Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide ability to query resource Graph data from Log Analytics

    Please provide option to query resource graph data from Log Analytics. That will allow to correlate data between those and some interesting scenarios will be possible. Also you should be able to use Log Analytics query that reaches resource graph and you can create Log Search alert.

    102 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Extensibility  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow variables from saved search in email subject

    It would be helpful if you could dynamically add the variables (from saved searches - such as computername) to the subject line of email alerts.

    The reasoning behind this is in our ticketing system we want the computer name to be immediately visible for an OMS generated alert. We are currently hardcoding the searches per computer however with the amount of servers we manage we are hitting the saved search limit of 250.

    94 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  3. Log Filtering

    I want to be able to filter stuff I don't want to collect in logs. For example with ACS (in SCOM) I could apply filters that didn't collect system logins. I would like this functionality in all logs, for example I would want to filter IIS logs to remove data from certain IP addresses.
    I can see customers wanting to use this type of functionality when the costs of data start to pile up.

    93 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Retrieve the portal time span and use it inside the kusto query

    I am trying to access the time range selected from portal and use it inside the kusto query to show some metric (% uptime of a specific api using our custom logic).

    Documents does not mention any variable or function that we will help to access the time range selected from portal.

    It would be helpful to have a magic variable to see the time range selected from portal.

    92 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  5. Fix Bug in Agent

    We started seeing this error after installing the OMS agent on our servers.

    An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {45FB4600-E6E8-4928-B25E-50476FF79425} was rejected.

    A quick search on the internet shows other people have the same error after installing the OMS agent also.

    90 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’re aware of an issue that can cause this error to be logged when the Update Assessment solution is installed.
    You can check if this is what you’re seeing my temporarily removing the Update Assessment solution and confirming the errors stop.

    The Update Assessment solution functionality is not affected and you can safely ignore this error.

  6. Request to add BMC Remedy partner type in ITSM Connection

    Hi Team,

    Could you please add BMC Remedy partner type in ITSM connection in LogicApps as this connection is not available which is commonly used tool in most of the software companies.
    Adding this connector will help us to automatically creates remedy tickets whenever there is a failure in ADF or if any component reaches threshold limits

    86 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  7. Custom fileds with delimiters

    Need to create custom fields by standard delimiters (i.e. | , ;)

    84 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. service map timeline larger then 1 hour

    Currently it only appears like I can view systems connected in service map in 1-hour windows. This makes it difficult to see what is being used having to go days/months back in 1-hour chunks. A total view of all connections would be great, or at the very least in 1 month chunks.

    83 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
  9. Integration with Advanced Threat Analytics (ATA)

    I'd love to see OMS and ATA play together so I can feed ATA data into OMS, provide dashboards, etc.

    83 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  3 comments  ·  Active Directory Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  10. Multihome agents

    It would be fantastic if we could multihome agents to various workspaces.
    Right now we use the SCOM agent to connect to OMS, which means one OMS workspace. But we would like to have multiple workspaces depending on type of server (eg Production servers, Dev servers, application servers etc).

    I understand we can multihome OMS to different workspaces by multihoming the SCOM agent to different SCOM management groups, but having an entire management group set up just so agents can talk to different OMS workspaces is like swatting a fly with a sledgehammer.
    Even if we can manually configure each…

    74 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Make it easy to display a Dahboard via a TV

    I'd like to make the dashboard available via a TV...a readonly view so everyone can see the tiles and health of the systems we are monitoring.

    We could create a url that contains a token to only the dashboard, so you don't have to authenticate to make it easy to supply to our digital signage system.

    Thanks

    74 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  12. Collect Azure Storage Logging files

    On Microsoft Azure you can enable Azure Storage logging. The logging information is saved in a $logs container in your StorageAccount. It would be great if we can add this log information to OpInsights. More information about how you can enable this type of logging: https://msdn.microsoft.com/en-us/library/azure/dn782840.aspx

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Add all the render operations from the Kusto query language

    As of today the "with" render operator does not work in Log Analytics.
    example: | render timechart with(ymin=0)

    This will not force the y-axis to start at 0 if the values in the graph are higher than 0. It would be very good if it was possible to use all these operators that are listed in the documentation when using Log Analytics and when pinning the graphs to the dashboard.

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  14. Support millisecond/microsecond precision for time-generated-field in HTTP Data Collector

    Support millisecond/microsecond precision for time-generated-field in HTTP Data Collector. Use ISO 8601 format YYYY-MM-DDThh:mm:ss.msecZ

    70 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  15. Make the OMS agent work on Linux with ARM architecture

    Since there are devices like Raspberry PI with ARM architecture, it would be great if you provided binaries for ARM based Linux systems as well. Currently, I am unable to run the agent on Raspberry with Raspbian despites the tutorials available on various sites.

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Collect ETW Trace Logs

    Windows Events collected today are only from the 'classic' NT-style eventlogs (Application/System) as well as from the Crimson logs (Vista and above) that are saved in ETVX format.

    It would be nice to enable collection of ETW Trace Logs too (.ETL), like /Analytics and /Debug logs.

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Add Office365 as monitoring object

    I would like to have an Office365 IP. For example, I would like to monitor the mailflow. If no mail is comming in for a few hours, I need a warning that there might be something wrong.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. Add the Continous Export function to Log Analytics (as seen in Application Insights) or provide similar functionality

    Still not quite at feature parity between Application Insights and Log Analytics. Both can now set the retention period to 730 days - but if you need to store logs for longer, only Application Insights has a function to do this via Continous Export.

    Ideally, we want to be able to long-term store logs for more than 730 days. We don't necessarily need the analytics aspect, so archive/cold storage in a storage account (or the like) would be perfectly fine over increasing the retention period past 730 days.

    55 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for your feedback and its now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  19. Add Tenant root management group into Activity log's drop down list

    We can't select Tenant root management group in Activity log's "Management group" drop down list.

    Customer can apply policy on Tenant root management group. And the activity log should record the policy change on Tenant root management group.

    Please add Tenant root management group into Activity log's drop down list. So that we can check the activity log of Tenant root management group

    54 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  20. Provide Intelligence Pack for AWS workloads

    What I would propose is to extend the capability of monitoring AWS workloads beyond simply installing an agent on their IAAS VMs. The AWS management pack for SCOM (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/AWSManagementPack.html) after importing the AWS IAM key into the system provides the capability to get fabric level details for their AWS environment.

    •EC2 instances
    •EBS volumes
    •ELB load balancers
    •Auto Scaling groups and Availability Zones
    •Elastic Beanstalk applications
    •CloudFormation stacks
    •CloudWatch Alarms
    •CloudWatch Custom Metrics

    If OpsInsight wants to target the cross platform as its goal, this should be a priority target.

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base