Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 6 hours SLA on indexing custom log data is a very long time to alert on

    According to this article https://azure.microsoft.com/en-us/support/legal/sla/log-analytics/v1_1/ SLA on indexing log data might take up to 6 hours. OMS has built in alerting that allows you to trigger actions within 5 minutes of data arrival. But if indexing takes more than 5 minutes - then what's the point of creating alert that might trigger on something that is no longer a problem, or not trigger at all if there is real problem. What is the average data indexing time? Log Analytics would be much more useful and have many more applications in real world if that indexing time is much lower. 6…

    366 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Collect Custom Windows Performance Counters

    Allow a custom / user-defined policy of which Windows Performance Counters to collect from agents and use in search.

    191 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Collect text log files

    Allow for the ability to collect text log files.

    For agent-based collection, it could initially be limited to text log files that are "known" to SCOM through MPs (i.e. SQL Server's ERRORLOG) or with path to the file configurable by the user (from the portal or thru an Authoring Template).

    For collection from a storage account (if you have a way to land the file there on your own) you would have to point at the blob\container.

    Note: This Idea was re-created after having been incorrectly merged.

    167 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Security event logs should be collected

    Security audits should be collected by Advisor. Proper intellignece should be added to query for specific info contained in properties. Some sort of normalization (like ACS does) is welcome / needed.
    Proper reporting is needed as well.

    125 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Data Retention Intervals By Data Type

    Would like to request a data retention interval by data type (Similar to what is done in SCOM.) Specifically, the ability to set retention timeframes on "Performance Data", "Event data", and "Analytic Data."

    112 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Collect performance metrics for UNIX and Linux Servers

    All us to view performance data for Unix/Linux servers monitored by SCOM using the System Center Advisor.

    108 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. 86 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. 77 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Collect Azure data from different Azure Subscriptions

    Afaik today we can collect Azure logs only from artifacts runinng int he same subscription where the OpInsights workspace has been created. We use different subscriptions in Azure for both segregation and billing, but we want to able to monitor them form a single OpInsights account. Give us the option to register my subscriptions and be able to collect exactly the same data we're collecting from the "home" subscription.

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Integration with App Insights

    Integration to App Insights when they produce programmatic access

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Allow to perform parsing and custom fields extraction

    i.e. many logs have a single line of 'message' or 'description' - you want to parse that out into discrete parts that you can perform aggregations (group by) against.

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Collect IIS Logs

    Logs from internet information services are useful for troubleshooting, reporting and also security scenarios.
    If you have more specific requirements aside from just collecting the IIS Logs and have facets on the common fields in the log, then please let us know.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Make a small selection list of the selectable eventlogs in the Log Management intelligence pack

    Maybe it's a good idea to create a dropdown list of Event logs which are present on all Windows servers like SYSTEM, APPLICATION,...

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →

    This went live today, and it’s the first actual feature that the community requested!

    We have added a simple log selection to help out with typing the most common Windows Event logs. Type 3 – THREE – characters… and a list of matching log names will appear.
    The list is not ‘discovered’ – it’s just a list of ‘known’ logs in Windows, but should be helpful in preventing typo’s and spelling mistakes.

  14. Scope Collection of events to certain servers

    Maybe it's a good idea to be able to scope the collection of events to certain servers in your Advisor rather than the "nothing or all" approach.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    It’s technically already possible (and fairly straightforward if you have some simple MP authoring skills) to cook up your own MP’s collecting logs and target them to custom objects/targets/computers/groups, and even include more granular Collection criteria (i.e. only certain EventIDs, or certain sources, etc….). But this would be living completely on-premises, and won’t be ‘seen’ or reflected in the configuration UI in the Cloud.

    I have written a how-to here http://blogs.technet.com/b/momteam/archive/2014/08/27/anatomy-of-an-event-collection-rule-for-advisor-preview-advanced-targeting.aspx that explains how the Event collection policy works, and it contains a management pack which features an Authoring template to create this type of rules.
    By choosing your own scoping/targeting in SCOM, you wouldn’t see the errors on the ‘wrong’ machines.

    Offering advanced scoping/targeting options in the cloud would be fairly costly at this stage. We might re-prioritize at a later stage.

  15. (Microsoft survey and discussion) Frustrations around using log analytics in monitoring/log analytics solutions

    I’m part of a team at Microsoft that is interested in understanding your frustrations around diagnosing software problems when using monitoring/log analytics solutions. Specifically, we’re interested in where you leave the monitoring/log analytics system to pull addition logs/traces or use different diagnostic analysis tools in order to solve a software problem. If you’re someone that uses the log analytics capability inside of OMS or any of the other monitoring/analytics solutions (Linux or Windows), and you are interested in having a 30 minute conversation with me and a couple of my colleagues, please leave your information on http://www.msftdiagnostics.com/ or send email…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Application Log ID 18456 (Logon) not being collected (aka - allow to Collect Audit Failure and Audit Success events)

    Added log collection of the Application Event Log , but it looks like Event 18456 Type Logon is not being collected even while its located in the Application Log

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’ve updated the Log Analytics service so that Audit Success / Audit Failure events are picked up from all event logs, not just the Security event log.

    To collect these events, configure collection of “Information” level events from the event log.

    The change is rolling out to all regions this week.

  17. Add support for operational insights in Azure PaaS Services

    Azure Operational Insights should also support operational insights on Azure PaaS services like Web Roles, Worker Roles, Web sites, Azure SQL Databases and all the other Azure PaaS services.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Log Collection from WAD for PaaS roles and IaaS VMs is enabled for Windows Event Logs and IIS Logs.

    SQL Instances running in IaaS VM are supported (via the agent) by SQL Assessment IP already as well.

    Other sources of data (i.e. performance) are tracked by individual ideas i.e.

    http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519356-collect-custom-performance-counters-from-windows-a

    http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519351-collect-iis-logs-from-windows-azure-diagnostics-st

    Azure SQL is a different beast altogether – not immediately on the roadmap to assess that from our end, but we started some conversation with the SQL team in that sense.

    In general, we suggest you give us feedback in small-bite chunks. This one broad ‘idea’ you posted for us is really multiple separate features to implement on our end – see the list above. This means your feedback will tend to remain open for a very long time. We work in iterative/agile fashion, so we prefer to track each small piece with its own status and ship small…

  18. Collect Windows Events from Windows Azure Diagnostics tables (WAD)

    What the title says - similar to what we do in 'Log Management' today for MMA/OpsMgr agent, but pulling from Windows Azure Diagnostic's table storage - for collecting Windows Event Logs from Azure VMs and Role Instances

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Can you please add the Microsoft-Windows-Sysmon/* to Logs

    To be able to support Sysinternals SysMon

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. Log Management - NO DATA FOUND

    I initially on-boarded a new SCOM 2012 R2 management group with Operational Insights. I turned on multiple intelligence packs and the 10 or so servers that were added to SCOM so far uploaded log data fine (IIS, Application, System) and the "Security and Audit" intelligence pack seemed to be working as well.

    I did see that there were some servers that are too old to be compatible with OpInsights, so I created a custom group for Windows servers with 2008 and later, I then targeted that group with OpInsights from within the SCOM console.

    I also am running the latest…

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base