Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 6 hours SLA on indexing custom log data is a very long time to alert on

    According to this article https://azure.microsoft.com/en-us/support/legal/sla/log-analytics/v1_1/ SLA on indexing log data might take up to 6 hours. OMS has built in alerting that allows you to trigger actions within 5 minutes of data arrival. But if indexing takes more than 5 minutes - then what's the point of creating alert that might trigger on something that is no longer a problem, or not trigger at all if there is real problem. What is the average data indexing time? Log Analytics would be much more useful and have many more applications in real world if that indexing time is much lower. 6…

    366 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Collect text log files

    Allow for the ability to collect text log files.

    For agent-based collection, it could initially be limited to text log files that are "known" to SCOM through MPs (i.e. SQL Server's ERRORLOG) or with path to the file configurable by the user (from the portal or thru an Authoring Template).

    For collection from a storage account (if you have a way to land the file there on your own) you would have to point at the blob\container.

    Note: This Idea was re-created after having been incorrectly merged.

    167 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Data Retention Intervals By Data Type

    Would like to request a data retention interval by data type (Similar to what is done in SCOM.) Specifically, the ability to set retention timeframes on "Performance Data", "Event data", and "Analytic Data."

    112 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Never log Docker environment variables in container solution unless told to

    I think including environment variables in the ContainerInventory logs is a really, really bad idea. Docker environment variables are generally used to initialise containers with secrets, such as passwords. While it would be possible to provide them by way of storage, it’s not common practice, nor standard or portable. Environment variables are commonly used.

    Environment variables just should not be logged, at least until specifically told to.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Pick list instead of just a text box

    I should be able to pick from a list of windows event logs, not enter names when adding logs in MOM Suite

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. (Microsoft survey and discussion) Frustrations around using log analytics in monitoring/log analytics solutions

    I’m part of a team at Microsoft that is interested in understanding your frustrations around diagnosing software problems when using monitoring/log analytics solutions. Specifically, we’re interested in where you leave the monitoring/log analytics system to pull addition logs/traces or use different diagnostic analysis tools in order to solve a software problem. If you’re someone that uses the log analytics capability inside of OMS or any of the other monitoring/analytics solutions (Linux or Windows), and you are interested in having a 30 minute conversation with me and a couple of my colleagues, please leave your information on http://www.msftdiagnostics.com/ or send email…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Log Management - NO DATA FOUND

    I initially on-boarded a new SCOM 2012 R2 management group with Operational Insights. I turned on multiple intelligence packs and the 10 or so servers that were added to SCOM so far uploaded log data fine (IIS, Application, System) and the "Security and Audit" intelligence pack seemed to be working as well.

    I did see that there were some servers that are too old to be compatible with OpInsights, so I created a custom group for Windows servers with 2008 and later, I then targeted that group with OpInsights from within the SCOM console.

    I also am running the latest…

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. Can you please add the Microsoft-Windows-Sysmon/* to Logs

    To be able to support Sysinternals SysMon

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Collect Azure data from different Azure Subscriptions

    Afaik today we can collect Azure logs only from artifacts runinng int he same subscription where the OpInsights workspace has been created. We use different subscriptions in Azure for both segregation and billing, but we want to able to monitor them form a single OpInsights account. Give us the option to register my subscriptions and be able to collect exactly the same data we're collecting from the "home" subscription.

    73 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. I have multiple directly connected servers listed twice in the portal.

    Hello,

    When i list "Servers Connected Directly" I see multiple servers that are listed twice. Once with its computer name and once with its FQDN. The reason why the server is also listed with its computer name is one event. All other events are based on its FQDN.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    The IIS collection was changed so that it now reports the same (typically, FQDN) computer name also seen in other types of data as opposed to just the NETBIOS name/host name that was inferred from the log content.
    This was part of the fix announced here http://blogs.technet.com/b/momteam/archive/2015/05/14/configuration-changes-for-iis-log-collection-in-operations-management-suite.aspx


    For actually showing ‘connection’ status of direct agents (not inferred from data in search), vote this http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6734080-improve-visibility-of-an-agent-status

  11. W3CIISLog - csUserName not in full text index?

    The csUserName seems not included in the full text index. Repro:
    - search for a known user Type:W3CIISLog csUserName:"someusername", this returns a list of documents
    - search for the same user without setting a property match, "someusername" doesn't return documents from W3CIISLog but it does for other logs

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Application Log ID 18456 (Logon) not being collected (aka - allow to Collect Audit Failure and Audit Success events)

    Added log collection of the Application Event Log , but it looks like Event 18456 Type Logon is not being collected even while its located in the Application Log

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’ve updated the Log Analytics service so that Audit Success / Audit Failure events are picked up from all event logs, not just the Security event log.

    To collect these events, configure collection of “Information” level events from the event log.

    The change is rolling out to all regions this week.

  13. Add support for operational insights in Azure PaaS Services

    Azure Operational Insights should also support operational insights on Azure PaaS services like Web Roles, Worker Roles, Web sites, Azure SQL Databases and all the other Azure PaaS services.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Log Collection from WAD for PaaS roles and IaaS VMs is enabled for Windows Event Logs and IIS Logs.

    SQL Instances running in IaaS VM are supported (via the agent) by SQL Assessment IP already as well.

    Other sources of data (i.e. performance) are tracked by individual ideas i.e.

    http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519356-collect-custom-performance-counters-from-windows-a

    http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519351-collect-iis-logs-from-windows-azure-diagnostics-st

    Azure SQL is a different beast altogether – not immediately on the roadmap to assess that from our end, but we started some conversation with the SQL team in that sense.

    In general, we suggest you give us feedback in small-bite chunks. This one broad ‘idea’ you posted for us is really multiple separate features to implement on our end – see the list above. This means your feedback will tend to remain open for a very long time. We work in iterative/agile fashion, so we prefer to track each small piece with its own status and ship small…

  14. Collect Custom Windows Performance Counters

    Allow a custom / user-defined policy of which Windows Performance Counters to collect from agents and use in search.

    191 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. 77 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Collect performance metrics for UNIX and Linux Servers

    All us to view performance data for Unix/Linux servers monitored by SCOM using the System Center Advisor.

    108 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Security event logs should be collected

    Security audits should be collected by Advisor. Proper intellignece should be added to query for specific info contained in properties. Some sort of normalization (like ACS does) is welcome / needed.
    Proper reporting is needed as well.

    125 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. 86 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Integration with App Insights

    Integration to App Insights when they produce programmatic access

    62 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. Allow to perform parsing and custom fields extraction

    i.e. many logs have a single line of 'message' or 'description' - you want to parse that out into discrete parts that you can perform aggregations (group by) against.

    43 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base