Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please DO NOT RETIRE the demo site: https://portal.loganalytics.io/demo#/query/main

    For log analytics, there is a demo site: https://portal.loganalytics.io/demo#/query/main, which is very useful for testing purpose since it has a lot of data.

    And now I see it will be retired on September 2nd, 2019, please keep it alive.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Request to add BMC Remedy partner type in ITSM Connection

    Hi Team,

    Could you please add BMC Remedy partner type in ITSM connection in LogicApps as this connection is not available which is commonly used tool in most of the software companies.
    Adding this connector will help us to automatically creates remedy tickets whenever there is a failure in ADF or if any component reaches threshold limits

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  3. Send logs for all Office 365 audit log entries/schemas

    Currently O365 logs are only collected for AzureActiveDirectory, Exchange, SharePoint and OneDrive workloads. Please add support for other audit log schemas as well, eg. the ones that are exposed via Office 365 Management Activity API: Teams, PowerBI, Sway, Yammer, ...

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valuable feedback. Your feedback is open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  4. Enhance Azure Logs to include information that helps manage Usage and Content Creation management

    the Logs are good to manage/view access, security but is pretty useless for managing usage especially from a content creation view point.

    FileAccessed basically includes every possible method of access including when webparts show file previews of multiple files.

    Users are getting marked as FileAccessed despite not actually accessing the file. There needs to be additional information about how the file was accessed. e.g. downloaded(completed), SPO Webpart, Search Result View or OfficeFatClient, OfficeWebClient etc.

    FilePreviewed and FileAccessed are both logged in all circumstances so there is no method to distinguish between preview and actually accessed.

    This is really painful if…

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Change Tracking Solution  ·  Flag idea as inappropriate…  ·  Admin →
  5. Collect Log Analytics Logs by vNet not through internet.

    We would like to collect logs without going through the internet.
    We need to be able to connect some URLs on the Azure Datacenter via the Internet.
    Communication is encrypted and URLs are fixed, but important data such as security logs are sent, so it is more secure if we can collect it simply by connecting to vNet.
    If this feature is implemented, we can collect more important data such a customer data and audit information.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  6. custom logs timestamp

    Please add this timestamp delimiter YYYY-M-D HH:mm:ss.

    Currently have logs in an application that use this and would like to gather the custom logs using this delimiter format.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  7. multiple OMS subscriptions to ability to pipe all Log Analytics data to one main OMS subscription

    We have multiple subscriptions under one tenant and one subscription will have 160 plus OMS subscriptions, all of which function as separate entities with their own resources. we would like to have the ability to pipe all Log Analytics data from these secondary subscriptions into your main subscription main OMS subscription, mostly for Threat Intelligence and Security Analytics so that you can correlate the data together. And to work with azure sentinel. Currently we have call AAD and office 365 data and AIP data go to the main OMS subscription. We need a central way to correlate data.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks a lot Aaron Shvarts for sharing your requirement. Currently there is a support to query cross resources with in Azure Monitor. However the limit is for 100 workspaces or application insights instance with in a query. https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/cross-workspace-query . Please have a look and see if that could cater your requirement. We understand that the limit is 100 and your requirement is 160+ resources. Please let us know if the cross resource query is something you can use and if there is a feature requirement to increase the current limit of 100, that can be done by a new feedback thread. Thanks

  8. Resource health data on log analytics

    Currently we can pass activity log data to log analytics to monitor and manage activity logs, but this data is limited. If resource health alerts is passed, it will be easier to manage, set up alerts and take action on it. Currently resource health alerts can be configured only on particular resoruce section or via arm template, so for managing multiple resources it would be ideal to pass this data to a log analytics workspace

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add all the render operations from the Kusto query language

    As of today the "with" render operator does not work in Log Analytics.
    example: | render timechart with(ymin=0)

    This will not force the y-axis to start at 0 if the values in the graph are higher than 0. It would be very good if it was possible to use all these operators that are listed in the documentation when using Log Analytics and when pinning the graphs to the dashboard.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Retrieve the portal time span and use it inside the kusto query

    I am trying to access the time range selected from portal and use it inside the kusto query to show some metric (% uptime of a specific api using our custom logic).

    Documents does not mention any variable or function that we will help to access the time range selected from portal.

    It would be helpful to have a magic variable to see the time range selected from portal.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  11. Log Analytics - Alert rule does not work if the table is not yet created

    We want to create an alert rule on the non-existent table(yet), this is because we are sending the PSCustomObject to the custom table from the automation job, once the problem occurs, the initial table will be created with the results. We want to pre-recreate this rule, workaround, for now, is to generate the table with some custom data. Can this be fixed please?

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  12. Color customization in log analytics chart

    A feature to customize the color of the charts should be available, as the default colors don't make any sense in many scenarios (green, blue, etc). Furthermore, when publishing the charts into a dashboard, the colors and chart shape are changed again (from pie to donut and from green and blue to dark blue and light blue).
    The ability to choose the colors should be added to the "render" method and consistency between the actual chart in log analytics and the published chart in the dashboard are very important features that should be available.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  13. Send alerts with resolved state for log alert rules

    Related with: https://feedback.azure.com/forums/267889-log-analytics/suggestions/12898992-activated-resolved-states-for-alerts-with-auto-res

    The documentation says:

    Log alert rules comprise of custom query-based logic provided by users and hence without a resolved state. Due to which every time the conditions specified in the log alert rule are met, it is fired.

    It would be nice if there were a possibility that if the alert is fired, and the next time the query is executed it does not satisfy the condition to be fired again, then a resolved alert could be sent.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  14. Support systemd template unit file

    So it would be great to enable Log Analytics to track change/enable inventory gathering on systemd services that are using systemd template.

    I had a ticket with support that confirmed to me it wasn't supported and sent me here to request a feature... So here I am, I feel it's more of a bug than a feature. If you say the agent support services/daemon inventory and it can do it with "normal" sytemd unit file, I think it should simply work with template too.

    What is a systemd unit file template ? https://fedoramagazine.org/systemd-template-unit-files/

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Change Tracking Solution  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  15. DCR: powershell cmdlet to collect activity log across subscription in Log analytics workspace

    We have activity log solution here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/collect-activity-logs
    cx want to do the below steps by powershell command:
    - Configure activity logs to go to your Log Analytics workspace.
    - In the Azure portal, select your workspace and then click Azure Activity log.
    - For each subscription, click the subscription name.

    Currently we don't have any powershell commands to do the same, as I know, we have some powershell command to enable custom logs in log analytics, hence please also provide similar command to connect activity logs in workspace across subscription.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Add wildcard character feature for folder in Custom log path

    introduce this wildcard character feature in log path future.
    For example
    C://test/*/log/*.log

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  17. Column explaination in all tables for each Azure service?

    Not sure if this is already known, but a detail explanation of each column for all native Azure services will be nice. Some columns are simple to dissect where others are not.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog with regards to our documentation and also gives us insight into the potential impact of implementing the suggested feedback.

  18. The oms custom logs should support the custom timestamp rather than the static format

    Hi,
    We are working with the Radius NPS (Network Policy Server) and would like to push this custom log logs to oms. However we got the failure.

    "CLIENTCOMP","IAS",03/07/2008,13:04:33,1,"client",,,,,,,,,9,"10.10.10.10","npsclient",,,,,,,1,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

    I referred to this guideline: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/powershell-workspace-configuration#configuring-log-analytics-to-send-azure-diagnostics

    and

    https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs?toc=%2Fazure%2Fazure-monitor%2Ftoc.json#custom-log-record-properties

    Looks like the oms custom log just only supported:
    YYYY-MM-DD HH:MM:SS
    M/D/YYYY HH:MM:SS AM/PM
    Mon DD, YYYY HH:MM:SS
    yyMMdd HH:mm:ss
    ddMMyy HH:mm:ss
    MMM d hh:mm:ss
    dd/MMM/yyyy:HH:mm:ss zzz
    yyyy-MM-ddTHH:mm:ssK

    I believe that the OMS would be used in many systems and customers, so the oms custom logs should be supported the custom timestamp as needed.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  OMS Gateway  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  19. Include "Valued caching policies" on the analytics result

    It would be very helpful if you have a built-in mechanism for counting value cache misses/success.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for your feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  20. Make Azure Log Analytics Dependency Agent available in Azure Portal GUI

    You currently can install the Dependency Agent through Azure Portal GUI, must use either PowerShell, ARM templates or possibly (haven't tested) Azure Policies. How?! Why?!

    Please make it possible to manage the Dependency Agent extension through the Azure Portal web GUI.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

← Previous 1 3 4 5 44 45
  • Don't see your idea?

Feedback and Knowledge Base