Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Integration with Advanced Threat Analytics (ATA)

    I'd love to see OMS and ATA play together so I can feed ATA data into OMS, provide dashboards, etc.

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  3 comments  ·  Active Directory Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  2. Custom fileds with delimiters

    Need to create custom fields by standard delimiters (i.e. | , ;)

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Request to add BMC Remedy partner type in ITSM Connection

    Hi Team,

    Could you please add BMC Remedy partner type in ITSM connection in LogicApps as this connection is not available which is commonly used tool in most of the software companies.
    Adding this connector will help us to automatically creates remedy tickets whenever there is a failure in ADF or if any component reaches threshold limits

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  4. Collect Azure Storage Logging files

    On Microsoft Azure you can enable Azure Storage logging. The logging information is saved in a $logs container in your StorageAccount. It would be great if we can add this log information to OpInsights. More information about how you can enable this type of logging: https://msdn.microsoft.com/en-us/library/azure/dn782840.aspx

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. service map timeline larger then 1 hour

    Currently it only appears like I can view systems connected in service map in 1-hour windows. This makes it difficult to see what is being used having to go days/months back in 1-hour chunks. A total view of all connections would be great, or at the very least in 1 month chunks.

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
  6. Collect data from custom containers in storage account

    We are trying to use appinsights and trying to export that data to the storage container. In the current version of OMS we want to configure custom storage container from where the logs/application data must be read for doing Alert Management.

    Thanks
    TJ

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →

    Yes in the future we would like to enable this, but it needs work to define your own schema and fields first – not just their location.

    This general work is also needed for ‘generic’ log collection i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files

    Also, for doing ‘alerts’ you need to be able to create those alerts – check this idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-long-running-saved-searches-or-scheduled-that-ca

  7. Remove 300 DCs limitation on AD Replication Status!

    OMS is a solution that - ideally - should help users in analysing big data as it aggregates it in the cloud.
    It is disappointing that the AD Replication Status solution only supports directories that have less than 300 domain controllers: these are the directories that would take the greatest advantage.

    Please remove the limitation!

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  AD Replication Result Solution  ·  Flag idea as inappropriate…  ·  Admin →
  8. Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

    Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

    Is there a way to come around some major limitations when creating Alerts? The biggest problem is the Time Window restriction. This restricts us from searching in data older than 24 hours when creating an alert. I expect a record for a custom MessageType
    to arrive once a week, i am not able to create an Alert if this message does not appear as expected.
    The retention days for OMS Log Analytics is minimum 31 days according to this article: https://blogs.msdn.microsoft.com/…/change-oms-log-analytic…/
    Why do we then…

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  6 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow variables from saved search in email subject

    It would be helpful if you could dynamically add the variables (from saved searches - such as computername) to the subject line of email alerts.

    The reasoning behind this is in our ticketing system we want the computer name to be immediately visible for an OMS generated alert. We are currently hardcoding the searches per computer however with the amount of servers we manage we are hitting the saved search limit of 250.

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  10. Multihome agents

    It would be fantastic if we could multihome agents to various workspaces.
    Right now we use the SCOM agent to connect to OMS, which means one OMS workspace. But we would like to have multiple workspaces depending on type of server (eg Production servers, Dev servers, application servers etc).
    I understand we can multihome OMS to different workspaces by multihoming the SCOM agent to different SCOM management groups, but having an entire management group set up just so agents can talk to different OMS workspaces is like swatting a fly with a sledgehammer.
    Even if we can manually configure each…

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Collect ETW Trace Logs

    Windows Events collected today are only from the 'classic' NT-style eventlogs (Application/System) as well as from the Crimson logs (Vista and above) that are saved in ETVX format.

    It would be nice to enable collection of ETW Trace Logs too (.ETL), like /Analytics and /Debug logs.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Add Office365 as monitoring object

    I would like to have an Office365 IP. For example, I would like to monitor the mailflow. If no mail is comming in for a few hours, I need a warning that there might be something wrong.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Provide Intelligence Pack for AWS workloads

    What I would propose is to extend the capability of monitoring AWS workloads beyond simply installing an agent on their IAAS VMs. The AWS management pack for SCOM (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/AWSManagementPack.html) after importing the AWS IAM key into the system provides the capability to get fabric level details for their AWS environment.

    •EC2 instances
    •EBS volumes
    •ELB load balancers
    •Auto Scaling groups and Availability Zones
    •Elastic Beanstalk applications
    •CloudFormation stacks
    •CloudWatch Alarms
    •CloudWatch Custom Metrics

    If OpsInsight wants to target the cross platform as its goal, this should be a priority target.

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Make it easy to display a Dahboard via a TV

    I'd like to make the dashboard available via a TV...a readonly view so everyone can see the tiles and health of the systems we are monitoring.

    We could create a url that contains a token to only the dashboard, so you don't have to authenticate to make it easy to supply to our digital signage system.

    Thanks

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  15. Make the OMS agent work on Linux with ARM architecture

    Since there are devices like Raspberry PI with ARM architecture, it would be great if you provided binaries for ARM based Linux systems as well. Currently, I am unable to run the agent on Raspberry with Raspbian despites the tutorials available on various sites.

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Security and Role Based Access Control (RBAC)

    Hi all. I have been trying to get my security team to allow us to join the preview, however they have been pushing back. Is there a way to control users' ability to only view data from inside the corporate network? I.e. not over the web.

    Also, within the product, can you give role based access, e.g. application teams only have access to app data etc?

    49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  17. 49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Here the requirement is clear/obvious. We just have not prioritized this work yet.

    The overall ‘performance’ data collection needs to be refined – not just for Linux.

    Right now we only collect/provide hourly aggregates of some specific performance counters related to HyperV for the ‘Capacity Intelligence Pack’ scenario.

    Real time monitoring scenario might need some different shape of performance data to start with, before we enable this for Linux or for Windows alike, i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519061-collect-custom-windows-performance-counters

  18. OMS portal login timeout

    Ability to increase portal logout timeout from default 30 minutes to kore or less.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  19. Computer Groups - Azure Resource Groups

    Computer Groups based on Azure Resource Groups and / or Azure Tags.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide ability to query resource Graph data from Log Analytics

    Please provide option to query resource graph data from Log Analytics. That will allow to correlate data between those and some interesting scenarios will be possible. Also you should be able to use Log Analytics query that reaches resource graph and you can create Log Search alert.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Extensibility  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base