Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Usage Caps for Paid tiers

    We can't possibly buy this - though I REALLY want to - unless there are defined limits for daily upload on all paid tiers of MSOMS. Ideally, I would like to define those limits so I can adjust our maximum potential cost as budget allows. For example - if we came under attack and suddenly had a lot more security events - we could easily be hit with an unanticipated cost spike far beyond our usual consumption.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    completed  ·  8 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Capacity Planning Efficiency chart doesn't reveal names of affected VMs

    Overview -> Capacity -> Compute has Efficiency chart. The pie chart sums up normal, overutilized, idle, and powered off VMs. There are links to view details and to view in Excel.
    Issue: You can't tell what the names of the VMs are in the various states from either the web search view or the Excel download. Both show only the 'count' not the 'names' of the VMs.
    Recommendations (1) Make the Efficiency pie chart clickable so when I click on a region such as "Overutilized" that I get the names of the overutilized VMs (2) Add VM names to the…

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Capacity Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow Search Queries to be Saved as 'Favorites'

    Favorites or bookmarks could replace the canned, hard-coded queries that are now present in the search page and in various Intelligence Pack's drill downs.
    Users should also be able to save their own favorites in the Advisor account for easy/routine access.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  4. Service Map available in Europe

    Make Service Map available for Europe region.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add a cost calculator or explain usage stats easier for purchasing

    There are a few people wondering about how we can estimate usage and how that usage is calculated. See here

    http://ok-sandbox.com/2014/11/azure-operational-insights-prices-and-questions/

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    The new Usage page provides information on actual usage and can be used to estimate what is needed for purchases.

    The included views will give you information on:
    • How much data is sent to Log Analytics and by which Computers
    • How much data is sent for each solution
    • How much data isn’t associated with a computer
    • Which computers are sending data and which computers haven’t recently sent data
    • How many nodes are sending data for each of the OMS offers (Insight & Analytics, Automation & Control, and Security and Compliance)
    • How long it takes for Log Analytics to make data searchable

    There is also a calculator available here:
    http://aka.ms/omscalculator

    -Richard

  6. Per User Access Control For Dashboards

    Please provide a User Access Control model for creating dashboards.

    --
    I know privileges to add/remove/modify intelligence packs tracked in this other idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519299-only-allow-administrators-not-users-to-onboa

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  7. Export dashboard customizations

    It would be really nice if we could export dashboards as a template. As part of the Microsoft IR team, we plan to create a standard desktop fed off of the same sources for multiple customers during compromise recovery. If there was a way to export \ import a pre-configured dashboard it would be really useful.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  8. Purging non-reporting servers (Configuration Assessment Legacy screens)

    I use to find it annoying that, after I removed a server from "Advisor Managed" in SCOM, I then had to go to Advisor and delete it there too. It seems that one of the recent updates changed how that all works, but not necessarily for the better. Some Advisor Managed server were deleted from SCOM without any effort to proactively remove them from Advisor. I just received a "Microsoft System Center Advisor: Summary Update" email identifying them as non-reporting servers. Unfortunately, I don't see a way in the current iteration of Advisor to remove them from Advisor's configuration/inventory. Am…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Add ability to execute runbook automation from OMS Portal

    I want to be able to execute runbooks from various places in OMS Portal, for example ability to run patch remediation from updates pane

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →
  10. Make Advisor Limited Preview work with MMA agents (direct Windows attach), not requiring SCOM

    Right now most of Advisor Limited Preview's new features and Intelligence packs do not work with Advisor gateways. The preview features are only supported when in 'attach' with System Center 2012 SP1 (or R2) - Operations Manager.

    At the same time we have heard from many of you that the legacy Advisor gateways were cumbersome to manage and served no real purpose – it was just an extra machine to manage.

    We have work going on to provide APPLICATION-SPECIFIC proxy setting (including auth) for standalone MMA Agents, and the next step is to let them connect to Advisor service directly…

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Standalone MMA agents can now report to OpInsights directly, as an alternative or complement for the Operations Manager attach mode, and to cover Hybrid topologies.

    The Capacity IP has additional pre-requisites in System Center-land (VMM/OM integration) hence still only works with System Center attach.

    The ‘legacy’ Configuration Assessment from the old Advisor service is also not provided for Direct Agent.

  11. 19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  12. 19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Alert

    In most cases when you are looking at the Alert Management Solution you do not care about the instances of an alert - especially if you have been notified by runbook/webhook/email.

    I'd wager that most people care about the data in the search query that caused that alert and the data it returned. Having to copy and paste the LinkToSearchResults is quite time consuming. The UX on this should be improved to allow jumping directly to the search results that caused the alert, would save time on training too!

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  14. Breakdown of cost per server

    We really need a breakdown of costs per server, for several reasons:
    1. Tracking the costs of servers that get hammered with logon failures, or other events.
    2. Knowing how much a server is uploading, and if necessary removing them from OMS due to cost vs usefulness of having that data.
    3. Being able to oncharge departments in our organisation, or at least make them aware of costs.
    4. Helping to determine if we need to allocate engineer resource to certain servers to investigate large logs files to reduce cost of OMS.
    5. Help with budgeting.

    We cant take the…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. If a server has un-supported server roles, list the name of the offending role

    One of my servers recently triggered this alert on my AD Assessment Solution:

    ADAssessmentRecommendation
    Recommendation:Uninstall unsupported server roles.
    Description:One or more server instances are running Windows server roles that are unsupported on Microsoft Azure-hosted virtual machines.
    RecommendationResult:Failed
    TimeGenerated:2015-06-05T14:40:41.357Z
    FocusArea:Upgrade, Migration and Deployment
    RecommendationWeight:0.07116105
    Computer:BEHEMOTH.FOXDEPLOY.local
    AffectedObjectType:Microsoft.Windows.Computer
    AffectedObjectName:BEHEMOTH.FOXDEPLOY.local
    Domain:FOXDEPLOY.local
    SourceSystem:OpsMgr
    AssessmentId:e03c53b7-1748-4535-83b8-9a2ae3498168
    RecommendationId:dac0c167-3dd7-4009-a6bb-cab8a701a7ee[View]
    FocusAreaId:6c3d7177-68b0-4283-89da-43c8d1364324
    ActionAreaId:260c6c18-443b-423d-9517-a9873f3c81d0
    ActionArea:Platform Upgrade and Migration
    TargetCount:1
    Forest:FOXDEPLOY.local
    DomainController:BEHEMOTH.FOXDEPLOY.local
    IsRollup:false
    IsCopied:true
    RecommendationPeriod:2015-06
    [-] show less

    Unfortunately, I don't see the offending Server Role listed here or in any of the drill down links. However, I do a see link to an MSDN article on the summary page here, which could…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Active Directory Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  16. Need Configuration Change Tracking Solution (Software, Windows Firewall Rules, NT Services, Group Policy)

    When troubleshooting issues one of the most common workflows that System Admins perform to find root cause is first to parse through Windows event logs and then then determine what configuration changes have occurred on the server that is the root cause of the problem.
    Today we don’t have any good solutions to track and view configuration changes and to correlate that with various events/log entries. Majority of all outages are caused by some sort of configuration change in their environment.

    Types of Configuration Changes to Track
    1. Software (Patches, Upgrades, Add\Remove Programs, Drivers)
    2. Windows Firewall Rules
    3. NT…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Computer Heartbeat

    We want to get an alert if a Server don´t post any data in the Workspace since 5 minutes. Like a heartbeat from each Agent.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  18. Rescan updates on host

    In the Updates Intelligence Pack, have the ability to force an update scan. Right now, if an out of date server is patched, that information is not reflected in the dashboard and there's no apparent way to push the information.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Alert threshold

    Alerts based on Metrics, e.g. if the processor time goes over 95% for 5 Minutes etc.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow to export an Intelligence Pack bundle that contains a collection of Saved Queries and Dashboards

    Allow to export an Intelligence Pack bundle file format that contains a collection of Saved Queries and Dashboards.
    This would allow prototyping/authoring in one account and moving the 'production' settings to another one, and/or share with coworkers and the community.

    This is similar to what Operations Manager had in 'Management Packs', but initially focused on visualization. These simple packs/bundles would declare what type of data the depend on - i.e. you need to have another intelligence pack or have configured a certain log collection beforehand to see these packs light up in your environment, once imported.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base