Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

    Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

    Is there a way to come around some major limitations when creating Alerts? The biggest problem is the Time Window restriction. This restricts us from searching in data older than 24 hours when creating an alert. I expect a record for a custom MessageType
    to arrive once a week, i am not able to create an Alert if this message does not appear as expected.
    The retention days for OMS Log Analytics is minimum 31 days according to this article: https://blogs.msdn.microsoft.com/…/change-oms-log-analytic…/
    Why do we then…

    80 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  6 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  2. service map timeline larger then 1 hour

    Currently it only appears like I can view systems connected in service map in 1-hour windows. This makes it difficult to see what is being used having to go days/months back in 1-hour chunks. A total view of all connections would be great, or at the very least in 1 month chunks.

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
  3. Custom fileds with delimiters

    Need to create custom fields by standard delimiters (i.e. | , ;)

    79 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Request to add BMC Remedy partner type in ITSM Connection

    Hi Team,

    Could you please add BMC Remedy partner type in ITSM connection in LogicApps as this connection is not available which is commonly used tool in most of the software companies.
    Adding this connector will help us to automatically creates remedy tickets whenever there is a failure in ADF or if any component reaches threshold limits

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  5. Collect data from custom containers in storage account

    We are trying to use appinsights and trying to export that data to the storage container. In the current version of OMS we want to configure custom storage container from where the logs/application data must be read for doing Alert Management.

    Thanks
    TJ

    74 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →

    Yes in the future we would like to enable this, but it needs work to define your own schema and fields first – not just their location.

    This general work is also needed for ‘generic’ log collection i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files

    Also, for doing ‘alerts’ you need to be able to create those alerts – check this idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-long-running-saved-searches-or-scheduled-that-ca

  6. Collect Azure Storage Logging files

    On Microsoft Azure you can enable Azure Storage logging. The logging information is saved in a $logs container in your StorageAccount. It would be great if we can add this log information to OpInsights. More information about how you can enable this type of logging: https://msdn.microsoft.com/en-us/library/azure/dn782840.aspx

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Allow variables from saved search in email subject

    It would be helpful if you could dynamically add the variables (from saved searches - such as computername) to the subject line of email alerts.

    The reasoning behind this is in our ticketing system we want the computer name to be immediately visible for an OMS generated alert. We are currently hardcoding the searches per computer however with the amount of servers we manage we are hitting the saved search limit of 250.

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  8. Make it easy to display a Dahboard via a TV

    I'd like to make the dashboard available via a TV...a readonly view so everyone can see the tiles and health of the systems we are monitoring.

    We could create a url that contains a token to only the dashboard, so you don't have to authenticate to make it easy to supply to our digital signage system.

    Thanks

    70 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  9. Remove 300 DCs limitation on AD Replication Status!

    OMS is a solution that - ideally - should help users in analysing big data as it aggregates it in the cloud.
    It is disappointing that the AD Replication Status solution only supports directories that have less than 300 domain controllers: these are the directories that would take the greatest advantage.

    Please remove the limitation!

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  AD Replication Result Solution  ·  Flag idea as inappropriate…  ·  Admin →
  10. Multihome agents

    It would be fantastic if we could multihome agents to various workspaces.
    Right now we use the SCOM agent to connect to OMS, which means one OMS workspace. But we would like to have multiple workspaces depending on type of server (eg Production servers, Dev servers, application servers etc).

    I understand we can multihome OMS to different workspaces by multihoming the SCOM agent to different SCOM management groups, but having an entire management group set up just so agents can talk to different OMS workspaces is like swatting a fly with a sledgehammer.
    Even if we can manually configure each…

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Collect ETW Trace Logs

    Windows Events collected today are only from the 'classic' NT-style eventlogs (Application/System) as well as from the Crimson logs (Vista and above) that are saved in ETVX format.

    It would be nice to enable collection of ETW Trace Logs too (.ETL), like /Analytics and /Debug logs.

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Log Analytics query with tags

    I would like to include tags in log analytics queries.

    61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Provide ability to query resource Graph data from Log Analytics

    Please provide option to query resource graph data from Log Analytics. That will allow to correlate data between those and some interesting scenarios will be possible. Also you should be able to use Log Analytics query that reaches resource graph and you can create Log Search alert.

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Extensibility  ·  Flag idea as inappropriate…  ·  Admin →
  14. Fix Bug in Agent

    We started seeing this error after installing the OMS agent on our servers.

    An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {45FB4600-E6E8-4928-B25E-50476FF79425} was rejected.

    A quick search on the internet shows other people have the same error after installing the OMS agent also.

    57 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’re aware of an issue that can cause this error to be logged when the Update Assessment solution is installed.
    You can check if this is what you’re seeing my temporarily removing the Update Assessment solution and confirming the errors stop.

    The Update Assessment solution functionality is not affected and you can safely ignore this error.

  15. Add Office365 as monitoring object

    I would like to have an Office365 IP. For example, I would like to monitor the mailflow. If no mail is comming in for a few hours, I need a warning that there might be something wrong.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Make the OMS agent work on Linux with ARM architecture

    Since there are devices like Raspberry PI with ARM architecture, it would be great if you provided binaries for ARM based Linux systems as well. Currently, I am unable to run the agent on Raspberry with Raspbian despites the tutorials available on various sites.

    53 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. More scheduling options for alert triggering

    Most of us have monitoring rules that are somehow different in the week end (or at night), just because some resources are left down. For example, I wanted to create an alert for when a particular VM was not started by automation on week days. Although I can easily set up that query to work on week days, it will unnecessary trigger an alert on weekends. Therefore, having a more advanced scheduler for alerts would be great, such as this: "check for this alert every X minutes with <everyday|weekdays|specific> recurrency"

    53 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide Intelligence Pack for AWS workloads

    What I would propose is to extend the capability of monitoring AWS workloads beyond simply installing an agent on their IAAS VMs. The AWS management pack for SCOM (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/AWSManagementPack.html) after importing the AWS IAM key into the system provides the capability to get fabric level details for their AWS environment.

    •EC2 instances
    •EBS volumes
    •ELB load balancers
    •Auto Scaling groups and Availability Zones
    •Elastic Beanstalk applications
    •CloudFormation stacks
    •CloudWatch Alarms
    •CloudWatch Custom Metrics

    If OpsInsight wants to target the cross platform as its goal, this should be a priority target.

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Add Tenant root management group into Activity log's drop down list

    We can't select Tenant root management group in Activity log's "Management group" drop down list.

    Customer can apply policy on Tenant root management group. And the activity log should record the policy change on Tenant root management group.

    Please add Tenant root management group into Activity log's drop down list. So that we can check the activity log of Tenant root management group

    51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  20. Custom Logs (import and delete) and add custom timestamps

    One amazing idea is create custom fields on custom log sample process. Another good idea is add more timestamp samples (like ISO 8601 format, YYYYMMDDThhmmss.fffK where YYYY: Year, MM: Month, DD: Day in month, T: Delimiter, hh: Hour, mm: Minutes, ss: Seconds, fff: Milliseconds, K: Time zone offset) or add the possobility to create a custom timestamp.
    It will be possible delete some imported custom logs to make some tests?

    51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’re planning on allowing you to import/export Custom Logs & Fields via the UI & ARM Templates. We’re currently implementing the ARM support today for most of Settings in OMS.

    Thanks for sharing some of the timestamps you need. Feel free to e-mail them to me here: evanhi(at)microsoft.com

    We’re actively planning way for you to specify timestamps yourselves.

  • Don't see your idea?

Feedback and Knowledge Base