Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Power BI dataset in PBI desktop

    The PowerBI dataset that OMS creates via the PowerBI OMS export is apparently ONLY available in the PowerBI service (the website). We can't access with PowerBI Desktop, therefore we can't create datamodel or create measurements for the OMS exported dataset. This makes the excel connection completely useless.

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Consolidate OMS Agent and ServiceMap Agent

    Can we get a single agent for this solution? We are getting a lot of push-back on having two install two agents to get this functionality.

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →

    This is something we are actively working on. Note that the two agents will likely never be fully consolidated into a single executable. What we are going to do is make it easier to manage the Dependency Agent so that in most cases, it’s not a separate manual install.

  3. HTTP / PowerShell Capability to Regenerate Primary and Secondary OMS Keys

    Currently the OMS Portal has the capability to regenerate the OMS primary and secondary keys. This must be a manual step. This is quite dangerous as the URL is open to the Internet - if anyone gets to know either key then they can do a HTTP POST into our OMS workspace. We need to be able to regenerate these over HTTP or PowerShell.

    There isn't any option of regenerating via the Azure Portal and I can't find any API that might allow this to be done. The only closest match I found is the 2015-11-01-preview API which is now…

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  4. Choosing default time range

    Would like an option to choose the default time range.

    It seems it defaults to last 24 hours and on some of my dashboards it shows me no data, but as soon as I change it to 7 days I see the data.

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support a service tag which denotes the IP address space for Log Analytics

    Currently, we don't support a service tag which denotes the IP address space for Azure Log Analytics service. There are scenarios where a customer would like to allow only the outbound traffic to the Log Analytics service by using NSG. Such customers are requires to whitelist all IP addresses of Azure datacenter. However the customers need to update the settings of NSG every week because there's a possibility that the Azure IP ranges are changed once a week. This requires complicated procedures and high-maintenance. So, it would be great if the service tag for the Log Analytics service is supported…

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Multi tenant management for the enterprise

    Azure Operational Insights Portal screen can be viewed is subscriber only. The Azure Operational Insights enterprise-friendly features as a subscription for more than one portal screen can review together and happy.

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

    Currently, you can add your users fro the ‘settings’ page and invite either LiveID or AAD users/groups to access the workspace directly from https://preview.opinsights.azure.com/

    You can have direct agents and SCOM management groups that live in different subscriptions than the one the workspace is linked to. The only scenario that is limited at the moment is ingesting data from storage accounts (WAD data). We are investigating for how many this is important enough to allow cross-subscription reading of Storage accounts.

    Also read this other thread for an additional requirement we have heard in this area http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519233-improve-multitenancy-for-managed-services-provider#comments

  7. SNMP

    We need to have a way to send SNMP data for network devices (snmp get or snmp traps) to OMS directly from gateway servers instead of implementing UNIX machine in the middle. this will help us a lot in measuring availability and performance of our network devices as well as define some security baselines for monitoring. we should not have to depend on unix to do this!!

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. put service map in Australia.

    add it to Australia regions :-)

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
  9. One Microsoft Client

    One Microsoft Cloud Client
    Please provide one client for azure (or maybe also office365) with the possibility to expand this client with features.

    Actually we have to install many small Clients for intunes, several for OMS and so on.

    Maybe it could be one intunes managed client-Software and if there are for example on one machine OMS-features needed, then we can just choose which Feature on which client and the client downloads and installs everything. Same for AIP, Dynamics Plugins and so on.

    Thanks, Martin

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Analyse logs from App Service in the OMS portal

    Hello,

    I would like to Analyse logs from an App Service in the OMS portal, right now it's posible to save those logs in a storage account but this one can't be linked to the Log Analytics for an analysis in the OMS portal.

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  OMS Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  11. Target Solution packs to group of computers/data centers

    I don't want to use *ALL* solution packs on *ALL* onboarded servers. At the moment the only workaround is to create workspaces by solution pack and maintain your server list by solution packs.

    1) While Adding a Solution; optionally specify groups to target. (e.g. All; only this group members or All groups except members of this group)
    2) Track data/$$ by solution pack and by servers/user defined groups. This can be used to Alert when a SP or computer/group consumes more than expected-->trigger runbook to unload SP on the server.
    3) Configure data flow by restricting (Servers; solutions;group of servers;…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Building tiles and views based on saved Analytics queries

    At the Moment we have to design a query in Analytics Portal, saving it for later re-use and then copying the query into View designer to visualize the result.
    It would be really helpful to be able to base views on saved queries. Instead of pasting the query it would be helpful to simply select a saved query. If then someone Edits the query the visualization gets automatically updated.

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Multiple Accounts in Backup Solution

    For the Backup solution, need to be able to add more than one vault account.

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  14. Fix Operations Manager Health Service Modules Event ID 26007

    Operations Manager fails to collect events from the Windows Security Event log, because the EventLog service concludes the Security Event log is corrupt. The underlying reason appears to be corrupt events in the Security Event log generated by the Microsoft Monitoring Agent. See attached screenshot.

    I'd like some help troubleshooting this issue. Thanks.

    Marco

    Log Name: Operations Manager
    Source: Health Service Modules
    Date: 2/3/2016 3:36:30 PM
    Event ID: 26007
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: ***
    Description:
    The EventLog service reported that the Security event log on computer '***' is corrupt. The Windows Event Log Provider…

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. sccm support\configuration manager

    connection for SCCM 2012 R2 so that we can see all hardware inv data on all managed servers

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. OMS Agent should not consume excessive CPU/memory space

    The OMS Agent for Linux takes up a large amount of CPU/memory space, which causes issues when running on Kubernetes clusters. Azure Security Center automatically installs the OMS Agent on all VMs, and users are frustrated by having to uninstall it in order to regain the CPU/memory space. The OMS Agent should not take up an overly large amount of CPU/memory space.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Log Analytics query with tags

    I would like to include tags in log analytics queries.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Collect Log Analytics Logs by vNet not through internet.

    We would like to collect logs without going through the internet.
    We need to be able to connect some URLs on the Azure Datacenter via the Internet.
    Communication is encrypted and URLs are fixed, but important data such as security logs are sent, so it is more secure if we can collect it simply by connecting to vNet.
    If this feature is implemented, we can collect more important data such a customer data and audit information.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  19. Disable Agent Data Collection from OMS Portal

    Allow to enable/disable/schedule data collection of specific agents. This allows keeping data volume down during tests (e.g. pen or security testing) that might generate lots of events that could you go over the licensed data collection threshold. Maybe combinable with OMS Alert supression.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. Add Ability to launch runbooks from the OMS mobile app.

    Currently we can link a runbook to an alert in OMS, but it would be nice to be able to launch a runbook manually from the OMS mobile app when an alert is received. This gives the operator first time to investigate the issue and minimizes the MTTR.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base