Azure Monitor-Log Analytics
Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS
- For general discussion/question and answers (not ideas and bug reports) use the MSDN Forum
- Onboarding issues? Read this troubleshooting guide
- How do I do XYZ? Try our documentation
- Customers with Premier support can log support cases via Premier
- Customers with Azure support agreements can log support cases in the Azure portal
-
Collect data from custom containers in storage account
We are trying to use appinsights and trying to export that data to the storage container. In the current version of OMS we want to configure custom storage container from where the logs/application data must be read for doing Alert Management.
Thanks
TJ72 votesYou can create alerts based on custom logs. See this documentation on how to collect the data:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs -
Raise the maximum alert rules from the limit of 250.
We are running into the maximum limit of 250 rules, which is requiring our organization to change our alerting workflow to work around this limit and makes the OMS solution not feel scalable as an alerting tool.
48 votesWhile OMS puts a restriction of up to 250 Alerts via OMS Portal – the solution is scalable to beyond these limits. The limit is only put in place to prevent abuse.
If your organization requires more than 250 Log Analytics based Alerts – be it in OMS or Azure; please reach out to Microsoft Support / Account representatives or Azure Partner. They’ll guide you through the process of increasing alerts, as required for your organizational needs.
-
Can't create alerts based on cross-resource queries
It used to be possible through the OMS portal to link an Application Insights instance to Log Analytics. Since the portal is being depreciated, along with the App Insights connector, we are forced to use cross-resource queries to query an App Insights instance from a separate Log Analytics instance. This works fine for general queries, but we cannot create alerts based on cross-resource queries. The alert will not create because of a "syntax error", when the same query works in Log Analytics.
There should be a way to ingest App Insights data into a Log Analytics instance. Or else we…
44 votes -
ACTIVATED/RESOLVED states for alerts with auto-resolution
It often happens an alert being fired and keeping sending me notifications every X minutes until I resolve the problem. It may happen the problem can only be resolved the day after or, worse, many days after (for example, a low disk space condition). Meanwhile, I keep receiving all these notifications, filling up my mailbox and... you know!
It would be great to have a single ACTIVATED notification when the alert fires and later a RESOLVED notification when the alert condition is not met anymore. I believe there may be a way of achieving this through a pair of complex…
30 votesAbility to suppress an alert exists in log alerts; to disable notifications while alert execution continues.
Additionally, now enhanced azure alerts automatically groups continually firing alerts and you can close/acknowledge them as well. For more info, see: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts#enhanced-unified-alerts-public-preview -
If a host or a server is down and not reachable an alert is generated in the dashboard or with an email
alert on server availability
29 votesThe following blog describes how to use agent health and automation to alert on server down:
-Richard
-
Create the cmdlet to fetch our OMS alert or alert rule to easly maintenance, due Get-AzureRmAlertRule do not support this feature today.
Add support to get-azurermalertrule to handle the OMS Alert and alert rule to maintenance, clone, delete, etc. Due actually is not supported, if you need it required to work on Alert API.
23 votesYou new have cmdlet via the SQR API:
https://docs.microsoft.com/powershell/module/az.monitor/get-azscheduledqueryrule?view=azps-3.8.0To use it you must switch to use the new API. Read more about this here:
https://docs.microsoft.com/azure/azure-monitor/platform/alerts-log-api-switch -
Alert
In most cases when you are looking at the Alert Management Solution you do not care about the instances of an alert - especially if you have been notified by runbook/webhook/email.
I'd wager that most people care about the data in the search query that caused that alert and the data it returned. Having to copy and paste the LinkToSearchResults is quite time consuming. The UX on this should be improved to allow jumping directly to the search results that caused the alert, would save time on training too!
18 votesLinktoResults property is now clickable in e-mail notifications and users can get details on alert firings in UI via Enhanced Unified Alerts in Azure: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts#enhanced-unified-alerts-public-preview
-
Computer Heartbeat
We want to get an alert if a Server don´t post any data in the Workspace since 5 minutes. Like a heartbeat from each Agent.
18 votesAgents now send in heartbeats as log data that can be queried.
This blog post describes a way that you can use this information and also a ping test to alert when a computer is not available.
— Richard
-
Alert threshold
Alerts based on Metrics, e.g. if the processor time goes over 95% for 5 Minutes etc.
16 votesLog alerts support metric measurement rules, which allow you to compute time series like process time for chosen interval like 5 mins and alert for total or continuous breach of the threshold. More more details, see: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-alerts-unified-log#metric-measurement-alert-rules
-
Please add the ability to modify/update/enable/disable existing Alerts
Please provide an interface to allow us to update/modify and enable/disable existing alerts.
10 votesEditing alerts is now possible. Check out our announcement on alerting:
https://blogs.technet.microsoft.com/msoms/2016/04/11/oms-alerting-is-now-generally-available/ -
Allow any number of alerts to be defined (currently limited to 10)
Currently we are limited to 10 alerts, please provide the ability to define as many as are needed by a customer.
9 votesThe limit for alerts is now 100!
-
Provide Alert management in the Azure Portal
Add support for Alert management in the Azure Portal. We really need this option.
9 votesNow state management available as public preview, for all users of Azure alerts: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts#enhanced-unified-alerts-public-preview
-
Integration to 3rd party incident management tools like pagerduty
Getting the alerts out to the on-call teams will require some more logic than sending an email.
Direct integration to systems like pagerduty or slack would be great.
8 votesThe alerting feature allows integration with pagerduty and slack:
https://azure.microsoft.com/en-us/documentation/articles/log-analytics-alerts/#alert-actionsPagerduty docs:
https://www.pagerduty.com/docs/guides/microsoft-operations-management-suite-oms-beta-integration-guide/Slack
https://azure.microsoft.com/en-us/documentation/articles/log-analytics-alerts-webhooks/ -
Alerting via SMS
we want to use sms for alerting instead of emails.
7 votesNow alerts use ActionGroup which supports SMS & Voice call options for notification.
All alerts in OMS/LA are being extended into Azure; with the association of action groups. For more details, see: https://aka.ms/omsalertextenddocs -
Please add the ability to Acknowledge/Resolve Alerts
As noted in the subject I would like to be able to acknowledge/resolve an alert and have that reflected in the dashboard tile.
Active alerts: XX
Resolved Alerts: XX7 votesNow the ability to acknowledge and close alert, is available to everyone in Azure. More more details, see: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts#enhanced-unified-alerts-public-preview
-
Alert Management Intelligence Pack not sending alerts EventID 4501
in SCOM I see this event EventID 4501
A module of type "System.PublishDataToEndPoint" reported an error 87L which was running as part of rule "Microsoft.SystemCenter.CollectAlertChangeDataToCloud" running for instance "Operations Manager Management Group" with id:"{6B1D1BE8-EBB4-B425-08DC-2385C5930B04}" in management group "SCOMTEST".
7 votesThis has been fixed – you should see those alerts now!
(This was ONLY applicable if you see the exact error described in this post in your event log.)
If you don’t see OTHER types of data, refer to these other ideas and posts
IIS logs on Windows Server 2008 / IIS7
SQL Server Assessment data
are tracked here http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6626222-no-data-after-more-than-60-minutes-sql-assessmentCapacity/Performance only works with VMM, tracked here http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6662146-open-up-the-capacity-management-pack-for-other-sys
Other general info on troubleshooting connectivity issues (written for SCOM but the errors in the event log would be identical for Direct Agent) here http://blogs.technet.com/b/momteam/archive/2014/05/29/advisor-error-3000-unable-to-register-to-the-advisor-service-amp-onboarding-troubleshooting-steps.aspx
-
Azure AD Group alert targeting in OMS
It would be great with an option to limit alerts to specific groups of people in Azure Active Directory. Basically the same functionality that is possible with email notification, where we can enter the "Recipients" of the email alert notification.
Alerts on a group level should happen both at the OMS API level and also in the Mobile App. I get a lot of alerts that is intended for other group or people.
5 votesOMS/LA alerts now extended into Azure to utilize ActionGroups; allowing you to create specific AG for every set of people (say) AG-WinSys for all your Windows Admins, AG-LinSys for all your Linux Admins etc.
For more details, see: https://aka.ms/omsalertextenddocs -
scoping
Allow for scoping by Computer Group(s)
4 votesYou can use a computer group in a log search and use that for your search query for an alert
https://azure.microsoft.com/en-us/documentation/articles/log-analytics-computer-groups/#using-a-computer-group-in-a-log-search -
Alert Management (solution) is missing from Azure Marketplace (June 7, 2018)
(updating with screenshot)
The Log Analytics solution, Alert Management, does not come up in search results across the Azure Marketplace.
See documentation here https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-solution-alert-management
3 votesThe alerts experience is now integrated and doesn’t require additional solution. See here: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts
-
Choose Option for Alert Remediation
Hello,
Alert Remediation Runbooks are running only on Azure. We need a choose option for hybrid as well.
2 votesThis is now available as part of the Alerting preview.
- Don't see your idea?