Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 330 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    You can now monitor Certificate expiration on Azure VMs using [Azure Policy for Guest Configuration](https://azure.microsoft.com/en-us/updates/guest-configuration-feature-for-azure-policy-now-in-preview/). When in the policy portal search for policies titled “e x p e r”. We also created a template for Log Analytics that will monitor IIS on any VM with an agent. Checkout an example @ https://github.com/TimSBenjamin/AzMonCertExpireAlert.

    If you still have any queries please let us know. Thank you

  2. Azure Machine Learning with Log Analytics

    1 on OMS with Azure ML. As organizations lack the ability to mine through mounds of log data to detect trends and determine what services are running well and which services may need help.

    Problem Management is one of the processes that requires Incident/Event data to determine trends. Many organizations struggle with this as they need to have a person look at this data and analyze it. Using OMS Analytics data and pumping to through Azure Machine Learning and providing insights would be valuable to IT organizations.

    This would increase IT Organization’s maturity and drive business value.. I see a…

    308 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Collect Azure Resource Manager (ARM) Logs

    Ability to collect Azure Resource Manager logs. That way you can look what actions were done in Azure and audit them.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    You can now configure Azure Activity logs (aka Audit Logs, ARM Logs, operational logs) to be sent to Log Analytics.

    You can send logs from multiple subscriptions to a single Log Analytics workspace.

    The logs are kept for 90 days, even if your retention period is shorter. If you increase your retention period the activity logs are kept for the length or your retention period.

    -Richard

  4. ServiceNow Intelligence pack & connection

    Would be great to have a way to forward alerts to ServiceNow (http://www.servicenow.com/) and to be able to analyze data (incidents, changes, etc.) coming from ServiceNow.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. 19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Need Configuration Change Tracking Solution (Software, Windows Firewall Rules, NT Services, Group Policy)

    When troubleshooting issues one of the most common workflows that System Admins perform to find root cause is first to parse through Windows event logs and then then determine what configuration changes have occurred on the server that is the root cause of the problem.
    Today we don’t have any good solutions to track and view configuration changes and to correlate that with various events/log entries. Majority of all outages are caused by some sort of configuration change in their environment.

    Types of Configuration Changes to Track
    1. Software (Patches, Upgrades, Add\Remove Programs, Drivers)
    2. Windows Firewall Rules
    3. NT…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. SQL Server Intelligence Pack

    SQL Server is one of the most valuable and popular workloads in the world so I"m desperately asking you to build SQL Server Intelligent Pack. Now SQL Server monitoring is only available as SCOM MP, but it has poor data analysis and reporting capabilities. I assume that SC Advisor must be great platform to fill this gap. Another issue of SQL MP is complex configuration (e.g. when you have many DBs or Clustered SQL and, of course, security configuration...). Intelligent pack will be able to solve all these problems! Regarding the most critical monitoring scenarios I'm thinking about space monitoring…

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We have just enabled a ‘SQL Assessment’ Intelligence Pack – around ‘adherence to best practices’ for SQL configuration/risk assessment.

    This is the first of a set of ‘vertical’ assessment IPs for specific technologies/workloads (i.e. SQL, AD, etc) – as opposed to the uber ‘Configuration Assessment’ that was already in the old Advisor.

    Read more here
    http://blogs.technet.com/b/momteam/archive/2014/10/23/new-sql-server-assessment-intelligence-pack-in-advisor.aspx

    This has proven to be a successful approach and format for enterprise customers who have been using Microsoft Premier support – programs such as RAP (risk assessment program) tailored around specific technologies have been very successful.

    Not currently focused on real-time ‘monitoring’ scenarios by workload at the moment; that will come as we get more ‘real time’ with the service. In that regard, we believe the right approach is ‘Log Management’ – where you can configure your own log collection. As we add Performance Counter collection too
    http://feedback.azure.com/forums/267889-azure-operations-insights/suggestions/6519061-collect-custom-windows-performance-counters , coupled with dashboards http://blogs.technet.com/b/momteam/archive/2014/10/16/custom-dashboard-in-advisor.aspx

  8. Please provide publically available documentation for Solution Packs on collection methods, what data is collected, and all checks performed

    It would be ideal to know what a solution pack is actually doing, how it is doing it and even how often it is doing it so customers can assess enabling it in their environment. This ideally could be a standard practice for any new solution pack created by Microsoft or Partners.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Collect network-related information such as traffic/bandwidth

    Capacity is incomplete without network data. Also, troubleshooting and security scenarios can benefit from a view on what information passes over the network.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. update compliance

    Detailed Patch Status for Workstations in System Update Assessment
    Similar to MMA (Microsoft Monitoring Agent) for servers that provides security patch level details, provide a similar capability for Win 10 workstations that are registered to send data to OMS.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Ability to hide sensitive data like password, keys etc

    While using private preview Container Solution in type ContainerInventory I noticed some of the sensitive data is available in the OMS (EnvironmentVariable). It will be good to hide these kind of informations or encrypt it.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Rename the Product

    While a seemingly superfluous notion; this new product is much more than Advisor ever was. Inside our own organization (those who haven't seen the new product) there is a response to the word "System Center Advisor" that is not a positive one.

    It seems unfair to associate a new product that is this good with a name of a previous product that did not live up to its hype..

    Call it System Center Meta Engine, call it awesome bacon machine, whatever, but please call it something else. The immediate perception some people have when you say the word "Advisor" makes…

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Azure Automation Solution Make Job Results & Output Searchable in OMS

    Get the Name, Job State, Input and Output data into OMS so it is searchable and therefore I could also create an alert. E.g. I wan't to know when runbook X Fails with a certain output, OMS should send an alert.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    You can now send logs from Automation accounts to Log Analytics.

    Refer to the following document for more information on how to use Set-AzureRmDiagnosticSetting to configure logging.

    https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-powershell-workspace-configuration#configuring-log-analytics-to-index-azure-diagnostics

    We’ll do a future update to allow visualization of the logs.

    -Richard

  14. Ops Alerts missing in Alert Management

    Ops alerts not showing up in Alert Management IP

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. Provide 'New alert management' Intelligence Pack for direct connection agents

    Now, alert management solution gallery is only for SCOM.
    Many customers request ability to manage alert for direct connection.

    - Provide 'New alert management' Intelligence Pack for direct connection agents
    - List alert (similar to alert management for SCOM)(*1).
    - List the status of all direct connection agents.
    --> This status includes heartbeat monitoring for agents.
    - Cooperation with the alert function of LogSearch
    --> If alert occurs, display it to alert list(*1).

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Office 365 Solution Error When Linking Subscription

    Linking an O365 subscription has generated an error page for at least the last week that I've been trying.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. Remove the need for a local SCOM?

    It seems like some features (Alert Management, Capacity Planner) need some integration with a local SCOM. Will this probably almost be the case, that you need a local SCOM, or will Azure Operational Insights evolve to the Point where you don't need a local SCOM at all and run it completely in Azure Operational Insights?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    As the data collection pipeline gets more real time, we would like to introduce ‘searches’ that can run on a schedule – or watching incoming data – and can generate ‘alerts’ – see this idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-long-running-saved-searches-or-scheduled-that-ca

    Daniele from our team has blogged here how those ‘saved searches’ can be compared to alerting criteria in SCOM management pack rules and how easy it is to write the equivalent filters http://blogs.msdn.com/b/dmuscett/archive/2014/11/05/iis-mp-event-alerting-rules-s-opinsights-searches-equivalents.aspx

    The key difference is that SCOM was very good at quickly detecting conditions on agents, but it made it hard to correlate those multiple alerts on multiple machines. We think the future is at the data layer, when all this data is in a single big data store, and you can get more powerful insights thru search.

    So, directionally it will evolve into that.

    But for now, Alert Management synchronizes alerts from SCOM environments. We don’t know yet if the…

  19. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. Solutions Gallery heading needs to be a link to go back after showing details for a solution

    When viewing the Solutions Gallery, you can click on a Solution tile to show the details for that solution. This replaces the Solution preview on the left with a large pane showing the details for the Solution you clicked on. Above that details view, you see what looks like a menu (Solutions Gallery > Details), but you can't click on the Solutions Gallery item to go back to the default view. I instinctively try to do this when I am done viewing details, but instead have to click the Back button. Since the headings are presented as a menu, it…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base