How can we improve Azure Log Analytics ?

Long-Running Saved Searches (or scheduled) that can generate an Alert and/or email notification

This could be useful for daily/weekly reports, as well for 'monitoring' type scenario.
The basic idea is you could be scheduling your query to run every so often, and then take some action such as raising an alert or email you the Excel/CSV results out, etc...

It would again - like dashboards - build on the foundation of 'saved searches' http://blogs.technet.com/b/momteam/archive/2014/07/25/system-center-advisor-limited-preview-saved-searches-cloud-attach-status-and-usage-and-more.aspx

You could ask HTML/Text or Excel output of results, or a customizable message you define, like in a SCOM Alert http://blogs.technet.com/b/momteam/archive/2014/08/29/check-it-out-export-advisor-search-results-to-excel.aspx

Or it could produce an Alert and store it in Search.

Or all of the above?

91 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Daniele Muscetta (Operational Insights, Program Manager) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    completed  ·  AdminOMS Log Analytics Team (Admin, Microsoft Azure) responded  · 

    Thanks for voting for this suggestion.

    We’ve now enabled the ability to have the results of a search generate either an e-mail notification or call an Automation runbook.

    Read more on about it on our blog:
    http://blogs.technet.com/b/momteam/archive/2015/12/02/announcing-the-oms-alerting-public-preview.aspx

    Try it out and then make additional suggestions on the feedback site.

    9 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Don't want to use a custom dashboard as I would either like a daily email with the new alerts that got created or as alerts get created an email alert like SCOM. Probably like most we are not looking at the console all day and at least an email alert would allow us to flag it our email as something we need to follow up on.

        To further expand this could a daily or at least weekly email be generated for the recommendations.

      • Anonymous commented  ·   ·  Flag as inappropriate

        excellent tool, perhaps one feature to add is the possibility of sending an automatic email to user mailboxes on ocurrence of defined triggered avents such as malware detection or administrators logon.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Too make this more of a compliment to SCOM, this service needs notifications like you have in SCOM. This service has some things in it that SCOM doesn't and I would like to not have to login to the console to find those alerts.

      • Hélder Pinto commented  ·   ·  Flag as inappropriate

        Fire and forget would be enough for a first implementation. Ideally, the alert message should come not only with the raw results themselves (for example, a query for "measure avg(TimeTaken) by Computer" will return only computer and average response times), but also with the "side data" that is so much helpful in many situations (client IP distribution, status codes distribution, etc.).

      • Anonymous commented  ·   ·  Flag as inappropriate

        Strong support from my side. We have the exactly same scenario and would like to have Monitoring as SaaS.

      • Martin O'Gorman commented  ·   ·  Flag as inappropriate

        I think email alerts is a must. We are currently using operational insights (as I think its great) and I feel this is a limitation i.e. virus alert notification.

      • Fabrizio commented  ·   ·  Flag as inappropriate

        is possible send and sync OpInsight "tips" and "raccomandations" collected by Intelligence Pack, from OpInsight to Operations Manager to manage this as alert and notifications SCOM?

      Feedback and Knowledge Base