Real time / Near Realtime Data Collection
This could show events as they happen or collected and see the actual time of the logs. This would help to troubleshoot incidents as they are happening.
Also we could collect logs from different time zones and be able to correlate them.I am not sure how that is handled now if I have a server on the west coast and servers on the east coast adn troubleshooting event logs between the two.
We have done and are doing even more work to enhance the speed at which we can index, so that the latency is reduced (=you don’t have to wait too long for data to be searchable) and we can enable more real time use.
Latency is down to a few minutes in most cases these days (for data like logs – that does not need pre-processing; some scenarios have intrinsic delays) – but we aren’t stopping there and continue working on improving our latency all the times.
The Azure SLA doc contains now a paragraph on Operational Insights http://azure.microsoft.com/en-us/support/legal/sla/
As for correlating times, the TimeGenerated field represents the time from the original windows machine that produced the event. Everything is stored in UTC at this time, we have not done any ‘confusing’ globalization work yet to show local times, hence regardless where the machine is on the globe, its data will be recorded as UTC, not its local adjusted time.
Please refer to this other idea for showing local time http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6728221-display-in-local-time
Note that this applies to things that are sent often - i.e. Events from event logs, Alerts from OpsMgr, etc.
IIS Logs are copied when the files are closed/rotated - not as entries are written; hence it depends on log rollover policy.
Performance data used for Capacity Planning gets pre-aggregated in hourly shape in the cloud, so it has a 'by design' delay at this stage.
Some other scenarios such as 'assessments' do NOT have real time characteristics - they send data on a schedule which can be hourly/daily or even weekly in some cases.