Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please dump all use of Silverlight. It crashes regularly on Macs when viewing the event listing. Thank you!

    Really guys, Silverlight has no place in an enterprise-grade product. I thought this was supposed to be 100% HTML5?

    116 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  6 comments  ·  Browser Support  ·  Flag idea as inappropriate…  ·  Admin →
  2. Data Retention Intervals By Data Type

    Would like to request a data retention interval by data type (Similar to what is done in SCOM.) Specifically, the ability to set retention timeframes on "Performance Data", "Event data", and "Analytic Data."

    112 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Collect performance metrics for UNIX and Linux Servers

    All us to view performance data for Unix/Linux servers monitored by SCOM using the System Center Advisor.

    108 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Restrict user access

    I want to grant a general user access to Log Search and My Dashboard only. I want to be the administrator of the environment and setup the dashboards for them, but I do not want them to be able to browse all solutions, or be able to add/remove solutions, or make any changes to the dashboards. If things need added/removed/modified then those requests should be funneled to me, the admin.

    I'm also interested in displaying the My Dashboard solution on a big screen as suggested in:

    https://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6984082-access-read-only-dashboard-directly-from-url

    106 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  5. Programmatically submit Search requests and receive matching results

    Ability to programmatically access Advisor (e.g. using PowerShell script) to submit Search requests and get receive matching result set from the Advisor service.

    [Edited during forum migration October 2014 - the previous comment were mostly asking for REST API, but a set of Powershell cmdlets wrapping the API was also considered convenient by many]

    91 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support wildcards for field values in search

    Being able to use naming convention in criteria would be very useful, i.e. Computer="SRV0*". Having to enter exact names makes exploration less versatile.

    91 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    You can now do wildcard searches.

    e.g.
    Computer=svel*
    Type=WireData RemoteIP:172?16*
    Type:Perf CounterName=Processor

    A couple of things to note:

    • Do not enclose the value in quotes – it will look for * as the actual value to match
    • For strings with . in them, use the ? to match (. is not currently a valid character in non-quoted string literals)
    • Use ? to match spaces in strings
  7. Long-Running Saved Searches (or scheduled) that can generate an Alert and/or email notification

    This could be useful for daily/weekly reports, as well for 'monitoring' type scenario.
    The basic idea is you could be scheduling your query to run every so often, and then take some action such as raising an alert or email you the Excel/CSV results out, etc...

    It would again - like dashboards - build on the foundation of 'saved searches' http://blogs.technet.com/b/momteam/archive/2014/07/25/system-center-advisor-limited-preview-saved-searches-cloud-attach-status-and-usage-and-more.aspx

    You could ask HTML/Text or Excel output of results, or a customizable message you define, like in a SCOM Alert http://blogs.technet.com/b/momteam/archive/2014/08/29/check-it-out-export-advisor-search-results-to-excel.aspx

    Or it could produce an Alert and store it in Search.

    Or all of the above?

    91 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  8. 86 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Add support for OMS Alert suppression for a given time period

    Add support for OMS Alert suppression for a given time period. This is equivalent to maintenance mode in SCOM. With the the OMS alert remediation capability, I think it is very important that users can specify maintenance windows when the alert and remediation must be suppressed.

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. 78 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Change Tracking Solution  ·  Flag idea as inappropriate…  ·  Admin →
  11. 77 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Collect Azure data from different Azure Subscriptions

    Afaik today we can collect Azure logs only from artifacts runinng int he same subscription where the OpInsights workspace has been created. We use different subscriptions in Azure for both segregation and billing, but we want to able to monitor them form a single OpInsights account. Give us the option to register my subscriptions and be able to collect exactly the same data we're collecting from the "home" subscription.

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Easy way to fetch the last datapoint for a specific set of computers

    I need a way to fetch the last data document for a given set of computers (1 to all) for a given DataSource.
    - last performance point
    - last IIS log entry
    - ...
    while this can be done for a single computer using the TOP clause and ordering by TimeGenerated I didn't find a way to get it for a set of computers.
    The IN clause seems to just for computer and it doesn't support the full query language, for example: Type=Perf TimeGenerated IN {Type=Perf | measure max(TimeGenerated) As TimeGenerated by Computer | select TimeGenerated} doesn't work, it says…

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,

    With the recent upgrade of our query language, this option is supported out-of-the-box.
    In the example below, the operators argmax() and in() are being used to retrieve the latest record in a given data source, for each computer in a dynamically-created set of computers.
    I also used “let” to name that list, in this example it’s a set of computers that are missing updates.

    let computers_that_need_update =
    Update
    | where TimeGenerated > now(-1d)
    | where UpdateState == “Needed”
    | summarize makeset(Computer);
    Heartbeat | summarize argmax(TimeGenerated, *) by Computer | where Computer in (computers_that_need_update)

    To learn more about the new query language, check out the language documentation site: http://docs.loganalytics.io/

    Regards,
    Noa

  14. Increase the supported number of grouping fields for MEASURE command

    Currently the "MEASURE" command in OMS Search language supports group by up to 3 fields. In order to pass aggregated NRT perf data to Power BI and produce meaningful Power BI reports, we need 5 fields in the Power BI dataset: ObjectName, Computer, CounterName, InstanceName and CounterPath. We are not able to produce a search query in OMS that passes all 5 fields to Power BI because the measure command only supports group by up to 3 fields. i.e. Type=Perf | measure avg(CounterValue) by Computer,CounterName,InstanceName
    Please consider lift this number from 3 to 5 so we can pass all required…

    70 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,

    With the recent upgrade or our query language, this option is supported out-of-the-box.
    The given example would be translate to this in the new language:

    Perf
    | summarize average_value= avg(CounterValue) by Computer, ObjectName, CounterName, CounterPath, InstanceName

    I am not aware of a limit on the number of dimensions to group by. For example you can also add SourceSystem and group in 2-hour buckets of TimeGenerated:
    Perf | summarize average_value= avg(CounterValue) by Computer, ObjectName, CounterName, CounterPath, InstanceName, SourceSystem, bin(TimeGenerated, 2h)

    The full documentation is available here: https://docs.loganalytics.io/docs/Language-Reference/Tabular-operators/summarize-operator

    Regards,
    Noa

  15. Allow to ignore/override prioritized recommendations for specific objects

    Allow to ignore/override prioritized recommendations for specific objects to get a green view. Example > SQL Assessment recommends "Avoid using the Simple database recovery" Operations manager database. Default (and best practice) for SCOM is simple recovery.

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  SQL Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  16. Live graph in dashboard

    Will it be possible to add a live graph in the dashboard to monitor etc % of memory usage and/or diskspace on a given server and not have to have the bars?

    67 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  17. Integration with App Insights

    Integration to App Insights when they produce programmatic access

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. 61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  19. Collect Azure Resource Manager (ARM) Logs

    Ability to collect Azure Resource Manager logs. That way you can look what actions were done in Azure and audit them.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    You can now configure Azure Activity logs (aka Audit Logs, ARM Logs, operational logs) to be sent to Log Analytics.

    You can send logs from multiple subscriptions to a single Log Analytics workspace.

    The logs are kept for 90 days, even if your retention period is shorter. If you increase your retention period the activity logs are kept for the length or your retention period.

    -Richard

  20. Bring back the Preview Feature "PowerBI Integration"

    We use this feature in the past with an older OMS instance to push search data from OMS to Power BI and it is very helpful for us. With newer instances there is no possibility to activate this feature, so please bring it back as soon as possible.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base