the current "Logs" blade: please bring over a similar each to find and use feature.3 votes
We recognize the importance of the query examples, we are actively working on it. You should see them lighting up in Sep 2018
I want to get a graphical overview of the occurence of some event and I want to do so in a 5 minute interval. That search could fx be
Type=Error_CL | measure count() interval 5minute
The event occurs much less often than on a 5 minute interval, so I expect the graph to go to 0 most of the time but it doesn't.
To be explicit, I expect:
No graph until first event.
No graph beyond last event.
Graph in between first and last event is 0 when there are no events - not interpolated.
See attachment.3 votes
Issue with special characters in query:
when a query contains a special character the query reports an error "the remote server returned an error:(400) Bad Request"
query example: Type=ConfigurationChange ConfigChangeType="Software" SoftwareType="Application" and SoftwareName=µTorrent3 votes
The µ character is not one we currently support in search.
For µTorrent, this typically just displays as uTorrent, so we recommend you change the last part of the search to be SoftwareName=“uTorrent” and include the quote (") marks as part of the query
The right click menu is missing paste in the new Log Analytics blade and the Log Analytics advanced portal. Copy and Cut are there, no paste.3 votes
You should be able to change the width of the filter slicer on the Search page or it should be expandable between 3 sizes (collapse, mini, full screen width) , similar to the experience in the Azure portal for blades.3 votes
Thanks for the feedback.
Ignore the mouse over suggestions in the search field, unless an option is clicked. When typing in a search query, I hit enter to execute the search and OMS selects one of it's suggested options because the mouse happened to be left in the middle of the screen.3 votes
I would like to be able to see the entire text of the message in long lines, so as not to open and scroll this message3 votes
Thanks for your feedback and its now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
As my searches get more complex and I am using the search function to investigate the automatic history drop down is frustrating as it covers the results, requiring me to click in another part of the window to get it to go away.3 votes
Thanks for the feedback – we’re always interested in ways to improve the search experience.
Currently the back button can't be used to navigate back to the last query in the new Azure Portal log analytics interface.
There is no way of navigating back to a previous query which would be very useful if drilling down into a query and then wanting to revert.3 votes
- Don't see your idea?