Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 6 hours SLA on indexing custom log data is a very long time to alert on

    According to this article https://azure.microsoft.com/en-us/support/legal/sla/log-analytics/v1_1/ SLA on indexing log data might take up to 6 hours. OMS has built in alerting that allows you to trigger actions within 5 minutes of data arrival. But if indexing takes more than 5 minutes - then what's the point of creating alert that might trigger on something that is no longer a problem, or not trigger at all if there is real problem. What is the average data indexing time? Log Analytics would be much more useful and have many more applications in real world if that indexing time is much lower. 6…

    366 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Collect Custom Windows Performance Counters

    Allow a custom / user-defined policy of which Windows Performance Counters to collect from agents and use in search.

    191 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Collect text log files

    Allow for the ability to collect text log files.

    For agent-based collection, it could initially be limited to text log files that are "known" to SCOM through MPs (i.e. SQL Server's ERRORLOG) or with path to the file configurable by the user (from the portal or thru an Authoring Template).

    For collection from a storage account (if you have a way to land the file there on your own) you would have to point at the blob\container.

    Note: This Idea was re-created after having been incorrectly merged.

    167 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Security event logs should be collected

    Security audits should be collected by Advisor. Proper intellignece should be added to query for specific info contained in properties. Some sort of normalization (like ACS does) is welcome / needed.
    Proper reporting is needed as well.

    125 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Collect performance metrics for UNIX and Linux Servers

    All us to view performance data for Unix/Linux servers monitored by SCOM using the System Center Advisor.

    108 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Data Retention Intervals By Data Type

    Would like to request a data retention interval by data type (Similar to what is done in SCOM.) Specifically, the ability to set retention timeframes on "Performance Data", "Event data", and "Analytic Data."

    112 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. 86 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. 77 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Collect Azure data from different Azure Subscriptions

    Afaik today we can collect Azure logs only from artifacts runinng int he same subscription where the OpInsights workspace has been created. We use different subscriptions in Azure for both segregation and billing, but we want to able to monitor them form a single OpInsights account. Give us the option to register my subscriptions and be able to collect exactly the same data we're collecting from the "home" subscription.

    73 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Integration with App Insights

    Integration to App Insights when they produce programmatic access

    62 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Collect IIS Logs

    Logs from internet information services are useful for troubleshooting, reporting and also security scenarios.
    If you have more specific requirements aside from just collecting the IIS Logs and have facets on the common fields in the log, then please let us know.

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Allow to perform parsing and custom fields extraction

    i.e. many logs have a single line of 'message' or 'description' - you want to parse that out into discrete parts that you can perform aggregations (group by) against.

    43 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Make a small selection list of the selectable eventlogs in the Log Management intelligence pack

    Maybe it's a good idea to create a dropdown list of Event logs which are present on all Windows servers like SYSTEM, APPLICATION,...

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →

    This went live today, and it’s the first actual feature that the community requested!

    We have added a simple log selection to help out with typing the most common Windows Event logs. Type 3 – THREE – characters… and a list of matching log names will appear.
    The list is not ‘discovered’ – it’s just a list of ‘known’ logs in Windows, but should be helpful in preventing typo’s and spelling mistakes.

  14. Scope Collection of events to certain servers

    Maybe it's a good idea to be able to scope the collection of events to certain servers in your Advisor rather than the "nothing or all" approach.

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    It’s technically already possible (and fairly straightforward if you have some simple MP authoring skills) to cook up your own MP’s collecting logs and target them to custom objects/targets/computers/groups, and even include more granular Collection criteria (i.e. only certain EventIDs, or certain sources, etc….). But this would be living completely on-premises, and won’t be ‘seen’ or reflected in the configuration UI in the Cloud.

    I have written a how-to here http://blogs.technet.com/b/momteam/archive/2014/08/27/anatomy-of-an-event-collection-rule-for-advisor-preview-advanced-targeting.aspx that explains how the Event collection policy works, and it contains a management pack which features an Authoring template to create this type of rules.
    By choosing your own scoping/targeting in SCOM, you wouldn’t see the errors on the ‘wrong’ machines.

    Offering advanced scoping/targeting options in the cloud would be fairly costly at this stage. We might re-prioritize at a later stage.

  15. Collect Windows Events from Windows Azure Diagnostics tables (WAD)

    What the title says - similar to what we do in 'Log Management' today for MMA/OpsMgr agent, but pulling from Windows Azure Diagnostic's table storage - for collecting Windows Event Logs from Azure VMs and Role Instances

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. 5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Windows Event Log Provider Event ID 26004: Advisor Log collection makes noise

    I am running default Advisor Log Collection jobs. I am managing some Hyper-V servers with Advisor. A non-Hyper-V host (a SCOM management server) is unhealthy in SCOM due to this error. It seems Advisor log collection should not cause an error when a log does not exist on a server where the role for that log is not installed.

    Operations Manager Event Log
    Source: Health Service Modules
    Event Number: 26004

    The Windows Event Log Provider is still unable to open the Microsoft-Windows-Hyper-V-VMMS-Storage event log on computer '<SCOM management server not running Hyper-V>'. The Provider has been unable to open the…

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    It’s technically already possible (and fairly straightforward if you have some simple MP authoring skills) to cook up your own MP’s collecting logs and target them to custom objects/targets/computers/groups, and even include more granular Collection criteria (i.e. only certain EventIDs, or certain sources, etc….). But this would be living completely on-premises, and won’t be ‘seen’ or reflected in the configuration UI in the Cloud.

    I have written a how-to here http://blogs.technet.com/b/momteam/archive/2014/08/27/anatomy-of-an-event-collection-rule-for-advisor-preview-advanced-targeting.aspx that explains how the Event collection policy works, and it contains a management pack which features an Authoring template to create this type of rules.

    By choosing your own scoping/targeting in SCOM, you wouldn’t see the errors on the ‘wrong’ machines.

  18. Application Log ID 18456 (Logon) not being collected (aka - allow to Collect Audit Failure and Audit Success events)

    Added log collection of the Application Event Log , but it looks like Event 18456 Type Logon is not being collected even while its located in the Application Log

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’ve updated the Log Analytics service so that Audit Success / Audit Failure events are picked up from all event logs, not just the Security event log.

    To collect these events, configure collection of “Information” level events from the event log.

    The change is rolling out to all regions this week.

  19. (Microsoft survey and discussion) Frustrations around using log analytics in monitoring/log analytics solutions

    I’m part of a team at Microsoft that is interested in understanding your frustrations around diagnosing software problems when using monitoring/log analytics solutions. Specifically, we’re interested in where you leave the monitoring/log analytics system to pull addition logs/traces or use different diagnostic analysis tools in order to solve a software problem. If you’re someone that uses the log analytics capability inside of OMS or any of the other monitoring/analytics solutions (Linux or Windows), and you are interested in having a 30 minute conversation with me and a couple of my colleagues, please leave your information on http://www.msftdiagnostics.com/ or send email…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. event log does not exist

    When you configure to record logs from a source, and that source doesn't exist in a client, SCOM report errors about not being able to open that source log.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base