Create a personalized standard date / time filter:
i.e. last 26 hours: 24 hours + 2 hours in which you can perform your daily checks, making sure you never miss out any log info while not having to manually customize every check
I perform daily checks in the first two hours of my working day: now I have to manually set the search window to make sure I don't miss out any data. (like today I checked 9AM, but yesterday 8AM, with 24 search i'll miss one hour)6 votes
The Date facet in the log query screen seems to apply inconsistently - if I specificy the timeframe I want to query it may or may not override my query and use it's set default range
e.g. I use TimeGenerated>NOW-30DAYS in my query, but as I have NOT adjusted the Date facet it restricts my results to the "Data based on the last 1 day" - which is what the Date facet is set to by default for each new query
It would be good if Date filter could be turned off for queries6 votes
Some searches seem very slow. For example, try
Type=SecurityEvent (EventID="4624") for the last 7 days and it never completes. I do see an 'Internal Server Error' in the UI, but it give no details.5 votes
Now it automatically adjusts - i.e. when looking at 7 days, each bar becomes 6 hours. It would be nice to decide what interval to choose.
6 hours is an odd interval. If I am looking at 7 days I would rather see how many of those results are there each day/24 hrs intervals/buckets.
If I am querying 1 or 2 days, I probably want to see a hourly breakdown.
The idea is to offer a drop down to allow selecting specific aggregation intervals.5 votes
Thanks for offering this feature. Currently the plan is to upgrade the portal with many new features, the timeline is being re-designed as part of it.
Until that, I can only recommend you to use the query to generate charts that describe this in the manner that fits your data best.
We’ve recently upgraded the query language. Here’s an example of the new syntax, using 3-hour bins over the last two days of events:
| where TimeGenerated > now(-2d)
| summarize count() by bin(TimeGenerated, 3h)
| render timechart
Whenever I make an error in a Log Search syntax, it tells me a line number, but I have no easy way of finding that line number or position in the editor. Is there a sytax checker that would provide that information?5 votes
The most recent change removed one of the most helpful features in the UI--the ability to 'favorite' workspaces. Now I have to click SELECT SCOPE,
then select one of our HUNDREDS of subscriptions, drill down to the Resource Group, find my workspace, select it, and then click Apply.
Compare that to yesterday when I simply had to click on the favorited workspace in the UI and it would switch in one click.
I'm all for new UI functionality, but there is quite literally no reason to remove USEFUL features from the product.4 votes
Thanks for your feedback and its now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
It would be great if you could provide a set of entities without case sensitive names, or at least provide a set of entities that do not have the same name. I have found clientIps and clientIPs ..... they are different!
A bit difficult to filter !4 votes
Thanks for your feedback.
For various reasons our engine is case sensitive and we will not be able to change it without breaking compatibility.
When query results are returned the columns need to be fully re-sizable. The far right column restricts how wide you can make the other columns which makes other columns un-viewable if the content is to long. Example attached.4 votes
I've noticed a reference to Operational Insights (old name) reference in the portal.4 votes
Thanks Stan. We’ve created a ticket regarding this issue.
The current "Logs" blade is pre-populated with "A few more queries to try" and heavily pre-populated "Saved Searches" for common queries. This UI feature was critical to my understanding of log queries. If the new "Logs (Preview)" blade is to supersede the current "Logs" blade: please bring over a similar each to find and use feature.3 votes
We recognize the importance of the query examples, we are actively working on it. You should see them lighting up in Sep 2018
I want to get a graphical overview of the occurence of some event and I want to do so in a 5 minute interval. That search could fx be
Type=Error_CL | measure count() interval 5minute
The event occurs much less often than on a 5 minute interval, so I expect the graph to go to 0 most of the time but it doesn't.
To be explicit, I expect:
No graph until first event.
No graph beyond last event.
Graph in between first and last event is 0 when there are no events - not interpolated.
See attachment.3 votes
Issue with special characters in query:
when a query contains a special character the query reports an error "the remote server returned an error:(400) Bad Request"
query example: Type=ConfigurationChange ConfigChangeType="Software" SoftwareType="Application" and SoftwareName=µTorrent3 votes
The µ character is not one we currently support in search.
For µTorrent, this typically just displays as uTorrent, so we recommend you change the last part of the search to be SoftwareName=“uTorrent” and include the quote (") marks as part of the query
The right click menu is missing paste in the new Log Analytics blade and the Log Analytics advanced portal. Copy and Cut are there, no paste.3 votes
You should be able to change the width of the filter slicer on the Search page or it should be expandable between 3 sizes (collapse, mini, full screen width) , similar to the experience in the Azure portal for blades.3 votes
Thanks for the feedback.
Ignore the mouse over suggestions in the search field, unless an option is clicked. When typing in a search query, I hit enter to execute the search and OMS selects one of it's suggested options because the mouse happened to be left in the middle of the screen.3 votes
As my searches get more complex and I am using the search function to investigate the automatic history drop down is frustrating as it covers the results, requiring me to click in another part of the window to get it to go away.3 votes
Thanks for the feedback – we’re always interested in ways to improve the search experience.
Currently the back button can't be used to navigate back to the last query in the new Azure Portal log analytics interface.
There is no way of navigating back to a previous query which would be very useful if drilling down into a query and then wanting to revert.3 votes
Many logging frameworks we are using use ANSI colour escape sequences to provide colour. These look fine in a console but when they get to log analytics, they show as the raw escape sequence like [96m.
We can turn off the colour to workaround this but it would be good to see support for it in Log Analytics.3 votes
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
Need an editor for changing a favorite without the need having to delete it and recreate it.3 votes
Similar search work for other Types. This one generates and internal sever error.3 votes
- Don't see your idea?