Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Fix Operations Manager Health Service Modules Event ID 26007

    Operations Manager fails to collect events from the Windows Security Event log, because the EventLog service concludes the Security Event log is corrupt. The underlying reason appears to be corrupt events in the Security Event log generated by the Microsoft Monitoring Agent. See attached screenshot.

    I'd like some help troubleshooting this issue. Thanks.

    Marco

    Log Name: Operations Manager
    Source: Health Service Modules
    Date: 2/3/2016 3:36:30 PM
    Event ID: 26007
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer:
    Description:
    The EventLog service reported that the Security event log on computer '
    ' is corrupt. The Windows Event Log Provider…

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. sccm support\configuration manager

    connection for SCCM 2012 R2 so that we can see all hardware inv data on all managed servers

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. OMS Agent should not consume excessive CPU/memory space

    The OMS Agent for Linux takes up a large amount of CPU/memory space, which causes issues when running on Kubernetes clusters. Azure Security Center automatically installs the OMS Agent on all VMs, and users are frustrated by having to uninstall it in order to regain the CPU/memory space. The OMS Agent should not take up an overly large amount of CPU/memory space.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. 'render timechart' should support logarithmic y-scale

    Currently I need to manually exclude one series that has especially high values from my timechart. It means that the automatic scale has a very high max which means that the other series are not easily viewable.

    I'd like a parameter to 'render timechart' that lets me specify a log y scale, it will help all series to be visible.

    It's a fairly common feature in data visualization generally.

    I actually want this for Application Insights Analytics (https://feedback.azure.com/forums/357324-application-insights/suggestions/14110047-add-logarithmic-scale-to-charts). I'm not sure the right place for these requests now that there is standard Log Analytics Query Language.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  5. Disable Agent Data Collection from OMS Portal

    Allow to enable/disable/schedule data collection of specific agents. This allows keeping data volume down during tests (e.g. pen or security testing) that might generate lots of events that could you go over the licensed data collection threshold. Maybe combinable with OMS Alert supression.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Add Ability to launch runbooks from the OMS mobile app.

    Currently we can link a runbook to an alert in OMS, but it would be nice to be able to launch a runbook manually from the OMS mobile app when an alert is received. This gives the operator first time to investigate the issue and minimizes the MTTR.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  7. Custom Fields to more CL

    Please, enable capability to apply a single custom field to more CL. Or, capability to create a Sub-CL

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Network Performance Monitor linux

    Network Performance Monitor Support for Linux OMS Agent

    Would love to use Linux Nodes for Service Connectivity and Performance Monitor as part of the Network Performance Monitor solution.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Network Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  9. Ability to see what resources support Resource-Specific Diagnostics

    Currently we aren't able to determine which resources support Resource-Specific Collection Mode. It is buried in the documentation for each resource: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/resource-logs-collect-workspace It would be gratefully beneficial to have a complete list seeing Microsoft is recommending users to switch to this mode for their resources where applicable due to the 500 field limit on the AzureDiagnostic Table

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Azure trafic manager logs with OMS

    it would be great if we could have logs of Azure traffic manager in OMS

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. RBAC - DA - SLA

    I was thinking about synchronizing OnPrem SCOM Distributed Applications to Insight, toghether with SLA/SLO,
    or an option to create DA in Insight (group objects) + the option to add RBAC to the group, this would eliminate the need to publish dashboards in SharePoint (or give access to SCOM) for tenants to see the general health of their scope of servers/applications

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  12. extend perfmon counters from sql named instances

    The names of SQL Performance Counters depend on the instance name. At the moment, if we want to collect SQL Perf mon counters from all SQL Servers in our environment, we need to enter every named instance (and then maintain when new named instances come online). We'd like to be able to use a placeholder in a similar way to SCOM:

    In SCOM, we can use the following whereby the PerformanceCounterObject picks up the counter name (based on the instance name):

    $Target/Property[Type="SQLServer!Microsoft.SQLServer.DBEngine"]/PerformanceCounterObject$:Memory Manager

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Disconnect OMS from SCOM

    If I want disconnect OMS from my SCOM environment is not possible unless I remove a MP that manage this component. This is not good for experience and also require many days after complete cleaning can be done from OMS.

    You should introduce a Disconnect button to detach SCOM from OMS with the automatic remove of SCOM MG into OMS portal.

    S

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

    https://technet.microsoft.com/en-us/library/mt484104.aspx#To-remove-a-connection-from-Operations-Manager-to-OMS

    To remove a connection from Operations Manager to OMS

    You can remove the Microsoft System Center Advisor Secure Reference Override management pack to disconnect the Operations Manager from OMS.

    Another way to stop sending data to OMS is to remove all Operations Manager computers that are registered to OMS.

  14. ADFS Auditing

    It would be great if Log analytics could correctly identify and parse ADFS audit events. currently they are identified as "500 - The Desktop Window Manager is experiencing heavy resource contention."

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. Allow community sharing of Saved Searches

    Enable OMS users to share a saved search into a community search gallery that enables other users to search by category/tags, view a search, and add it to their workspace under a given category.

    Please give additional comments and suggestions below!

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →
  16. SharePoint ULS

    It would be great to be able to have a log type for SharePoint ULS logs.
    The Custom Logs is a great step in this process, but still seems clumsy.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Link Multiple Account into Workspace

    In this moment is possible manage only the resources linked to the Workspace account. This means that is not possible link a different account where I want have Backup/Automation status.

    As consultant this is a big limitation because I can monitor the computers from one subscription but not some advanced resources, in case the customer has Azure Backup/Automation.

    S

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  18. Retrieve the portal time span and use it inside the kusto query

    I am trying to access the time range selected from portal and use it inside the kusto query to show some metric (% uptime of a specific api using our custom logic).

    Documents does not mention any variable or function that we will help to access the time range selected from portal.

    It would be helpful to have a magic variable to see the time range selected from portal.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  19. We should be able to customize the email body of the email notification generated by Alerts.

    So, Alerts will be sending default emails.. we should be able to generate the customized email with the search results.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  20. Windows Server Cluster log collection.

    This would be invaluable in investigating failure issues and correlating them to external problems (ie, SAN problems)

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Windows Server 2003 and before were using TEXT log files http://support.microsoft.com/kb/168801

    Windows Server 2008 and beyond use ETL traces – http://blogs.msdn.com/b/clustering/archive/2008/09/24/8962934.aspx

    Also refer to these generic ideas:

    Text log files collection tracked here http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files

    Collection of ETW traces is tracked here http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6691402-collect-etw-trace-logs

  • Don't see your idea?

Feedback and Knowledge Base