Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Back button

    It would be nice a back button to drill up the queries. I know that already have a history on query texbox, but we are more familiar with a back button. I always click on the browser back button, that always redirects me to the home page of OMS, not the last query.

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  2. Be able to set case sensitiveness for data in searches

    Scenario.
    Run this query * | Measure Max(TimeGenerated) by ComputerName
    I have multiple entries for several computers since different IPs have set the name with different case combinations.
    Every time we search or aggregate we should be able to specify if we want to be case sensitive or insensitive. If it's too expensive, just default to case insentiveness since I think it's the more common usage.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,

    With the recent upgrade or our query language, this option is supported out-of-box.
    The given example would be translate to this in the new language:
    `search * | summarize AggregatedValue = max(TimeGenerated) by tolower(Computer)`

    Note that “tolower” was used to create groups by computer names, regardless if it’s upper/lower case in the raw data.

    To compare values that are not even aggregated, you can now select the case-sensitive or insensitive operators.
    For example:
    Heartbeat | where Computer == “contoSOWEB” vs. Heartbeat | where Computer =~ “contoSOWEB”
    Heartbeat | where Computer containscs “CONTOSO” vs. Heartbeat | where Computer contains “CONTOSO

    Another use case could be to get the latest record relating to each computer in a given table, for example to find the latest heartbeat of each computer. argmax is the best operator for that. If somehow different logs use different cases for the same computer,…

  3. Raise the maximum alert rules from the limit of 250.

    We are running into the maximum limit of 250 rules, which is requiring our organization to change our alerting workflow to work around this limit and makes the OMS solution not feel scalable as an alerting tool.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →

    While OMS puts a restriction of up to 250 Alerts via OMS Portal – the solution is scalable to beyond these limits. The limit is only put in place to prevent abuse.

    If your organization requires more than 250 Log Analytics based Alerts – be it in OMS or Azure; please reach out to Microsoft Support / Account representatives or Azure Partner. They’ll guide you through the process of increasing alerts, as required for your organizational needs.

  4. Display in Local Time

    Have the option to display date/time value in local time instead of UTC/GMT.

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  5. Search autocomplete or Intellisense-like assisted search typing

    Autocomplete within search for fields/facets/functions would be useful for exploration.

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  6. Can't create alerts based on cross-resource queries

    It used to be possible through the OMS portal to link an Application Insights instance to Log Analytics. Since the portal is being depreciated, along with the App Insights connector, we are forced to use cross-resource queries to query an App Insights instance from a separate Log Analytics instance. This works fine for general queries, but we cannot create alerts based on cross-resource queries. The alert will not create because of a "syntax error", when the same query works in Log Analytics.

    There should be a way to ingest App Insights data into a Log Analytics instance. Or else we…

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  3 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  7. Remove "Latest News" tile on the Overview startpage

    I see many suggest customization but I want ONE simple thing - make it possible to remove "Latest News" tile from the Overview's page. Almost all customers I've shown Operational Insights to wonder why you are forced to have a Twitter feed in an enterprise management suite solution?

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow to perform parsing and custom fields extraction

    i.e. many logs have a single line of 'message' or 'description' - you want to parse that out into discrete parts that you can perform aggregations (group by) against.

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Mobile App Notifications

    Enable mobile app to notify you when there is something requires your attention. Examples are
    - Search Query (on the dashboard) crossed a threshold
    - Data usage is crossed a defined threshold.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  10. ServiceNow Intelligence pack & connection

    Would be great to have a way to forward alerts to ServiceNow (http://www.servicenow.com/) and to be able to analyze data (incidents, changes, etc.) coming from ServiceNow.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Performance Tile in My Dashboard

    When putting a tile of Performance type onto My Dashboard, I'd rather see performance value/values/avg on tile rather than number of logs gathered.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to store Lookup Lists/Groups and use them in Query Language

    While the IN operator and sub-searches partially enabled some level of 'grouping' - see this http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519234-filter-groups-of-computers-thru-subqueries-in-n it would also be useful to just store/persist a list (of computer names, user names, file names... whatever the fields of your data contain).

    This can be useful for a series of scenarios, one example is for Security Solution to use query filters that are based on members of an Active Directory Group. It would be great if the query language support Active Directory Groups with users/computers to use as a filter.

    Read the comment thread for more information.

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  13. Filter Groups of Computers thru subqueries (IN / NOT IN operators)

    Would very much need some way to filter the queries to only SQL, Exchange, Sharepoint, Lync, etc. servers. Maybe use SCOM groups somehow? Basically our SQL team would need an easy view to only see SQL servers and not have to enter each server name on the filter query. For example show me: "SQL servers, disk size > 5 GB"

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    In OMS we wanted to re-define the idea of what a group is. Since groups are essentially lists of machines we think the ability to do sub-queries is a key ingredient i.e. give me the list of machines that are sql servers is one ‘inner’ query – and then your outer query checks for data where the value of Computer is IN any of the values in the inner query results.

    The basic functionality for this is implemented and enabled now.
    Read more about it in the blog post http://blogs.msdn.com/b/dmuscett/archive/2015/05/30/operations-management-suite-log-search-how-to-part-viii-the-in-operator-and-subsearches.aspx

    The core functionality is that you now can feed an inner query that uses measure into an outer query. This was also demoed at Ignite in this session http://channel9.msdn.com/Events/Ignite/2015/BRK3500

    There is an additional proposal (continued scope) to allow persisting static ‘lists’ (of computer names, user names, whatever) as groups, to be fed to the IN operator, as opposed to full…

  14. Add the ability to export the server listing (to excel, text file, etc.) which could then be used for internal asset management comparisons

    Add the ability to export the server listing (to excel, text file, etc.) which could then be used for internal asset management comparisons. We could use this export against the Security Map export to validate server missing. Would also allow us to compare that export with an internal Asset Management inventory list to find deltas in machines not having the Dependency agent installed. we have a large organization (3,500+ servers) and we want to make sure all servers get the Monitoring and dependency agent.

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
  15. Moving across pages needs to be seamless (clickable breadcrumbs)

    Currently, there is no easy way to come back to the previous section without clicking back on browser or hitting the landing page on overview icon (https://preview.systemcenteradvisor.com/Main.aspx#Workspace/overview/index)
    If I am in Overview>>Capacity>>Das Storage , I should be able to click on Capacity to go Capacity page

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Browser Support  ·  Flag idea as inappropriate…  ·  Admin →
  16. Measure command should allow to Group By more than one field

    I've tried to create a dashboard that shows the average time taken for webservices by csuristem, but cannot group by another with the measure tab. I'd love to be able to measure and group by more than one field.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  17. ACTIVATED/RESOLVED states for alerts with auto-resolution

    It often happens an alert being fired and keeping sending me notifications every X minutes until I resolve the problem. It may happen the problem can only be resolved the day after or, worse, many days after (for example, a low disk space condition). Meanwhile, I keep receiving all these notifications, filling up my mailbox and... you know!

    It would be great to have a single ACTIVATED notification when the alert fires and later a RESOLVED notification when the alert condition is not met anymore. I believe there may be a way of achieving this through a pair of complex…

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  18. 29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  19. Operational Insights in CSP subscription

    Hi,

    Currently, there is no possibility to create Operational Inishgts account in the Azure Resource Manager (ARM), which is a problem, if we operate a Cloud Service Provider (CSP) subscription in which our customer would like to have all his Azure resources.

    Please provide this functionality.

    Thank you in advance!

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →

    Last month we made Operational Insights available for CSP subscriptions.

    We now support the following scenarios:

    CSP can create a log analytics workspaces in a tenant subscription
    CSP can access workspaces created by tenants
    CSP and Tenants can use the Azure portal and OMS portal to access tenant workspaces
    CSP and Tenants can use ARM/PowerShell to create and access tenant workspaces

  20. Collect IIS Logs

    Logs from internet information services are useful for troubleshooting, reporting and also security scenarios.
    If you have more specific requirements aside from just collecting the IIS Logs and have facets on the common fields in the log, then please let us know.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base