Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. More scheduling options for alert triggering

    Most of us have monitoring rules that are somehow different in the week end (or at night), just because some resources are left down. For example, I wanted to create an alert for when a particular VM was not started by automation on week days. Although I can easily set up that query to work on week days, it will unnecessary trigger an alert on weekends. Therefore, having a more advanced scheduler for alerts would be great, such as this: "check for this alert every X minutes with <everyday|weekdays|specific> recurrency"

    53 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  2. Provide Intelligence Pack for AWS workloads

    What I would propose is to extend the capability of monitoring AWS workloads beyond simply installing an agent on their IAAS VMs. The AWS management pack for SCOM (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/AWSManagementPack.html) after importing the AWS IAM key into the system provides the capability to get fabric level details for their AWS environment.

    •EC2 instances
    •EBS volumes
    •ELB load balancers
    •Auto Scaling groups and Availability Zones
    •Elastic Beanstalk applications
    •CloudFormation stacks
    •CloudWatch Alarms
    •CloudWatch Custom Metrics

    If OpsInsight wants to target the cross platform as its goal, this should be a priority target.

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Custom Logs (import and delete) and add custom timestamps

    One amazing idea is create custom fields on custom log sample process. Another good idea is add more timestamp samples (like ISO 8601 format, YYYYMMDDThhmmss.fffK where YYYY: Year, MM: Month, DD: Day in month, T: Delimiter, hh: Hour, mm: Minutes, ss: Seconds, fff: Milliseconds, K: Time zone offset) or add the possobility to create a custom timestamp.
    It will be possible delete some imported custom logs to make some tests?

    51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’re planning on allowing you to import/export Custom Logs & Fields via the UI & ARM Templates. We’re currently implementing the ARM support today for most of Settings in OMS.

    Thanks for sharing some of the timestamps you need. Feel free to e-mail them to me here: evanhi(at)microsoft.com

    We’re actively planning way for you to specify timestamps yourselves.

  4. Security and Role Based Access Control (RBAC)

    Hi all. I have been trying to get my security team to allow us to join the preview, however they have been pushing back. Is there a way to control users' ability to only view data from inside the corporate network? I.e. not over the web.

    Also, within the product, can you give role based access, e.g. application teams only have access to app data etc?

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  5. 49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Here the requirement is clear/obvious. We just have not prioritized this work yet.

    The overall ‘performance’ data collection needs to be refined – not just for Linux.

    Right now we only collect/provide hourly aggregates of some specific performance counters related to HyperV for the ‘Capacity Intelligence Pack’ scenario.

    Real time monitoring scenario might need some different shape of performance data to start with, before we enable this for Linux or for Windows alike, i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519061-collect-custom-windows-performance-counters

  6. Send logs for all Office 365 audit log entries/schemas

    Currently O365 logs are only collected for AzureActiveDirectory, Exchange, SharePoint and OneDrive workloads. Please add support for other audit log schemas as well, eg. the ones that are exposed via Office 365 Management Activity API: Teams, PowerBI, Sway, Yammer, ...

    49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valuable feedback. Your feedback is open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  7. Computer Groups - Azure Resource Groups

    Computer Groups based on Azure Resource Groups and / or Azure Tags.

    49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add support for SQL Databases

    To complete the monitoring scenario with PaaS services in Azure we will value the possibility of adding Operational Insights for Azure SQL Database to help to detect complex escenarios and points for improvement (most heavey queries, concurrency, use of the performance tiers, DTUs, in my apps, detect cpu consuming queries, RAM consuming queries, etc.).

    49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. OMS portal login timeout

    Ability to increase portal logout timeout from default 30 minutes to kore or less.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  10. Collect Log Analytics Logs by vNet not through internet.

    We would like to collect logs without going through the internet.
    We need to be able to connect some URLs on the Azure Datacenter via the Internet.
    Communication is encrypted and URLs are fixed, but important data such as security logs are sent, so it is more secure if we can collect it simply by connecting to vNet.
    If this feature is implemented, we can collect more important data such a customer data and audit information.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  11. User specified delimiter for custom logs

    Request to introduce user defined delimiter for Custom logs

    We run into issues where we're unable to delimit RabbitMQ log timestamp format
    dd-MMM-yyyy::HH:mm:ss
    Unfortunately, there is no configuration for us to change that timestamp format in RabbitMQ and have to implement a heavy workaround in order to work around this to convert it to a date time format supported by Microsoft then forwarding it to OMS.

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. NLog target for OMS data collector API

    Please implement a NLog target for the OMS data collector API

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Next Generation Firewall Solution Pack

    Possibility of leveraging OMS for log correlation/SIEM with 3rd party firewalls such as Cisco, Fortinet, Sonicwall, etc. Maybe have vendors create OMS solution packs for their product offerings to sell?

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. SNMP

    We need to have a way to send SNMP data for network devices (snmp get or snmp traps) to OMS directly from gateway servers instead of implementing UNIX machine in the middle. this will help us a lot in measuring availability and performance of our network devices as well as define some security baselines for monitoring. we should not have to depend on unix to do this!!

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. Option to select Resource-Specific with CLI, PowerShell and Rest API for collect resources logs

    Please add an option to select Resource-Specific with CLI, PowerShell and Rest API for collect resources logs.
    The documentation https://docs.microsoft.com/en-us/azure/azure-monitor/platform/resource-logs-collect-workspace#select-the-collection-mode shows it's currently not possible to select this destination with a script. So all logs will be stored by default to AzureDiagnostics and we can face some limits with the number of columns of the table.
    It's also recommended by Microsoft to select Resource-Specific target tables, but in our context, we need to be able to do it in an automated fashion. Thanks

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  16. Skip operator for Query Search

    Old version Log Analytics has 'Skip' operator.
    But now, New version of Log Analytics Query does not have 'Skip' operator.

    I want this feature.
    Because when we use Query via REST API, for limitation about Log Analytics API, we cannot download all logs at one time.
    So, we must execute API many again and again.

    If there is 'skip' operator, I can use 'skip' and 'limit' for repeat.
    Now because there is no 'skip' operator, I don't get log from Log Analytics via REST API.

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  17. Send alerts with resolved state for log alert rules

    Related with: https://feedback.azure.com/forums/267889-log-analytics/suggestions/12898992-activated-resolved-states-for-alerts-with-auto-res

    The documentation says:

    Log alert rules comprise of custom query-based logic provided by users and hence without a resolved state. Due to which every time the conditions specified in the log alert rule are met, it is fired.

    It would be nice if there were a possibility that if the alert is fired, and the next time the query is executed it does not satisfy the condition to be fired again, then a resolved alert could be sent.

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  18. software inventory

    I'd like to be able to perform full software inventory on servers and be able to identify non-current versions of programs installed, i.e. JAVA, Adobe Reader etc.

    Management Suite should be able to push the newest versions to servers.

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  19. Microsoft Teams integration with Azure Log Analytics

    How to integrate, connect Microsoft Teams to Azure Log Analytics? and send Microsoft Teams logs to Azure Log Analytics

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Being able to collect logs from OSX clients. All logs would be great; I'm specifically interested in security related events.

    Natively (no agent) send Syslog traffic to a collection point and have it upload the logs to Log Analytics.
    Use an agent to install on OSX that can send OSX logs to a collection point or direct to Log Analytics.
    I’m specifically interested in security related logs from Mac client machines on Enterprise networks. That said if were able to collect logs it shouldn’t be limited to security information. It would be nice to be able to see patch level, ability to collect all logs, performance metrics, etc.

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base