Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

    Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

    Is there a way to come around some major limitations when creating Alerts? The biggest problem is the Time Window restriction. This restricts us from searching in data older than 24 hours when creating an alert. I expect a record for a custom MessageType
    to arrive once a week, i am not able to create an Alert if this message does not appear as expected.
    The retention days for OMS Log Analytics is minimum 31 days according to this article: https://blogs.msdn.microsoft.com/…/change-oms-log-analytic…/
    Why do we then…

    101 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  7 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  2. Log Filtering

    I want to be able to filter stuff I don't want to collect in logs. For example with ACS (in SCOM) I could apply filters that didn't collect system logins. I would like this functionality in all logs, for example I would want to filter IIS logs to remove data from certain IP addresses.
    I can see customers wanting to use this type of functionality when the costs of data start to pile up.

    92 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Request to add BMC Remedy partner type in ITSM Connection

    Hi Team,

    Could you please add BMC Remedy partner type in ITSM connection in LogicApps as this connection is not available which is commonly used tool in most of the software companies.
    Adding this connector will help us to automatically creates remedy tickets whenever there is a failure in ADF or if any component reaches threshold limits

    85 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  4. Allow variables from saved search in email subject

    It would be helpful if you could dynamically add the variables (from saved searches - such as computername) to the subject line of email alerts.

    The reasoning behind this is in our ticketing system we want the computer name to be immediately visible for an OMS generated alert. We are currently hardcoding the searches per computer however with the amount of servers we manage we are hitting the saved search limit of 250.

    85 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide ability to query resource Graph data from Log Analytics

    Please provide option to query resource graph data from Log Analytics. That will allow to correlate data between those and some interesting scenarios will be possible. Also you should be able to use Log Analytics query that reaches resource graph and you can create Log Search alert.

    85 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Extensibility  ·  Flag idea as inappropriate…  ·  Admin →
  6. Integration with Advanced Threat Analytics (ATA)

    I'd love to see OMS and ATA play together so I can feed ATA data into OMS, provide dashboards, etc.

    83 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  3 comments  ·  Active Directory Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  7. service map timeline larger then 1 hour

    Currently it only appears like I can view systems connected in service map in 1-hour windows. This makes it difficult to see what is being used having to go days/months back in 1-hour chunks. A total view of all connections would be great, or at the very least in 1 month chunks.

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
  8. Custom fileds with delimiters

    Need to create custom fields by standard delimiters (i.e. | , ;)

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Multihome agents

    It would be fantastic if we could multihome agents to various workspaces.
    Right now we use the SCOM agent to connect to OMS, which means one OMS workspace. But we would like to have multiple workspaces depending on type of server (eg Production servers, Dev servers, application servers etc).

    I understand we can multihome OMS to different workspaces by multihoming the SCOM agent to different SCOM management groups, but having an entire management group set up just so agents can talk to different OMS workspaces is like swatting a fly with a sledgehammer.
    Even if we can manually configure each…

    74 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Fix Bug in Agent

    We started seeing this error after installing the OMS agent on our servers.

    An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {45FB4600-E6E8-4928-B25E-50476FF79425} was rejected.

    A quick search on the internet shows other people have the same error after installing the OMS agent also.

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’re aware of an issue that can cause this error to be logged when the Update Assessment solution is installed.
    You can check if this is what you’re seeing my temporarily removing the Update Assessment solution and confirming the errors stop.

    The Update Assessment solution functionality is not affected and you can safely ignore this error.

  11. Collect Azure Storage Logging files

    On Microsoft Azure you can enable Azure Storage logging. The logging information is saved in a $logs container in your StorageAccount. It would be great if we can add this log information to OpInsights. More information about how you can enable this type of logging: https://msdn.microsoft.com/en-us/library/azure/dn782840.aspx

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Make it easy to display a Dahboard via a TV

    I'd like to make the dashboard available via a TV...a readonly view so everyone can see the tiles and health of the systems we are monitoring.

    We could create a url that contains a token to only the dashboard, so you don't have to authenticate to make it easy to supply to our digital signage system.

    Thanks

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  13. Remove 300 DCs limitation on AD Replication Status!

    OMS is a solution that - ideally - should help users in analysing big data as it aggregates it in the cloud.
    It is disappointing that the AD Replication Status solution only supports directories that have less than 300 domain controllers: these are the directories that would take the greatest advantage.

    Please remove the limitation!

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  AD Replication Result Solution  ·  Flag idea as inappropriate…  ·  Admin →
  14. Retrieve the portal time span and use it inside the kusto query

    I am trying to access the time range selected from portal and use it inside the kusto query to show some metric (% uptime of a specific api using our custom logic).

    Documents does not mention any variable or function that we will help to access the time range selected from portal.

    It would be helpful to have a magic variable to see the time range selected from portal.

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  15. Support millisecond/microsecond precision for time-generated-field in HTTP Data Collector

    Support millisecond/microsecond precision for time-generated-field in HTTP Data Collector. Use ISO 8601 format YYYY-MM-DDThh:mm:ss.msecZ

    66 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  16. Collect ETW Trace Logs

    Windows Events collected today are only from the 'classic' NT-style eventlogs (Application/System) as well as from the Crimson logs (Vista and above) that are saved in ETVX format.

    It would be nice to enable collection of ETW Trace Logs too (.ETL), like /Analytics and /Debug logs.

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Make the OMS agent work on Linux with ARM architecture

    Since there are devices like Raspberry PI with ARM architecture, it would be great if you provided binaries for ARM based Linux systems as well. Currently, I am unable to run the agent on Raspberry with Raspbian despites the tutorials available on various sites.

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. Add Office365 as monitoring object

    I would like to have an Office365 IP. For example, I would like to monitor the mailflow. If no mail is comming in for a few hours, I need a warning that there might be something wrong.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Add all the render operations from the Kusto query language

    As of today the "with" render operator does not work in Log Analytics.
    example: | render timechart with(ymin=0)

    This will not force the y-axis to start at 0 if the values in the graph are higher than 0. It would be very good if it was possible to use all these operators that are listed in the documentation when using Log Analytics and when pinning the graphs to the dashboard.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  20. Add Tenant root management group into Activity log's drop down list

    We can't select Tenant root management group in Activity log's "Management group" drop down list.

    Customer can apply policy on Tenant root management group. And the activity log should record the policy change on Tenant root management group.

    Please add Tenant root management group into Activity log's drop down list. So that we can check the activity log of Tenant root management group

    54 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  • Don't see your idea?

Feedback and Knowledge Base