Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ANSI colour coding in log messages

    Many logging frameworks we are using use ANSI colour escape sequences to provide colour. These look fine in a console but when they get to log analytics, they show as the raw escape sequence like [96m.

    We can turn off the colour to workaround this but it would be good to see support for it in Log Analytics.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  2. Editor for Favorites

    Need an editor for changing a favorite without the need having to delete it and recreate it.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  3. "internal server error" for search Type=SecurityEvent TimeGenerated>NOW-24Hours

    Similar search work for other Types. This one generates and internal sever error.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  4. Bug with saved queries containing a plus sign

    When I open in Log Search a saved query that contains a '+' sign, it does not load correctly, ommiting the '+' and thus generating a syntax error (please see attached file)

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  5. Table view of a Measure should include all groups

    Table view only displays the first column of multiple groupings. Example:
    Type:W3CIISLog | measure sum(TimeTaken) as TotalTime by sSiteName, csUriStem
    Click Table view.
    The column sSiteName shows up in Table view but csUriStem does not.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  6. When pivoting from results of Measure count() queries that use INTERVAL (based on field TimeGenerated) drill down query returns no result

    REPRO steps:
    Do a query like Type:Event | Measure count() interval 1DAY; the grouped results you get back will have TimeGenerated as the first field.... but the row in the table really represents a time RANGE/interval
    When clicking on a group, the resulting query becomes something like Type:Event TimeGenerated:"2014-02-25T20:04:39.234Z" - this yelds no results because the TimeGenerated is really just the BEGINNING of the '1DAY' interval.

    How it should work:
    backend API should provide more information back to the caller, such as
    - informing that this group is not based on a fixed string value (like in many other cases…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  7. portal site title mistake(Japanese)

    English UI Page title "Overview "
    Japanese UI page title "概要 - サンプルポータル" (overview - sample portal)

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Frequency Change

    On PowerBI Schedule, allow us to change Frequency. We have to create the entire report again just to change Frequency.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  9. Category dropdown when adding a saved search from Log Search blade

    While in the Log Search Blade, selecting Saved searches, then selecting Add, a category dropdown should appear to select existing categories to add to. The ability to add a new category should continue as well.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  10. session expired

    Q1. 經常在 OMS portal 使用中的情況下跳出 session expired 的提示,就需要重新登入,請問有設定可以更改 session 時間長短嗎?

    Q2. 在 measure count() 的使用方法中,能否 by 兩個欄位計算? 例如 Type=SecurityEvent EventID=4625| measure count() by Computer Account

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  11. Keep "Show More" open while search is running

    Show More should stay open. If a search is on-going, the "[+] show more" option keeps closing.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  12. [View] links for EventID rework

    [View] for EventID only searches technet for the event number - this is generally not useful functionality. Please have all [View] links point at useful info for their associated content.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  13. Freeze Top (Header) Row in Table view of Log Search

    Freeze Top Row in Table view of Log Search

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  14. 'interval' function in Measure command should support all statistical/aggregation functions (Max/Min/Avg/Sum) not just count

    Per documentation:
    https://azure.microsoft.com/en-us/documentation/articles/operational-insights-search/
    Interval function is supported only of grouping Date/Time fields and works with only count() aggregation function. This makes the use of interval function very limited. For example if you want to create query that will show certain results for every hour for the past 12 hours for multiple of objects you can't.
    Example of this:
    Type:WireData | measure count() by ApplicationServiceName interval 1HOUR
    In order to achieve such results you will have to create query for every ApplicationServiceName like this:
    Type:WireData (ApplicationServiceName=http) | measure count() by TimeGenerated interval 1HOUR
    Additionally if you want to see the traffic…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  15. More Useful tiles in View Designer

    Please, add more view dashboards to be used inside View Designer or allow us to use create/customize them in a HTML-ish way. Displaying data with multiple columns as a table is a nightmare, espacially if you don't have a number/timestamp column, but that's the most required data; content is unreadable.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  16. Respect the indentation/tabs in the logs

    Our apps are currently logging request and response using indented JSON however Log Analytics removes all the indentation and pulls the text to the left which makes it difficult to understand.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  17. add optional UX for query string

    Add a ? option to the query language line which would bring up a UI to build the query line. At the very least, have it bring up context based help that describes the options and features of the query line.

    This UI would build the query line like the following: Type:Update (Classification:"Security Updates" OR Classification:"Critical Updates") AND UpdateState=Needed AND Optional=false AND Approved!=false Computer="server.domain.com"

    Basically I want to filter the output to some of the fields rather than all of the properties.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  18. Edit Alerts from Log Search UX bifurcation & UI bug

    Use case:


    1. Nav -> Log Search.

    2. Click Favorites.

    3. Select an 'Alert' favorite search.

    The top nav bar with Favorites and History now includes 2 new buttons:
    1. Alert
    2. Save

    This is naturally how you created the Alert or saved a search.

    But now there is no way to Save the existing search or update the existing Alert's search query (which is what I just clicked on).


    1. Save should track changes (and provide a prompt for save existing or create new)

    2. Clicking Alert, when the search was selected from the Alerts section, should take you to the existing alert. If…
    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add a way to keep Azure app insights logs to Local Time Permanently

    App insights Rest api using UTC time stamp by default. Please create a way to configure time like CST or EST based on requirement we can use in App insights

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your query, can you please help share more details on your scenario. Currently the feasibility to display in Local time or any other time zone, is that not helping your scenario. Just wanted to get more details on the scenario so that our team can evaluate accordingly.

  20. timestamp last collection only for all queries

    There should be the possibillity to run query with the timestamp last data collection only whenever it was. ago or now-x not helpful and not correct for example on performance counters like free diskspace, or alternate have a filter option last timestamp per server, if you have the same server more as one time as result. Example timestamp perf counter >=1h. same server more as one time. I need only last collection.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base