Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Skip operator for Query Search

    Old version Log Analytics has 'Skip' operator.
    But now, New version of Log Analytics Query does not have 'Skip' operator.

    I want this feature.
    Because when we use Query via REST API, for limitation about Log Analytics API, we cannot download all logs at one time.
    So, we must execute API many again and again.

    If there is 'skip' operator, I can use 'skip' and 'limit' for repeat.
    Now because there is no 'skip' operator, I don't get log from Log Analytics via REST API.

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
    • Filters in OMS

      It would be great if you could provide a set of entities without case sensitive names, or at least provide a set of entities that do not have the same name. I have found clientIp_s and clientIP_s ..... they are different!

      A bit difficult to filter !

      4 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
      • Ignore the mouse (until click) when suggesting searches

        Ignore the mouse over suggestions in the search field, unless an option is clicked. When typing in a search query, I hit enter to execute the search and OMS selects one of it's suggested options because the mouse happened to be left in the middle of the screen.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
        • 'render timechart' should support logarithmic y-scale

          Currently I need to manually exclude one series that has especially high values from my timechart. It means that the automatic scale has a very high max which means that the other series are not easily viewable.

          I'd like a parameter to 'render timechart' that lets me specify a log y scale, it will help all series to be visible.

          It's a fairly common feature in data visualization generally.

          I actually want this for Application Insights Analytics (https://feedback.azure.com/forums/357324-application-insights/suggestions/14110047-add-logarithmic-scale-to-charts). I'm not sure the right place for these requests now that there is standard Log Analytics Query Language.

          7 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
          • Running a query should not reset result view

            I've run a query and look at the line chart representing the data. I realize that the query should be altered.

            I alter the query and click Go in the upper right corner.
            Instead of the line chart I just had, I now get the "raw" table data. I then have to select Chart and then Line to get back to the view I just had.
            This is fairly inconvenient.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
            • filter

              We have a part of a query which is used in many other queries the same way. This part is used in saved searches, alerts and overview parts.

              E.g. We have a query part that filters to Special five Services to be watched. And this is used in many hole queries this additional filter to time, Computer, etc.

              If there's a change in this part of query we have to correct it everywhere it is used.

              E.g. We have to add a sixth Service to the filterlist to be watched

              It would be great if there's a solution to save…

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
              • Table view of a Measure should include all groups

                Table view only displays the first column of multiple groupings. Example:
                Type:W3CIISLog | measure sum(TimeTaken) as TotalTime by sSiteName, csUriStem
                Click Table view.
                The column sSiteName shows up in Table view but csUriStem does not.

                2 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                • Date facet and TimeGenerated in query are inconsistent - can we override or disable Date facet

                  The Date facet in the log query screen seems to apply inconsistently - if I specificy the timeframe I want to query it may or may not override my query and use it's set default range
                  e.g. I use TimeGenerated>NOW-30DAYS in my query, but as I have NOT adjusted the Date facet it restricts my results to the "Data based on the last 1 day" - which is what the Date facet is set to by default for each new query
                  It would be good if Date filter could be turned off for queries

                  6 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                  • "measure x interval" graph should go to zero when there are no data

                    I want to get a graphical overview of the occurence of some event and I want to do so in a 5 minute interval. That search could fx be
                    Type=Error_CL | measure count() interval 5minute
                    The event occurs much less often than on a 5 minute interval, so I expect the graph to go to 0 most of the time but it doesn't.
                    To be explicit, I expect:
                    No graph until first event.
                    No graph beyond last event.
                    Graph in between first and last event is 0 when there are no events - not interpolated.
                    See attachment.

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                    • Improve Log Search UI and and Results

                      I would like to see the following:
                      - Larger query input field
                      - Tabs
                      - Table result column filtering
                      - Table rows expand to show full results
                      - Table scrolls horizontally so that you can actually read the data when there area lot of columns
                      - More "Last" time slices (Last 15 min, Last 30 min, Last 1 hour, etc...)
                      - Column selection mechanism in UI (drop down with checkboxes instead of having to | select x, y, z)

                      Analytics for App Insights has all of these features, and I constantly find myself wishing Log Search had them

                      6 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                      • Create your own custom time ranges (i.e. last 26 hours)

                        Create a personalized standard date / time filter:
                        i.e. last 26 hours: 24 hours + 2 hours in which you can perform your daily checks, making sure you never miss out any log info while not having to manually customize every check

                        Context:
                        I perform daily checks in the first two hours of my working day: now I have to manually set the search window to make sure I don't miss out any data. (like today I checked 9AM, but yesterday 8AM, with 24 search i'll miss one hour)

                        6 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                        • Increase number of distinct results for measure command (limit 100)

                          Today measure command only support 100 distinct results. It´s a risk that alerts created with measure command don´t give correct results because of this limit. Now the first top 100 results is sent to measure.

                          From documentation:

                          Second, Measure count currently returns only the top 100 distinct results. This limit does not apply to the other statistical functions. So, you'll usually need to use a more precise filter first to search for specific items before you apply measure count().

                          https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-log-searches#use-the-measure-command

                          9 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                          • dedup on more than one property

                            currently dedup allows to "dedup" only on one property, I'm writing a solution where I need more than on level of dedup, like in Type:Status_CL | dedup Computer,SubComponent

                            At the very least allow us to concat strings in EXTEND

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                            • Editor for Favorites

                              Need an editor for changing a favorite without the need having to delete it and recreate it.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                              • session expired

                                Q1. 經常在 OMS portal 使用中的情況下跳出 session expired 的提示,就需要重新登入,請問有設定可以更改 session 時間長短嗎?

                                Q2. 在 measure count() 的使用方法中,能否 by 兩個欄位計算? 例如 Type=SecurityEvent EventID=4625| measure count() by Computer Account

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                • Edit Alerts from Log Search UX bifurcation & UI bug

                                  Use case:

                                  1. Nav -> Log Search.
                                  2. Click Favorites.
                                  3. Select an 'Alert' favorite search.

                                  The top nav bar with Favorites and History now includes 2 new buttons:
                                  1. Alert
                                  2. Save

                                  This is naturally how you created the Alert or saved a search.

                                  But now there is no way to Save the existing search or update the existing Alert's search query (which is what I just clicked on).

                                  1. Save should track changes (and provide a prompt for save existing or create new)
                                  2. Clicking Alert, when the search was selected from the Alerts section, should take you…

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                  • custom field based on regex

                                    sorry if this has been asked I searched but could not find anything similar.

                                    would love to be able to create a custom field based on a regex. Like I have csUsername as a field but I want to know the domain of the users not the email address, the stuff after the @ is this possible or are you working on it.

                                    love oms so far,I hopefully I didn't miss something

                                    ps this doesn't need to be a regex could be things like split,trim,end, lastindexof, etc..

                                    2 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                    • custom field based on regex

                                      sorry if this has been asked I searched but could not find anything similar.

                                      would love to be able to create a custom field based on a regex. Like I have csUsername as a field but I want to know the domain of the users not the email address, the stuff after the @ is this possible or are you working on it.

                                      love oms so far,I hopefully I didn't miss something

                                      ps this doesn't need to be a regex could be things like split,trim,end, lastindexof, etc..

                                      0 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Measure and Distinct for dynamic computer groups

                                        Currently measure and distinct are not supported in the same query, however I have a scenario where it can be useful to create a computer group based on a measure. I'm developing a trend solution that for performance reasons need to filter a subset of systems based on a threshold, like Type:Perf (CounterName="% Processor Time") (ObjectName="Processor") (InstanceName="_Total" OR "InstanceName=0") TimeGenerated>NOW-7DAYS | measure percentile95(CounterValue) by Computer | where AggregatedValue > 10 | Select Computer | Distinct Computer
                                        alas this is not possibile and if I pipe | Select Computer and I save it as a group, when used it breaks in…

                                        4 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          5 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                        • portal site title mistake(Japanese)

                                          English UI Page title "Overview "
                                          Japanese UI page title "概要 - サンプルポータル" (overview - sample portal)

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base