Azure Monitor-Log Analytics
Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS
- For general discussion/question and answers (not ideas and bug reports) use the MSDN Forum
- Onboarding issues? Read this troubleshooting guide
- How do I do XYZ? Try our documentation
- Customers with Premier support can log support cases via Premier
- Customers with Azure support agreements can log support cases in the Azure portal
-
Use Windows Event Forwarding (WEF) to send events to OpInsights
Would it be cool if you could configure Windows Server WEF (Windows Event Forwarding - http://technet.microsoft.com/en-us/library/cc748890.aspx ) to send to Advisor for Log Management scenario, without using the SCOM agent ?
Alternatively, if one already has a forwarder/collector (WEF/WEC) architecture in place, could it be possible to use just one SCOM agent/gateway to pull the 'forwarded' logs stored on that collector from that single box to the cloud.367 votesThis is currently under development, scheduled to be in preview later in 2018
-
Log Filtering
I want to be able to filter stuff I don't want to collect in logs. For example with ACS (in SCOM) I could apply filters that didn't collect system logins. I would like this functionality in all logs, for example I would want to filter IIS logs to remove data from certain IP addresses.
I can see customers wanting to use this type of functionality when the costs of data start to pile up.93 votesThe feature was delayed but has been picked back up and is now expected in late Summer 2020 as part of a project that will deliver several upgrades to the agents.
-
Multihome agents
It would be fantastic if we could multihome agents to various workspaces.
Right now we use the SCOM agent to connect to OMS, which means one OMS workspace. But we would like to have multiple workspaces depending on type of server (eg Production servers, Dev servers, application servers etc).
I understand we can multihome OMS to different workspaces by multihoming the SCOM agent to different SCOM management groups, but having an entire management group set up just so agents can talk to different OMS workspaces is like swatting a fly with a sledgehammer.
Even if we can manually configure each…74 votes5 comments · Agent Management (OnPrem components) / Connectivity / Setup · Flag idea as inappropriate… · Admin →We support multi-homing for Windows agents:
https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/We are working on multihoming for Linux agents.
We are also working on support for multihoming with the Azure VM extension
-
Custom Logs (import and delete) and add custom timestamps
One amazing idea is create custom fields on custom log sample process. Another good idea is add more timestamp samples (like ISO 8601 format, YYYYMMDDThhmmss.fffK where YYYY: Year, MM: Month, DD: Day in month, T: Delimiter, hh: Hour, mm: Minutes, ss: Seconds, fff: Milliseconds, K: Time zone offset) or add the possobility to create a custom timestamp.
It will be possible delete some imported custom logs to make some tests?51 votesWe’re planning on allowing you to import/export Custom Logs & Fields via the UI & ARM Templates. We’re currently implementing the ARM support today for most of Settings in OMS.
Thanks for sharing some of the timestamps you need. Feel free to e-mail them to me here: evanhi(at)microsoft.com
We’re actively planning way for you to specify timestamps yourselves.
-
Allow for performance data to be monitored by the VMware solution
Add the possibility to monitor performance data as well in VMware environments, both for the hosts and for the VM´s.
Examples for what I would want to look at with the solution;
* Are there any snapshots? If so, what´s the size and age of these?
* Show information about the datastores connected, both the size and usage details (free space, used space etc.)
* Host CPU and memory utilization
* VM CPU and memory utilization39 votesThe work for vmware performance data has started. We would like people to contact me directly for prototype feedback. thanks.
-
Target Solution packs to group of computers/data centers
I don't want to use ALL solution packs on ALL onboarded servers. At the moment the only workaround is to create workspaces by solution pack and maintain your server list by solution packs.
1) While Adding a Solution; optionally specify groups to target. (e.g. All; only this group members or All groups except members of this group)
2) Track data/$$ by solution pack and by servers/user defined groups. This can be used to Alert when a SP or computer/group consumes more than expected-->trigger runbook to unload SP on the server.
3) Configure data flow by restricting (Servers; solutions;group of servers;…37 votes3 comments · Agent Management, Data Metering and Usage (Portal) · Flag idea as inappropriate… · Admin →We have a public preview of solution targeting available:
Try it out and let us know what you think.
— Richard
-
Provide More Detailed Status when setting up AD Replication Status. Direct Download link for AD Status Replication Intelligence Pack.
Provide More Detailed Status when setting up AD Replication Status. If error return an error code to web GUI from the server event log. A troubleshooting link or prerequisites to get this feature working. I can pull in Assessment and Auditing data from all of my domain controllers but this does not work. I believe it is related to this error I am now getting in my Event Logs. An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {45FB4600-E6E8-4928-B25E-50476FF79425} was rejected errors.
A direct download link to the AD Status Replication Intelligence Pack might…
22 votesWe’re working on functionality that will display more detailed troubleshooting information when the tool fails to upload any data.
-
inefficient sql queries
Give a report/recommendation in the SQL assessment IP for inefficient queries.
21 votesWe have started work on this suggestion.
-
Allow updating Analytics queries for existing dashboard tiles
Creating a Azure Portal Dashboard tile based on an Analytics Portal query is super easy. But changing the query later on requires to re-create the whole tile.
There should be a way to click on the tile, modify the query and then cklick on "Save" to simply modifiying the query and updating the Dashboard tile.20 votesWe are working on this :-)
-
Support conversion and formatting functions in the search language
There should be option in the search language to convert metrics. For example If I want to convert Bytes to Gigabytes that should be possible in the search language. Other examples are in converting time to specific format (shorter time format, adding timezone and etc.)
15 votesYou can do conversions in the search language, for example:
Type=Perf CounterName=“Available Memory MB” | measure avg(div(CounterValue, 1024)) as MemoryGB by Computer
-
Owner in Alert IP
Add Owner field to alerts - would be great for management to see, who is having problems with resolving alerts :)
15 votesWe have rolled out in public preview, enhanced alert interface allowing alert owners to acknowledge or close alerts. See: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts#enhanced-unified-alerts-public-preview
-
Intelligence pack for operations manager assessment
Operation managers Health and assessment will be a good report with which we can review and identify how the SCOM monitoring system is monitoring the systems.
Management Servers are already connected to Azure Ops Insights to send the data ,so collecting this information should be easy.
14 votesThe SCOM Assessment solution is currently in preview.
Try it out and let us know what you think.
-Richard
-
Microsoft System Center Advisor Advanced Threat Analytics events
The MP Microsoft System Center Advisor Advanced Threat Analytics events seems to try to collect events from the Microsoft ATA event log on all your servers, but that event log only exists on the ATA center and GW servers. Result is unhealth SCOM management Group and event ID 26005 is logged in the OpsMgr event log saying The Windows Event Log Provider was unable to open the Microsoft ATA event log on computer <computer name> for reading.
11 votesAs a workaround you can create an override to stop these events.
A future update to the agent will fix this issue.
-
Update the recommendation solutions to reflect that On-prem machines might be used
My systems running the OMS agent are all local and on-prem in my envrionment. And yet, most of the copy in the solutions refers to them as Azure machines.
I think this copy could be updated to reflect the fact that many people will use OMS as an SCOM alternative to manage machines that might be on-prem or off. Any explicit references to 'Azure' when refering to infrastructure strikes me as legacy text that should be updated.
11 votesWe have started the work on this.
-
Import custom xml .net app logs
Custom Log import. We have some .net applications that write error logs to a .xml file and we would like to be able to import and parse those logs.
7 votesThanks for the Feedback! Custom Logs for Windows and Linux should be in Public Preview soon :)
-
Upgrade the version of the ruby bundled with the Linux oms agent
A lot of FluentD plugins depend on the activesupport gem, which in turn depends on a Ruby version >= 2.2.2. This Ruby version in particular solves a nasty security bug related to SSL.
The OMS agent bundles a Ruby interpreter version prior to 2.2.2, which prevents us from using a lot of useful fluentd plugins.
5 votes1 comment · Agent Management (OnPrem components) / Connectivity / Setup · Flag idea as inappropriate… · Admin →We are upgrading Ruby version in the next OMS Agent for Linux release
-
Log Analytics -> Logs (Preview) blade needs Saved Searches-like feature
The current "Logs" blade is pre-populated with "A few more queries to try" and heavily pre-populated "Saved Searches" for common queries. This UI feature was critical to my understanding of log queries. If the new "Logs (Preview)" blade is to supersede the current "Logs" blade: please bring over a similar each to find and use feature.
3 votesWe recognize the importance of the query examples, we are actively working on it. You should see them lighting up in Sep 2018
-
collect solution data only from some servers
When I activate the WireData solution because I want to see the data from 10 Servers, the solution will collect data from all Servers.
Allow to define from which Servers i want to collect which data.
3 votesTry the preivew of solution targeting and let us know what you think:
— Richard
-
Wiredata is consuming too much CPU after Sep 15th update
Huston we have a problem. The wire data update on Sep 15th caused my production systems monitoring hosts to basically use one CPU core. I had to remove wire data IP. I can share more data and dumps if needed.
3 votesThe new wiredata solution is currently in private preview.
-
Provide the ability to add an Operations Management icon to the main screen.
OMS has a different portal. It provides access to server data. This needs a link to open that other portal. Best case would be to integrate the portals so the icons from OMS will show on this Azure portal.
2 votesWe’re integrating with the Azure portal so you’ll be able to do all of your management within the Azure portal.
-Richard
- Don't see your idea?