Ability to upload logs on Demand and then remove them once analyzed.
Support Scenario- Engineers ingesting “on demand”, any log from any server/customer they would like into a temporary/their workspace, querying them, working on the issue, and subsequently deleting the data when they are done.
For ‘bring your own logs’ – Yes we would like to enable that – we need to first do work to enable per-workspace/per-tenant schema (types and their fields) definition – so you can define how to parse your own custom logs in the first place. See this item http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-or-xpath-to-pe
Then – new types of logs or existing ‘known’ types that are already defined in the system – then comes the part of defining where do I find the log to ingest in the first place – would you store it in Azure storage, do you expect to ‘upload’ it via the portal on demand for troubleshooting? We have appetite for something like polling from a storage account (we do it for WAD already anyway) – but still mostly from an ‘ongoing’ pulling of data for warehousing or monitoring.
Not sure about the removal part either – all our billing and grooming just works on dates at his stage, and this might be something we don’t do, at least initially. See comments here http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519258-reset-all-counters-and-data-empty-the-account in this sense as well.
Now, this said, for Microsoft support scenarios specifically, we are having some conversations with the CSS organization with regards to how in the future a customer who is using OpInsights could be using it to give a support engineer temporary and constrained access to the workspace with the logs he is already collecting essentially (to speed up investigations, we hear from you guys in CSS during reactive cases it often takes a long time to get the logs in the first place).
We need to make sure all this is secure and regulated and respects everybody’s requirements for privacy and the like, but this is something we are looking into to make support cases ore efficient for engineers and for cusomers – albeit the way we think of it differs from the implementation you are suggesting, in that we’d leave the logs in the customer’s workspace and delegate access securely, rather than making yet another copy on another file and disseminating important information in more places than needed.
Any update from 2015 on this?
When you provision Azure Operational Insights for the fist time, have the ability to load the existing logs to analyze the past, not only events from that time forward.