Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve the process for allowing OMS agents communicate with OMS Gateway

    Currently if you have a server to be monitored by SCOM/OMS, you can configure the monitoring agent to forward event data via an OMS Gateway - to act as your conduit out to your OMS workspace.

    Part of this process requires you run a powershell script, for each host you add to the Windows OMS gateway. You have to run the powershell:
    "Add-OMSGatewayAllowedHost -host <your_new_host>"

    If you have a lot of systems, then you have a lot of manual 'touch-points' needed to do these on a one-by-one basis on the gateway server.

    It would be great if you could have…

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  OMS Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Service Health (or Availiability) Dashboard

      Service health or availability of Azure Services Dashboard is not available to check the availability Status of Azure resources from Log Analytics and also from Azure portal

      And there is no management solution from Log Analytics Gallery to have the availability dashboard.

      Please advice whether Service health Dashboard can be brought into Log Analytics?

      And please add refresh options in Azure portal Dashboard and also in OMS Dashboards.

      And when the live dashboards will be available in OMS and also from Azure Portal Dashboards?

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • New integration with Microsoft ATA logs only the netbios name of the ATA server

        The new integration described her:
        https://blogs.technet.microsoft.com/msoms/2017/03/09/microsoft-advanced-threat-analytics-support-in-oms-security/
        logs only the netbios name for Computer field. The old integration logs the full name of the server (with fqdn). The new integration should log the full name so it matches with the other logs ingested in OMS.

        0 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
        • Cloud App Security

          add cloud app sécurity alert into OMS portal

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
          • Log Analytics - Capacity and Performance Management Solution

            Is it "Log Analytics - Capacity and Performance Management Solution" is generally available??

            I tried adding to Log Analytics. But nothing comes out from the Management Solution...

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Flag idea as inappropriate…  ·  Admin →
            • Log Analytics - Dasboard

              Add Availability Filters for Azure VMs and PaaS components.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • custom filed

                There is no option to remove multiple custom fields (checkbox). Also no option to change the custom field type (from text to numeric).

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
                • Thresholds in view designer. Need both < and > operators, as well as =.

                  In View Designer, it would be great to have color-coded thresholds based on not just > a certain value, but operands for < and = as well. Also, I have a Custom View that is listing out % Free Space per instance, and I am showing everything above a certain threshold as green. The only way to do this currently is to set the default to the Red condition and above the threshold as Green. This works, but it does not save, and every time I go back into the visualization, there is another threshold there called "error". Is this…

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Add multiple Azure subscriptions to OMS workspace

                    At the moment you can't link multiple Azure subscriptions to one OMS workspace. This would be very usefull for MSP's. We are using SCOM to monitor customers on-prem infrastructure and want to link SCOM to a OMS workspace linked to multiple Azure subscriptions.

                    11 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
                    • able to select patches we just need

                      able to select patches we just need, not apply all of them

                      4 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  System Update Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                      • Fix OMS Update Management to allow patch deployment to Server Core

                        Per documentation at: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management

                        "Server Core and Nano Server installation options are not supported."

                        Please fix this so that Server Core is supposed for patch deployments. (At least 2016 Server Core, with Server 2012R2 being appreciated!)

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  System Update Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                        • create data center in canada

                          create data center in canada

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Support access to OMS Workspace with Azure B2B idenity

                            It is possible to access OMS workspaces using the browser using a Azure B2B identity, but using the OMS app only provide the workspaces within your own tenant and not the customers.

                            6 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
                            • Change what Malware Assessment to not consider quarantined items as active threats

                              Malware Assessment alerts on what it considers active threats. Windows Defender - and likely other AV packages - considers quarantined items as inactive threats. Please change Malware Assessment so that quarantined items are not considered active threats.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                              • ports

                                Hi, integrating on prem SCOM suggests that it is trying to establish connection to https://seau.data.opinsights.azure.com/Data/DataProviderService.svc which is not specified in the proxy and firewall list o sites. Is this a recent change?

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                • drill down + back button

                                  Sometimes drilling down appears to break the back button. For instance, say I am in update mgmt, and click the tile to see all missing critical updates. The query is then:
                                  Type=Update and OSType!=Linux and Classification="Critical Updates" and UpdateState=Needed and Optional=false and Approved!=false | measure countdistinct(KBID) as UniqueUpdatesCount by Computer

                                  then it gives me a list of computers. If I click one of the computer names, the query changes to
                                  Type=Update and OSType!=Linux and Classification="Critical Updates" and UpdateState=Needed and Optional=false and Approved!=false Computer="redacted computer name"

                                  If you hit back from that point, it breaks:
                                  Invalid syntax. Unexpected '+measure+countdistinct' at position…

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Account Management not working

                                    In standalone price tier i cant get to manage accounts setting page. When i navigate to it its blank. It is working fine on free tier.

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Severity Level missing from OMS App insights connecter data

                                      Hi,

                                      We've connected our app insights accounts to OMS

                                      Right now all exceptions from app insights are treated with the same severity even though they may have a specific severity level set.

                                      Could you include this enumerable in the data collected by OMS so we can reflect severity in our alerting?

                                      Many thanks

                                      Luke

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Fix update deployment duration (blank isn't an option)

                                        Currently Update Deployments in Update Management has you enter in a total time, per "If Duration is left blank, no time limit will be placed on this update run. If a duration is specified, remaining unapplied updates will not be started after time expires. In progress updates will finish being applied." If you leave it blank or set it to zero, you'll be met with a message (upon clicking Save) that "Duration must be at least 30 minutes and less than a day." Please either allow zero/blank for duration or change the "If Duration is left blank..." message.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  System Update Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Privileged Access Workstation Auditing / PAW Auditing

                                          I want to audit Admin's Privileged Access Workstation for protect Active Directory domain, Office 365, Azure and all.

                                          PAW = Privileged Access Workstation.
                                          PAW need a lot of Policy setting. GPO, Local GP

                                          https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/privileged-access-workstations

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 34 35
                                          • Don't see your idea?

                                          Feedback and Knowledge Base