Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide an Intelligence Pack for System Center Service Manager

    Create an intelligence pack for System Center Service Manager to provide additional analytical data for problem management, incident analysis, and configuration item analysis.

    278 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. StorSimple Management from OMS

    Could it be possible to add StorSimple to the OMS dashboard? I would like to see monitoring, usage, updates and snapshots from within the dashboard.

    274 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Collect IIS Advanced logs

    Allow the collection and addition of custom fields using advanced logging or custom IIS modules. Example is to add x-forwarded-for to IIS logs in W3WC format.

    268 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Expand Data Retention for Security and Audit IP

    Provide to ability to expand the data retention to 3-8 years. Some customers do have compliance rules to save their security related data for 8 years. When this could be accomplished we move our ACS implementations on premise to OpInsights.

    156 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  5. Custom Log feature for log rotate

    Now, Log Analytics can not collect custom log which file is rotated by log rotation.
    But log rotation is necessary for collection log on OS.
    So, for mitigation we cannot unable to turn off log rotation.
    So, I request to add new request about Custom Log for collecting Log Rotation files.

    135 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Populate ComputerIP field with agent manager Computer IP address

    ComputerIP is populated with the IP Address from which Azure Log Analytics is receiving data. For nodes behind a firewall/proxy or OMS Gateway this mean to have the external IP Address of the proxy.
    ComputerIP must contain IP(s) information collected by the Agent on the computer hosting it to enable Compliance and Security Scenario on the console.
    RemoteIPAddress could be added as the External IP address for proxy based agents or will contains the same address of the ComputerIP for agents not behind a proxy/firewall/Gateway.
    This have a serious impact on compliance in the actual implementation.

    105 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

    Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

    Is there a way to come around some major limitations when creating Alerts? The biggest problem is the Time Window restriction. This restricts us from searching in data older than 24 hours when creating an alert. I expect a record for a custom MessageType
    to arrive once a week, i am not able to create an Alert if this message does not appear as expected.
    The retention days for OMS Log Analytics is minimum 31 days according to this article: https://blogs.msdn.microsoft.com/…/change-oms-log-analytic…/
    Why do we then…

    78 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  6 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  8. Collect Azure Storage Logging files

    On Microsoft Azure you can enable Azure Storage logging. The logging information is saved in a $logs container in your StorageAccount. It would be great if we can add this log information to OpInsights. More information about how you can enable this type of logging: https://msdn.microsoft.com/en-us/library/azure/dn782840.aspx

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Collect data from custom containers in storage account

    We are trying to use appinsights and trying to export that data to the storage container. In the current version of OMS we want to configure custom storage container from where the logs/application data must be read for doing Alert Management.

    Thanks
    TJ

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →

    Yes in the future we would like to enable this, but it needs work to define your own schema and fields first – not just their location.

    This general work is also needed for ‘generic’ log collection i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files

    Also, for doing ‘alerts’ you need to be able to create those alerts – check this idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-long-running-saved-searches-or-scheduled-that-ca

  10. Allow variables from saved search in email subject

    It would be helpful if you could dynamically add the variables (from saved searches - such as computername) to the subject line of email alerts.

    The reasoning behind this is in our ticketing system we want the computer name to be immediately visible for an OMS generated alert. We are currently hardcoding the searches per computer however with the amount of servers we manage we are hitting the saved search limit of 250.

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  11. Collect ETW Trace Logs

    Windows Events collected today are only from the 'classic' NT-style eventlogs (Application/System) as well as from the Crimson logs (Vista and above) that are saved in ETVX format.

    It would be nice to enable collection of ETW Trace Logs too (.ETL), like /Analytics and /Debug logs.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Add Office365 as monitoring object

    I would like to have an Office365 IP. For example, I would like to monitor the mailflow. If no mail is comming in for a few hours, I need a warning that there might be something wrong.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Make the OMS agent work on Linux with ARM architecture

    Since there are devices like Raspberry PI with ARM architecture, it would be great if you provided binaries for ARM based Linux systems as well. Currently, I am unable to run the agent on Raspberry with Raspbian despites the tutorials available on various sites.

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. 49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Here the requirement is clear/obvious. We just have not prioritized this work yet.

    The overall ‘performance’ data collection needs to be refined – not just for Linux.

    Right now we only collect/provide hourly aggregates of some specific performance counters related to HyperV for the ‘Capacity Intelligence Pack’ scenario.

    Real time monitoring scenario might need some different shape of performance data to start with, before we enable this for Linux or for Windows alike, i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519061-collect-custom-windows-performance-counters

  15. Add support for SQL Databases

    To complete the monitoring scenario with PaaS services in Azure we will value the possibility of adding Operational Insights for Azure SQL Database to help to detect complex escenarios and points for improvement (most heavey queries, concurrency, use of the performance tiers, DTUs, in my apps, detect cpu consuming queries, RAM consuming queries, etc.).

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. User specified delimiter for custom logs

    Request to introduce user defined delimiter for Custom logs

    We run into issues where we're unable to delimit RabbitMQ log timestamp format
    dd-MMM-yyyy::HH:mm:ss
    Unfortunately, there is no configuration for us to change that timestamp format in RabbitMQ and have to implement a heavy workaround in order to work around this to convert it to a date time format supported by Microsoft then forwarding it to OMS.

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. software inventory

    I'd like to be able to perform full software inventory on servers and be able to identify non-current versions of programs installed, i.e. JAVA, Adobe Reader etc.

    Management Suite should be able to push the newest versions to servers.

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  18. More scheduling options for alert triggering

    Most of us have monitoring rules that are somehow different in the week end (or at night), just because some resources are left down. For example, I wanted to create an alert for when a particular VM was not started by automation on week days. Although I can easily set up that query to work on week days, it will unnecessary trigger an alert on weekends. Therefore, having a more advanced scheduler for alerts would be great, such as this: "check for this alert every X minutes with <everyday|weekdays|specific> recurrency"

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  19. Being able to collect logs from OSX clients. All logs would be great; I'm specifically interested in security related events.

    Natively (no agent) send Syslog traffic to a collection point and have it upload the logs to Log Analytics.
    Use an agent to install on OSX that can send OSX logs to a collection point or direct to Log Analytics.
    I’m specifically interested in security related logs from Mac client machines on Enterprise networks. That said if were able to collect logs it shouldn’t be limited to security information. It would be nice to be able to see patch level, ability to collect all logs, performance metrics, etc.

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  20. Skip operator for Query Search

    Old version Log Analytics has 'Skip' operator.
    But now, New version of Log Analytics Query does not have 'Skip' operator.

    I want this feature.
    Because when we use Query via REST API, for limitation about Log Analytics API, we cannot download all logs at one time.
    So, we must execute API many again and again.

    If there is 'skip' operator, I can use 'skip' and 'limit' for repeat.
    Now because there is no 'skip' operator, I don't get log from Log Analytics via REST API.

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 11 12
  • Don't see your idea?

Feedback and Knowledge Base