Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. NLog target for OMS data collector API

    Please implement a NLog target for the OMS data collector API

    2 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Two successive configuration applications from OMS Settings failed

      When I used log search, I found error message about Linux Agent for DSC.

      - Error Message
      Two successive configuration applications from OMS Settings failed – please report issue to github.com/Microsoft/PowerShell-DSC-for-Linux/issues

      I found that this issue is discussed in below:
      https://github.com/Microsoft/PowerShell-DSC-for-Linux/issues/258

      But the date of fix is unknown.
      Error is very noisy for collecting log from Linux Agent.
      So, I want to know the date of fix as soon as possible.
      I want to decrease this error.

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
      • Populate ComputerIP field with agent manager Computer IP address

        ComputerIP is populated with the IP Address from which Azure Log Analytics is receiving data. For nodes behind a firewall/proxy or OMS Gateway this mean to have the external IP Address of the proxy.
        ComputerIP must contain IP(s) information collected by the Agent on the computer hosting it to enable Compliance and Security Scenario on the console.
        RemoteIPAddress could be added as the External IP address for proxy based agents or will contains the same address of the ComputerIP for agents not behind a proxy/firewall/Gateway.
        This have a serious impact on compliance in the actual implementation.

        93 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • import data

          It would be good to have a way to automatically import azure tables into log analytics. Currently the only way is to call log analytics and after call azure tables to have a data replica. Other possibility it would be to export data from Log Analytics into azure tables. Currently log analytics is kind of a black box since the only way to pull or push data is through the API.

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • User specified delimiter for custom logs

            Request to introduce user defined delimiter for Custom logs

            We run into issues where we're unable to delimit RabbitMQ log timestamp format
            dd-MMM-yyyy::HH:mm:ss
            Unfortunately, there is no configuration for us to change that timestamp format in RabbitMQ and have to implement a heavy workaround in order to work around this to convert it to a date time format supported by Microsoft then forwarding it to OMS.

            25 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
            • Shorten Custom Log Pulls from 5 mins

              We are using OMS to track usb unplug events in our meeting rooms. But the wait time for an alert is 5 mins. Thats to long. We want to have self-healing scripts that would notify the user that something has been unplugged within a min of the disconnect.

              5 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • Ability to change the logging time

                We already log in UTC timezone on our machines, but the monitoring agent thinks it is in local time so it converts it.
                It would be great to have an option to switch between local and utc time when we are setting the delimiters for the logs

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Import Application specific logs from Blob Storage or Table entries into Log Analytics for Azure Functions

                  Import Application specific logs from Blob Storage or Table entries into Log Analytics for Azure Functions

                  5 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Ingestion and analysis of netflow logs

                    In order to add to the Network Monitoring piece it would be useful to also allow collection of Netflow logs for analysis and visualization

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                    • Extend Keyword

                      Extend the OMS Extend keyword to permit mapping of a field value such as Windows EventID to a business friendly term. Example:

                      Type=SecurityEvent EventID IN {4728,4729} | Extend if(EventID=4728,"ADD","REMOVE")

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • operationalinsights

                        Get-AzureRmOperationalInsightsSearchResults change or bug?
                        There seems to have been a (undocumented?) change in the format of the output from the Get-AzureRmOperationalInsightsSearchResults cmdlet in the AzureRM.OperationalInsights PowerShell module between versions 2.3.0 and 3.1.0.
                        Piping the output into ConvertFrom-json now fails.
                        Details attached.

                        4 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • log integration for linux machines

                          I would like to see integration between Azure Log Integrator and Linux VM diagnostics. Currently Linux VM Diagnostics data goes to a storage account but Azure Log Integration server does not collect the info. It only collects the info for Windows servers. It will be nice to also read Linux diagnostics into Azure Log Integrator.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                          • Monitoring for ALL Azure Services

                            I see on https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-azure-storage that monitoring for several Azure services is still missing, for example Machine Learning, Stream Analytics, Data Factory. These tools provide their own or storage/log structure for investigation, but a centralized monitoring solution for all our Azure services would be beneficial to avoid checking individually for problems in each service. Currently, we have to resort to creating custom monitoring code in Azure functions.

                            Monitoring a custom log structure stored in blob storage would also be essential.

                            10 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • Selective custom log collecting | filter custom log BEFORE send data to OMS

                              We need a solution with which we can define which entries are sent to the OMS cloud. This is the only way to ensure that no sensitive data is sent to the OMS Cloud..

                              The best solution would be to define which log entries are sent. For example, only all entries that contain "xyz" – like Nagios rules.

                              6 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • Ability to monitor AD FS - Admin logs

                                I want to collect events from the AD FS Admin log, but it is not listed as an available event log when I go to Data - Windows Log Events

                                0 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                • Ability to pull logs from log files using encoding other than UTF-8 and ANSI

                                  Ability to pull logs from log files using encoding other than UTF-8 and ANSI. This will be very useful to pull logs from MS SQL Server Logs like ERRORLOG and SQL Agent Log files, since these are not encoded using UTF-8 or ANSI. Also, OMS should be able to deal with log files which do not have an extension. For example, we cant pull off logs from SQL Server ERRORLOG since this file does not have an extension.

                                  8 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                  • 4 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                    • Add kubernetes specific information to container logs

                                      When running the agent on a Kubernetes cluster, it would be very useful to add kubernetes specific information to the log lines. For example:

                                      - namespace
                                      - pod name
                                      - tags

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • We can see logs in OMS but not in AD Audit Trails Logs, why?

                                        We are in the Security Group in OMS and Reader group in AD, can't see Audit Trails in AD but we can see them in OMS. Unfortunately, I'm not a user in OMS, but can see various solutions.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                        • Add multiple performance counters at once

                                          When adding performance counters to collect, ability to add multiple performance counters at once with wildcards like: Processor(*)\* or SQLServer*

                                          9 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          Feedback and Knowledge Base