Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Hard-delete option for Log Analytics workspaces

    We're building immutable infrastructure for our product and would like to delete/destroy any resource on-demand. Unfortunately we noticed the Log Analytics workspaces use a "soft-delete" which gives us the ability to recover workspaces for a certain amount of time.

    Although this is a nice feature, it also limits us in our ability to destroy and create workspaces at any given time. Therefore we would like to propose a "Hard-delete" option which needs to be configured explicitly when deleting a workspace.

    63 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  2. Can't create alerts based on cross-resource queries

    It used to be possible through the OMS portal to link an Application Insights instance to Log Analytics. Since the portal is being depreciated, along with the App Insights connector, we are forced to use cross-resource queries to query an App Insights instance from a separate Log Analytics instance. This works fine for general queries, but we cannot create alerts based on cross-resource queries. The alert will not create because of a "syntax error", when the same query works in Log Analytics.

    There should be a way to ingest App Insights data into a Log Analytics instance. Or else we…

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  3 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  3. Create the cmdlet to fetch our OMS alert or alert rule to easly maintenance, due Get-AzureRmAlertRule do not support this feature today.

    Add support to get-azurermalertrule to handle the OMS Alert and alert rule to maintenance, clone, delete, etc. Due actually is not supported, if you need it required to work on Alert API.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  4. 6 hours SLA on indexing custom log data is a very long time to alert on

    According to this article https://azure.microsoft.com/en-us/support/legal/sla/log-analytics/v1_1/ SLA on indexing log data might take up to 6 hours. OMS has built in alerting that allows you to trigger actions within 5 minutes of data arrival. But if indexing takes more than 5 minutes - then what's the point of creating alert that might trigger on something that is no longer a problem, or not trigger at all if there is real problem. What is the average data indexing time? Log Analytics would be much more useful and have many more applications in real world if that indexing time is much lower. 6…

    366 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. A Saved Search can only be deployed once via ARM templates

    Currently, a Saved Search in Log Analytics can only be deployed once via ARM templates. After the initial deployment of a saved search, subsequent deployments will fail with an error which states 'Bad Request'.

    Resource Microsoft.OperationalInsights/workspaces/savedSearches 'searchName' failed with message
    {
    "error": {

    "code": "BadRequest",
    
    "message": ""

    }
    }'

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure Machine Learning with Log Analytics

    1 on OMS with Azure ML. As organizations lack the ability to mine through mounds of log data to detect trends and determine what services are running well and which services may need help.

    Problem Management is one of the processes that requires Incident/Event data to determine trends. Many organizations struggle with this as they need to have a person look at this data and analyze it. Using OMS Analytics data and pumping to through Azure Machine Learning and providing insights would be valuable to IT organizations.

    This would increase IT Organization’s maturity and drive business value.. I see a…

    308 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Multi tenancy: Collect Azure Health logs from different Azure tenants

    We manage Azure tenants for multiple companies. We want one central monitoring and automation Workspace to manage all these different tenants.
    Although you can collect data from vm agents in different Azure tenants as well as data from different Office365 tenants it is not possible to get the Azure Health logs from different tenants into one OMS Workspace.

    506 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →
  8. Bring back the On-Prem AD Replication Status Tool

    Version 1.0 is expired. The download page for version 1.1 only allows us to download the expired 1.0 version. The "cloud" version in OMS doesn't satisfy all of the same needs as the original version did. This was a very handy tool and I'd like to have it back.

    Cross-post from: https://windowsserver.uservoice.com/forums/304621-active-directory/suggestions/11701692-bring-back-the-on-prem-ad-replication-status-tool

    762 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    72 comments  ·  AD Replication Result Solution  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add support for autorefresh dashboards and session never expire.

    Add support for automatic refresh/session never expore.
    Autorefresh each x seconds on dashboards and main overview Dashboard.

    This will solve the problem when using OMS dashboards as operationcenter with monitors. The sessions expires to often and the content do not autorefresh.

    415 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  10. 29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  11. Delete Logs and custom log

    hey ,
    How can I delete the logs,saved searches and custom logs ?

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Measure and Distinct for dynamic computer groups

    Currently measure and distinct are not supported in the same query, however I have a scenario where it can be useful to create a computer group based on a measure. I'm developing a trend solution that for performance reasons need to filter a subset of systems based on a threshold, like Type:Perf (CounterName="% Processor Time") (ObjectName="Processor") (InstanceName="_Total" OR "InstanceName=0") TimeGenerated>NOW-7DAYS | measure percentile95(CounterValue) by Computer | where AggregatedValue > 10 | Select Computer | Distinct Computer
    alas this is not possibile and if I pipe | Select Computer and I save it as a group, when used it breaks in…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  13. ACTIVATED/RESOLVED states for alerts with auto-resolution

    It often happens an alert being fired and keeping sending me notifications every X minutes until I resolve the problem. It may happen the problem can only be resolved the day after or, worse, many days after (for example, a low disk space condition). Meanwhile, I keep receiving all these notifications, filling up my mailbox and... you know!

    It would be great to have a single ACTIVATED notification when the alert fires and later a RESOLVED notification when the alert condition is not met anymore. I believe there may be a way of achieving this through a pair of complex…

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add support for OMS Alert suppression for a given time period

    Add support for OMS Alert suppression for a given time period. This is equivalent to maintenance mode in SCOM. With the the OMS alert remediation capability, I think it is very important that users can specify maintenance windows when the alert and remediation must be suppressed.

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Per Server Usage

    Ability to see GB usage per monitored server.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

    The new usage views includes the ability to see the amount of data per computer

    The included views will give you information on:
    • How much data is sent to Log Analytics and by which Computers
    • How much data is sent for each solution
    • How much data isn’t associated with a computer
    • Which computers are sending data and which computers haven’t recently sent data
    • How many nodes are sending data for each of the OMS offers (Insight & Analytics, Automation & Control, and Security and Compliance)
    • How long it takes for Log Analytics to make data searchable

    -Richard

  16. Collect text log files

    Allow for the ability to collect text log files.

    For agent-based collection, it could initially be limited to text log files that are "known" to SCOM through MPs (i.e. SQL Server's ERRORLOG) or with path to the file configurable by the user (from the portal or thru an Authoring Template).

    For collection from a storage account (if you have a way to land the file there on your own) you would have to point at the blob\container.

    Note: This Idea was re-created after having been incorrectly merged.

    167 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Access read only Dashboard directly from URL

    Maybe IT can be (partially) achieved by RBAC but we would like to have the possibility to access a read-only version of the dashboard just bij entering a URL. The dashboard should not have a timeout. this way we can put the dashboard on a big screen (and when the possibility of multiple dashboard is enabled) we kan put multiple big screens on our service desk.

    Access to this dashboard should be restricted by IP address and/or an URL or something like this.

    310 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    18 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  18. Android Mobile App

    Provide Android Mobile application to access Operational Insights

    435 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  19. iOS Mobile App

    Provide iOS Mobile application to access Operational Insights from iPhone and/or iPad

    435 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  20. Collect data from custom containers in storage account

    We are trying to use appinsights and trying to export that data to the storage container. In the current version of OMS we want to configure custom storage container from where the logs/application data must be read for doing Alert Management.

    Thanks
    TJ

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 20 21
  • Don't see your idea?

Feedback and Knowledge Base