Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Can't create alerts based on cross-resource queries

    It used to be possible through the OMS portal to link an Application Insights instance to Log Analytics. Since the portal is being depreciated, along with the App Insights connector, we are forced to use cross-resource queries to query an App Insights instance from a separate Log Analytics instance. This works fine for general queries, but we cannot create alerts based on cross-resource queries. The alert will not create because of a "syntax error", when the same query works in Log Analytics.

    There should be a way to ingest App Insights data into a Log Analytics instance. Or else we…

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  3 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  2. 6 hours SLA on indexing custom log data is a very long time to alert on

    According to this article https://azure.microsoft.com/en-us/support/legal/sla/log-analytics/v1_1/ SLA on indexing log data might take up to 6 hours. OMS has built in alerting that allows you to trigger actions within 5 minutes of data arrival. But if indexing takes more than 5 minutes - then what's the point of creating alert that might trigger on something that is no longer a problem, or not trigger at all if there is real problem. What is the average data indexing time? Log Analytics would be much more useful and have many more applications in real world if that indexing time is much lower. 6…

    366 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. A Saved Search can only be deployed once via ARM templates

    Currently, a Saved Search in Log Analytics can only be deployed once via ARM templates. After the initial deployment of a saved search, subsequent deployments will fail with an error which states 'Bad Request'.

    Resource Microsoft.OperationalInsights/workspaces/savedSearches 'searchName' failed with message
    {
    "error": {
    "code": "BadRequest",
    "message": ""
    }
    }'

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Machine Learning with Log Analytics

    1 on OMS with Azure ML. As organizations lack the ability to mine through mounds of log data to detect trends and determine what services are running well and which services may need help.

    Problem Management is one of the processes that requires Incident/Event data to determine trends. Many organizations struggle with this as they need to have a person look at this data and analyze it. Using OMS Analytics data and pumping to through Azure Machine Learning and providing insights would be valuable to IT organizations.

    This would increase IT Organization’s maturity and drive business value.. I see a…

    308 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Multi tenancy: Collect Azure Health logs from different Azure tenants

    We manage Azure tenants for multiple companies. We want one central monitoring and automation Workspace to manage all these different tenants.
    Although you can collect data from vm agents in different Azure tenants as well as data from different Office365 tenants it is not possible to get the Azure Health logs from different tenants into one OMS Workspace.

    506 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add support for autorefresh dashboards and session never expire.

    Add support for automatic refresh/session never expore.
    Autorefresh each x seconds on dashboards and main overview Dashboard.

    This will solve the problem when using OMS dashboards as operationcenter with monitors. The sessions expires to often and the content do not autorefresh.

    415 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  7. 29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  8. Delete Logs and custom log

    hey ,
    How can I delete the logs,saved searches and custom logs ?

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Measure and Distinct for dynamic computer groups

    Currently measure and distinct are not supported in the same query, however I have a scenario where it can be useful to create a computer group based on a measure. I'm developing a trend solution that for performance reasons need to filter a subset of systems based on a threshold, like Type:Perf (CounterName="% Processor Time") (ObjectName="Processor") (InstanceName="_Total" OR "InstanceName=0") TimeGenerated>NOW-7DAYS | measure percentile95(CounterValue) by Computer | where AggregatedValue > 10 | Select Computer | Distinct Computer
    alas this is not possibile and if I pipe | Select Computer and I save it as a group, when used it breaks in…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  10. ACTIVATED/RESOLVED states for alerts with auto-resolution

    It often happens an alert being fired and keeping sending me notifications every X minutes until I resolve the problem. It may happen the problem can only be resolved the day after or, worse, many days after (for example, a low disk space condition). Meanwhile, I keep receiving all these notifications, filling up my mailbox and... you know!

    It would be great to have a single ACTIVATED notification when the alert fires and later a RESOLVED notification when the alert condition is not met anymore. I believe there may be a way of achieving this through a pair of complex…

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add support for OMS Alert suppression for a given time period

    Add support for OMS Alert suppression for a given time period. This is equivalent to maintenance mode in SCOM. With the the OMS alert remediation capability, I think it is very important that users can specify maintenance windows when the alert and remediation must be suppressed.

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Per Server Usage

    Ability to see GB usage per monitored server.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

    The new usage views includes the ability to see the amount of data per computer

    The included views will give you information on:
    • How much data is sent to Log Analytics and by which Computers
    • How much data is sent for each solution
    • How much data isn’t associated with a computer
    • Which computers are sending data and which computers haven’t recently sent data
    • How many nodes are sending data for each of the OMS offers (Insight & Analytics, Automation & Control, and Security and Compliance)
    • How long it takes for Log Analytics to make data searchable

    -Richard

  13. Collect text log files

    Allow for the ability to collect text log files.

    For agent-based collection, it could initially be limited to text log files that are "known" to SCOM through MPs (i.e. SQL Server's ERRORLOG) or with path to the file configurable by the user (from the portal or thru an Authoring Template).

    For collection from a storage account (if you have a way to land the file there on your own) you would have to point at the blob\container.

    Note: This Idea was re-created after having been incorrectly merged.

    167 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Access read only Dashboard directly from URL

    Maybe IT can be (partially) achieved by RBAC but we would like to have the possibility to access a read-only version of the dashboard just bij entering a URL. The dashboard should not have a timeout. this way we can put the dashboard on a big screen (and when the possibility of multiple dashboard is enabled) we kan put multiple big screens on our service desk.

    Access to this dashboard should be restricted by IP address and/or an URL or something like this.

    310 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  15. iOS Mobile App

    Provide iOS Mobile application to access Operational Insights from iPhone and/or iPad

    435 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  16. 330 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    You can now monitor Certificate expiration on Azure VMs using [Azure Policy for Guest Configuration](https://azure.microsoft.com/en-us/updates/guest-configuration-feature-for-azure-policy-now-in-preview/). When in the policy portal search for policies titled “e x p e r”. We also created a template for Log Analytics that will monitor IIS on any VM with an agent. Checkout an example @ https://github.com/TimSBenjamin/AzMonCertExpireAlert.

    If you still have any queries please let us know. Thank you

  17. 0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  18. ServiceNow Intelligence pack & connection

    Would be great to have a way to forward alerts to ServiceNow (http://www.servicenow.com/) and to be able to analyze data (incidents, changes, etc.) coming from ServiceNow.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Data Retention Intervals By Data Type

    Would like to request a data retention interval by data type (Similar to what is done in SCOM.) Specifically, the ability to set retention timeframes on "Performance Data", "Event data", and "Analytic Data."

    112 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. invalid workspace id

    When I install the agent and try to set the workspace ID I get the error "invalid workspace ID" .... The format is wrong
    But I copy-paste it???

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 20 21
  • Don't see your idea?

Feedback and Knowledge Base