Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Oracle License regarding V3 servers ( hyperthreading )

    Hi
    Pls. talk with Oracle to get same license policy as Amazon cloud.
    Amazon is mentioned in Oracle license policy, but not MS Azure.
    http://www.oracle.com/us/corporate/pricing/cloud-licensing-070579.pdf

    We are currently making assesment for a large customer. License policy favours for on-prem virtualized solution as two vCPU equals one in terms of license price.

    With the newer v3 VMs it should be posible to get the same :-)
    Kind regards
    Asger

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →
    • HTTP / PowerShell Capability to Regenerate Primary and Secondary OMS Keys

      Currently the OMS Portal has the capability to regenerate the OMS primary and secondary keys. This must be a manual step. This is quite dangerous as the URL is open to the Internet - if anyone gets to know either key then they can do a HTTP POST into our OMS workspace. We need to be able to regenerate these over HTTP or PowerShell.

      There isn't any option of regenerating via the Azure Portal and I can't find any API that might allow this to be done. The only closest match I found is the 2015-11-01-preview API which is now…

      33 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
      • Make the new API great again!

        The new API with the upgraded workspaces is great, but the result of a HTTP Get to get search results via a URL query results into a 'nested' JSON object, and not a key:value pair like the old API had.

        This makes it impossible to parse for the 3rd party app we are using to work with the results.

        Example old API:

        {
        "SearchResults": {
        "id": "subscriptions\/00000000-0000-0000-0000-000000000000\/resourceGroups\/oi-default-east-us\/providers\/Microsoft.OperationalInsights\/workspaces\<string>",
        "__metadata": {
        "resultType": "raw",
        "total": 3,
        "RequestId": "<string>",
        "Status": "Successful",
        "NumberOfDocuments": 0,
        "StartTime": "<date>",
        "LastUpdated": "<date>",
        "ETag": "<tag>",
        "sort": [
        {
        "name": "TimeGenerated",
        "order": "desc"
        }
        ],
        "requestTime": <value>
        },
        "value": [
        { …

        15 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →
        • OMI rpm %noreplace

          Please add the %noreplace option to omi RPM spec , every time omsagent is updated as part of azure oms extension. /etc/opt/omi/conf/omiserver.conf configuration is being restored to blank. we are using httpsport=1270 in the configuration as it is recommended here

          https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-linux#enable-the-oms-agent-for-linux-to-report-to-system-center-operations-manager

          8 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • import data

            It would be good to have a way to automatically import azure tables into log analytics. Currently the only way is to call log analytics and after call azure tables to have a data replica. Other possibility it would be to export data from Log Analytics into azure tables. Currently log analytics is kind of a black box since the only way to pull or push data is through the API.

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
            • Analyse logs from App Service in the OMS portal

              Hello,

              I would like to Analyse logs from an App Service in the OMS portal, right now it's posible to save those logs in a storage account but this one can't be linked to the Log Analytics for an analysis in the OMS portal.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  OMS Gateway  ·  Flag idea as inappropriate…  ·  Admin →
              • Update Compliance needs to allow selection of Feature Update versions

                In Update Compliance, we have all our devices reporting as missing a Feature Update. We are currently running 1607 and if we then choose to go to 1703 instead of 1709, I want to see all machines missing 1703 specifically and not still show all missing Feature Updates because Microsoft have released 1709.

                Without this, Update Compliance is of little interest to us. With it, it is a vital tool

                2 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • ability to organize myself the intellingent packs on portal

                  Would be great to have the ability to organize myself the structure of the portal, for example put on TOP the management pack that are the more interesting (relevant) for me.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
                  • Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

                    Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

                    Is there a way to come around some major limitations when creating Alerts? The biggest problem is the Time Window restriction. This restricts us from searching in data older than 24 hours when creating an alert. I expect a record for a custom MessageType
                    to arrive once a week, i am not able to create an Alert if this message does not appear as expected.
                    The retention days for OMS Log Analytics is minimum 31 days according to this article: https://blogs.msdn.microsoft.com/…/change-oms-log-analytic…/
                    Why do we then…

                    25 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
                    • System Update - Assessed Computer donut chart is misleading

                      The Assessed Computer donut chart on the Overview - Update Management page is misleading in how it represents the actual number of updates needed. It is my understanding that the rollup is based on worst classification as computer has and computers are not counted in each severity bucket. Take a look at the screen shot I attached. The count for Critical Updates (7) is correct. The count for Security Updates is (5), however looking at the table below we can easily count (10) computers that need Security, but my understanding is that since 7 of those 10 computers also need…

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • UI Confirmation For Initial Scan

                        Provide feedback for when the 'baseline state' is captured so that we know when we can start monitoring for changes to the system.

                        I plan on using this tool to diagnose why installing software on a Linux VM renders it useless upon next boot. Therefore I want to know when the baseline has been established before I start the installation process.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Change Tracking Solution  ·  Flag idea as inappropriate…  ·  Admin →
                        • About update management documentation

                          Regarding the operation of Update Management of Log Analytics, Linux has no detailed disclosure information on Windows. We confirmed support and confirmed using yum, but I would like to improve the information on Linux monitoring.

                          6 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
                          • Is the any plan to provide compatibility for 3.10.0-693 kernel?

                            Is the any plan to provide compatibility for 3.10.0-693 kernel?

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
                            • scroll bar does not work in chrome and Safari

                              When going to the OMS Alert list (Overview->Settings) in chrome (Version 61.0.3163.100) and Safari (Version 10.0.3 (12602.4.8)) on MacOS (Version 10.12.3 (16D32)) the scroll bar does not appear on the screen when you have more Alerts than is available in the list. Nor are you allowed to scroll down the list of alerts with a scroll wheel when that component of the screen has focus.
                              The Scroll Bar works fine in FireFox (56.0) on the same computer. I have replicated this on multiple MacBook Pro's.

                              25 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                3 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
                              • Linux Dependency Agent RHEL kernel support

                                The latest Linux Dependency Agent installer does not yet support RHEL 7.3 kernel release 3.10.0-693 (Security Advisory RHSA-2017:1842). Is it on the release roadmap?

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
                                • How do we automate adding users to Log Analytics using arm template?

                                  How do we automate adding users to Log Analytics using arm template?

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Filters in OMS

                                    It would be great if you could provide a set of entities without case sensitive names, or at least provide a set of entities that do not have the same name. I have found clientIp_s and clientIP_s ..... they are different!

                                    A bit difficult to filter !

                                    4 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Ignore the mouse (until click) when suggesting searches

                                      Ignore the mouse over suggestions in the search field, unless an option is clicked. When typing in a search query, I hit enter to execute the search and OMS selects one of it's suggested options because the mouse happened to be left in the middle of the screen.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                      • OMS - AD Replication status - A recognition error occured. Token: "ServerName". Postion: ***

                                        We receive a positonal error after upgrading OMS to a new query language. The OMS language query upgrade resulted in some built-in queries stopped working, for example the built in query which throws error for AD Replication: ADReplicationResult | summarize arg_max(TimeGenerated, *) by SourceServer, DestinationServer, PartitionName, TenantId | where LastSyncResult != 0 and "DestinationServer == "ServerName.DOMAIN.Local"" | sort by TimeGenerated desc ->
                                        A recognition error occured. Token: "ServerName". Postion: ***
                                        An error position *** is pointing towards the first qoute character just before the ServerName. After a minor modification the query works: ADReplicationResult | summarize arg_max(TimeGenerated, *) by SourceServer, DestinationServer,…

                                        6 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  OMS Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                        • User specified delimiter for custom logs

                                          Request to introduce user defined delimiter for Custom logs

                                          We run into issues where we're unable to delimit RabbitMQ log timestamp format
                                          dd-MMM-yyyy::HH:mm:ss
                                          Unfortunately, there is no configuration for us to change that timestamp format in RabbitMQ and have to implement a heavy workaround in order to work around this to convert it to a date time format supported by Microsoft then forwarding it to OMS.

                                          22 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          ← Previous 1 3 4 5 37 38
                                          • Don't see your idea?

                                          Feedback and Knowledge Base