Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Export Query Results to JSON

    Please support exporting the results of Log Analytics queries to JSON format. Exporting to CSV and Power BI are currently supported but I would also like to see export to JSON.

    61 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  2. Skip operator for Query Search

    Old version Log Analytics has 'Skip' operator.
    But now, New version of Log Analytics Query does not have 'Skip' operator.

    I want this feature.
    Because when we use Query via REST API, for limitation about Log Analytics API, we cannot download all logs at one time.
    So, we must execute API many again and again.

    If there is 'skip' operator, I can use 'skip' and 'limit' for repeat.
    Now because there is no 'skip' operator, I don't get log from Log Analytics via REST API.

    49 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  3. 'render timechart' should support logarithmic y-scale

    Currently I need to manually exclude one series that has especially high values from my timechart. It means that the automatic scale has a very high max which means that the other series are not easily viewable.

    I'd like a parameter to 'render timechart' that lets me specify a log y scale, it will help all series to be visible.

    It's a fairly common feature in data visualization generally.

    I actually want this for Application Insights Analytics (https://feedback.azure.com/forums/357324-application-insights/suggestions/14110047-add-logarithmic-scale-to-charts). I'm not sure the right place for these requests now that there is standard Log Analytics Query Language.

    44 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  4. Cannot display Threshold

    Cannot display Threshold

    When we execute the following query, Threshold will not be displayed.
    If we specify "Computer" on "summarize", the Y-axis will be plotted using the "avgCounterValue" values of all computers.
    At this time, the Threshold value is not avg
    CounterValue, therefore, it is not plotted on the graph.

    Perf
    | where TimeGenerated > ago(30m)
    | where CounterName == "% Processor Time" and ObjectName == "Processor" and InstanceName == "_Total"
    | summarize avg(CounterValue) by bin(TimeGenerated, 30s), Computer
    | extend Threshold = 10
    | render timechart

    If query for a single computer, the threshold will be displayed. However, it…

    32 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  5. Save Column Selections Along With Queries/Favorites

    The log search and ability to save queries/favorites is looking good. However, please include the column filters, column positions, and Display Time setting in the saving of queries, so that each time we return to a saved query we don't need to re-configure all of those settings to achieve the desired view. Thank you!

    30 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support conversion and formatting functions in the search language

    There should be option in the search language to convert metrics. For example If I want to convert Bytes to Gigabytes that should be possible in the search language. Other examples are in converting time to specific format (shorter time format, adding timezone and etc.)

    18 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  7. Wrap text for a long line of log message

    I would like to be able to see the entire text of the message in long lines, so as not to open and scroll this message

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for your feedback and its now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  8. Add Kusto function to perform reverse DNS lookup on IP address

    When analyzing log data in Log Analytics, it is often helpful to be able to resolve IP addresses to DNS names. One example is when reviewing Azure App Service/IIS logs.

    It would be very helpful to have a reversedns() function which could operate on a column in the output and provide a new column which contains the DNS name for the source column.

    The old LogParser tool has a built-in function that does this.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add a keyboard shortcut to comment / uncomment the current line in the query editor (like CTRL+K in VS)

    There already is a shortcut that allows to run the query (Shift+Enter), which is great.
    A shortcut to toggle wheter the current line is a comment or not (by adding / removing "//" at the beginning of the line) would be great and save a lot of time while editing queries / functions.

    Similar to the shortcut VS or any other IDE: https://blogs.msdn.microsoft.com/zainnab/2010/04/13/comment-and-uncomment-code/

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  10. Import groupings from SCOM

    Import already existing server groupings from SCOM for access in the Log Analytics or the pre-built assessments

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  11. Minify on W3CIISLog

    Minify works great for logs. Specifically we would like to get REST endpoints our of the csUriStem

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow to search for 'parts' of a datetime field

    real world scenario: I need to analyze my alerts distribution by time windows (i.e. how many of them overnight vs during the day) and based on week day (how many on Sunday, Monday, ...)
    I think this scenario can be applied to every data source you have. To do that we need to be able to query on parts of the datetime fields.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    I have this capability on my query language improvement backlog already. I would like to allow folks to search via local time (instead of ISO UTC time) and use keywords like Sunday, 6PM, etc.

    This is currently behind JOIN, Regex, DEDUP, and search time custom field extraction.

  13. Save Time frame Scope

    Save time scope along with query, so we don't have to adjust in the GUI each time we click on a saved query. This should also apply to dashboard elements, so we don't end up with "half" graphs when you have limited TimeGenerated.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  14. Source Control Integration for Log Analytics Queries

    We spend a lot of time to improve our custom log analytics queries over time. Further we have solutions with dozens of queries and functions. It would help us a lot if we could synchronized saved queries with some form of source control (similar to Azure Automation). Currently the only option I know about is to export and import queries.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  15. Allow us to filter deduped data set (* | dedup * | where ??)

    Ok now with dedup we can almost achieve the "last data point by Computer" scenario, but we cannot use where after dedup as in: Type:Heartbeat | dedup Computer | where TimeGenerated < NOW-10MINUTE
    Just add the ability to use "| where" to process the deduped data set.

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  16. custom field based on regex

    sorry if this has been asked I searched but could not find anything similar.

    would love to be able to create a custom field based on a regex. Like I have csUsername as a field but I want to know the domain of the users not the email address, the stuff after the @ is this possible or are you working on it.

    love oms so far,I hopefully I didn't miss something

    ps this doesn't need to be a regex could be things like split,trim,end, lastindexof, etc..

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  17. ANSI colour coding in log messages

    Many logging frameworks we are using use ANSI colour escape sequences to provide colour. These look fine in a console but when they get to log analytics, they show as the raw escape sequence like [96m.

    We can turn off the colour to workaround this but it would be good to see support for it in Log Analytics.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  18. Increase number of distinct results for measure command (limit 100)

    Today measure command only support 100 distinct results. It´s a risk that alerts created with measure command don´t give correct results because of this limit. Now the first top 100 results is sent to measure.

    From documentation:

    Second, Measure count currently returns only the top 100 distinct results. This limit does not apply to the other statistical functions. So, you'll usually need to use a more precise filter first to search for specific items before you apply measure count().

    https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-log-searches#use-the-measure-command

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow me to choose the 'width' of each time bar in 'results over time' facet / time control

    Now it automatically adjusts - i.e. when looking at 7 days, each bar becomes 6 hours. It would be nice to decide what interval to choose.
    6 hours is an odd interval. If I am looking at 7 days I would rather see how many of those results are there each day/24 hrs intervals/buckets.
    If I am querying 1 or 2 days, I probably want to see a hourly breakdown.

    The idea is to offer a drop down to allow selecting specific aggregation intervals.

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,

    Thanks for offering this feature. Currently the plan is to upgrade the portal with many new features, the timeline is being re-designed as part of it.
    Until that, I can only recommend you to use the query to generate charts that describe this in the manner that fits your data best.

    We’ve recently upgraded the query language. Here’s an example of the new syntax, using 3-hour bins over the last two days of events:
    Event
    | where TimeGenerated > now(-2d)
    | summarize count() by bin(TimeGenerated, 3h)
    | render timechart

    Regards,
    Noa

  20. Line Number for Syntax

    Whenever I make an error in a Log Search syntax, it tells me a line number, but I have no easy way of finding that line number or position in the editor. Is there a sytax checker that would provide that information?

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base