Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Service Map support on Ubuntu

    Ability to install the Dependency Agent on Ubuntu

    498 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
    • Support other Antivirus products in Malware Assessment

      I added the Malware Assessment Intelligence Pack today, and it seems to be listing all of my servers as not having any real time AV protection. The servers in question are running Symantec Endpoint Protection. I looked in the description of the intelligence pack to see what AV products it works with, but didn't find that info.

      [Edited during forum migration: comments/responses in the old forum included Symantec and Sophos]

      486 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        28 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
      • Multi tenancy: Collect Azure Health logs from different Azure tenants

        We manage Azure tenants for multiple companies. We want one central monitoring and automation Workspace to manage all these different tenants.
        Although you can collect data from vm agents in different Azure tenants as well as data from different Office365 tenants it is not possible to get the Azure Health logs from different tenants into one OMS Workspace.

        447 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          4 comments  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →
        • Support for ARM Backup and Site Recovery vaults

          Support for ARM Backup and Site Recovery vaults, as well as multiple vaults per workspace.
          OMS only supports Classic (ASM) vaults, and it also supports only 1 Backup vault per OMS workspace, this sounds like a big limitation.

          417 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            29 comments  ·  Azure Resource Management  ·  Flag idea as inappropriate…  ·  Admin →
          • Add support for autorefresh dashboards and session never expire.

            Add support for automatic refresh/session never expore.
            Autorefresh each x seconds on dashboards and main overview Dashboard.

            This will solve the problem when using OMS dashboards as operationcenter with monitors. The sessions expires to often and the content do not autorefresh.

            399 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              under review  ·  8 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
            • 6 hours SLA on indexing custom log data is a very long time to alert on

              According to this article https://azure.microsoft.com/en-us/support/legal/sla/log-analytics/v1_1/ SLA on indexing log data might take up to 6 hours. OMS has built in alerting that allows you to trigger actions within 5 minutes of data arrival. But if indexing takes more than 5 minutes - then what's the point of creating alert that might trigger on something that is no longer a problem, or not trigger at all if there is real problem. What is the average data indexing time? Log Analytics would be much more useful and have many more applications in real world if that indexing time is much lower. 6…

              303 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • 302 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  9 comments  ·  Change Tracking Solution  ·  Flag idea as inappropriate…  ·  Admin →
                • 301 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Access read only Dashboard directly from URL

                    Maybe IT can be (partially) achieved by RBAC but we would like to have the possibility to access a read-only version of the dashboard just bij entering a URL. The dashboard should not have a timeout. this way we can put the dashboard on a big screen (and when the possibility of multiple dashboard is enabled) we kan put multiple big screens on our service desk.

                    Access to this dashboard should be restricted by IP address and/or an URL or something like this.

                    301 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      4 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →

                      Not something we currently prioritized, but let’s see how much interest it generates.

                      So far we indeed think of this more in terms of spreading knowledge/information to the right people thru RBAC on their devices (i.e. see Mobile app to always be close to the data…).

                    • Improve multitenancy for managed services providers

                      Currently we can have one subscription per MG and/or consolidate multiple MGs into one single subscription. What's missing is the ability to have groups of different systems from the same MG to report to different subscriptions. In management as a service scenario for SMB customers it's often impractical to have 1 MG per customer, rather multiple customers are consolidated into one infrastructure (MG) and then access is limited via scoping. Bring this to Advisor, please.

                      286 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        6 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

                        We’ll be working to bring this functionality in stages over the next several months.

                        One of the first steps is to ensure that workspace creation and configuration can be done programmatically.

                        We’re also looking at how to report across multiple workspaces.

                      • Provide an Intelligence Pack for System Center Service Manager

                        Create an intelligence pack for System Center Service Manager to provide additional analytical data for problem management, incident analysis, and configuration item analysis.

                        272 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • StorSimple Management from OMS

                          Could it be possible to add StorSimple to the OMS dashboard? I would like to see monitoring, usage, updates and snapshots from within the dashboard.

                          262 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                          • Azure Operational Insights for on-premises

                            We want to install "Azure Operational Insights" to on-promises.
                            Many of customer can not upload their logs to Azure (legal or etc...).

                            257 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              13 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Azure Machine Learning with Log Analytics

                              1 on OMS with Azure ML. As organizations lack the ability to mine through mounds of log data to detect trends and determine what services are running well and which services may need help.

                              Problem Management is one of the processes that requires Incident/Event data to determine trends. Many organizations struggle with this as they need to have a person look at this data and analyze it. Using OMS Analytics data and pumping to through Azure Machine Learning and providing insights would be valuable to IT organizations.

                              This would increase IT Organization’s maturity and drive business value.. I see a…

                              257 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • Support Nano Server

                                Support Nano Server

                                251 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  11 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Use Windows Event Forwarding (WEF) to send events to OpInsights

                                  Would it be cool if you could configure Windows Server WEF (Windows Event Forwarding - http://technet.microsoft.com/en-us/library/cc748890.aspx ) to send to Advisor for Log Management scenario, without using the SCOM agent ?
                                  Alternatively, if one already has a forwarder/collector (WEF/WEC) architecture in place, could it be possible to use just one SCOM agent/gateway to pull the 'forwarded' logs stored on that collector from that single box to the cloud.

                                  238 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                  • Allow to print, email, and schedule Capacity Reports

                                    It would be good to be able to generate reports that could be printed, emailed, and scheduled for regular delivery. This would make consuming and disseminating the capacity analytics much easier.

                                    199 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      8 comments  ·  Capacity Management Solution  ·  Flag idea as inappropriate…  ·  Admin →

                                      I am interested in understanding – would this be a requirement for just (or mainly) the Capacity Intelligence Pack’s screens/pages, or should this be something ‘generic’ for all Intelligence packs?

                                      It might be not really easy nor feasible nor forward looking to properly ‘print’ the current hand-coded pages / dashboards.

                                      The direction we are thinking for the product is more around the SEARCH feature, to eventually allow you to do your own queries and analytics…

                                      See these related ideas that are based on search and would ALSO enable the scenario of ‘consuming the data outside of the portal’

                                      http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-run-saved-search-on-a-schedule-raise-alert-and-

                                      http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519057-programmatically-submit-search-requests-and-receiv

                                      http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519212-advisor-mobile-app-i-like-to-create-my-own-dashbo

                                      what do you think?

                                    • Collect IIS Logs from Windows Azure Diagnostics storage (WAD) for Azure Web Sites

                                      Azure WebSites write to WAD in a different folder structure. The work of this other idea http://feedback.azure.com/forums/267889-azure-operations-insights/suggestions/6519377-collect-iis-logs-from-windows-azure-diagnostics-st enables reading those IIS logs for Azure Cloud Services (i.e. web role instances) but not for Azure Web sites.
                                      This new idea is for the latter scope.

                                      157 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Collect IIS Advanced logs

                                        Allow the collection and addition of custom fields using advanced logging or custom IIS modules. Example is to add x-forwarded-for to IIS logs in W3WC format.

                                        155 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)

                                          Let’s see how many come here and vote this, but we probably won’t special case this one log type ourselves.

                                          We are anyhow doing work to enable per-tenant schema (since your fields would be different than mine) – tracked as part of the ‘custom fields’ work http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-allow-to-perform-parsing-and-custom-fields-extract
                                          to be followed eventually by ‘custom logs’ http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files
                                          and
                                          http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc

                                          which will enable this scenario – and many more!

                                        • Real Time Service Change Tracking

                                          Currently with change tracking only polling every hour, if a service stops and restarts before that next hour poll there would be no indication of it happening and therefor no accurate alerting. Ideally for example I would like a real time alert for a service stopping with an action to restart the service.

                                          154 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            8 comments  ·  Change Tracking Solution  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 40 41
                                          • Don't see your idea?

                                          Feedback and Knowledge Base