Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. When pivoting from results of Measure count() queries that use INTERVAL (based on field TimeGenerated) drill down query returns no result

    REPRO steps:
    Do a query like Type:Event | Measure count() interval 1DAY; the grouped results you get back will have TimeGenerated as the first field.... but the row in the table really represents a time RANGE/interval
    When clicking on a group, the resulting query becomes something like Type:Event TimeGenerated:"2014-02-25T20:04:39.234Z" - this yelds no results because the TimeGenerated is really just the BEGINNING of the '1DAY' interval.

    How it should work:
    backend API should provide more information back to the caller, such as
    - informing that this group is not based on a fixed string value (like in many other cases…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  2. Export Query Results to JSON

    Please support exporting the results of Log Analytics queries to JSON format. Exporting to CSV and Power BI are currently supported but I would also like to see export to JSON.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  3. portal site title mistake(Japanese)

    English UI Page title "Overview "
    Japanese UI page title "概要 - サンプルポータル" (overview - sample portal)

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow Frequency Change

    On PowerBI Schedule, allow us to change Frequency. We have to create the entire report again just to change Frequency.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  5. Category dropdown when adding a saved search from Log Search blade

    While in the Log Search Blade, selecting Saved searches, then selecting Add, a category dropdown should appear to select existing categories to add to. The ability to add a new category should continue as well.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  6. session expired

    Q1. 經常在 OMS portal 使用中的情況下跳出 session expired 的提示,就需要重新登入,請問有設定可以更改 session 時間長短嗎?

    Q2. 在 measure count() 的使用方法中,能否 by 兩個欄位計算? 例如 Type=SecurityEvent EventID=4625| measure count() by Computer Account

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  7. Keep "Show More" open while search is running

    Show More should stay open. If a search is on-going, the "[+] show more" option keeps closing.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  8. [View] links for EventID rework

    [View] for EventID only searches technet for the event number - this is generally not useful functionality. Please have all [View] links point at useful info for their associated content.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  9. Freeze Top (Header) Row in Table view of Log Search

    Freeze Top Row in Table view of Log Search

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  10. 'interval' function in Measure command should support all statistical/aggregation functions (Max/Min/Avg/Sum) not just count

    Per documentation:
    https://azure.microsoft.com/en-us/documentation/articles/operational-insights-search/
    Interval function is supported only of grouping Date/Time fields and works with only count() aggregation function. This makes the use of interval function very limited. For example if you want to create query that will show certain results for every hour for the past 12 hours for multiple of objects you can't.
    Example of this:
    Type:WireData | measure count() by ApplicationServiceName interval 1HOUR
    In order to achieve such results you will have to create query for every ApplicationServiceName like this:
    Type:WireData (ApplicationServiceName=http) | measure count() by TimeGenerated interval 1HOUR
    Additionally if you want to see the traffic…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  11. ANSI colour coding in log messages

    Many logging frameworks we are using use ANSI colour escape sequences to provide colour. These look fine in a console but when they get to log analytics, they show as the raw escape sequence like [96m.

    We can turn off the colour to workaround this but it would be good to see support for it in Log Analytics.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  12. More Useful tiles in View Designer

    Please, add more view dashboards to be used inside View Designer or allow us to use create/customize them in a HTML-ish way. Displaying data with multiple columns as a table is a nightmare, espacially if you don't have a number/timestamp column, but that's the most required data; content is unreadable.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  13. Respect the indentation/tabs in the logs

    Our apps are currently logging request and response using indented JSON however Log Analytics removes all the indentation and pulls the text to the left which makes it difficult to understand.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  14. add optional UX for query string

    Add a ? option to the query language line which would bring up a UI to build the query line. At the very least, have it bring up context based help that describes the options and features of the query line.

    This UI would build the query line like the following: Type:Update (Classification:"Security Updates" OR Classification:"Critical Updates") AND UpdateState=Needed AND Optional=false AND Approved!=false Computer="server.domain.com"

    Basically I want to filter the output to some of the fields rather than all of the properties.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  15. Edit Alerts from Log Search UX bifurcation & UI bug

    Use case:

    1. Nav -> Log Search.
    2. Click Favorites.
    3. Select an 'Alert' favorite search.

    The top nav bar with Favorites and History now includes 2 new buttons:
    1. Alert
    2. Save

    This is naturally how you created the Alert or saved a search.

    But now there is no way to Save the existing search or update the existing Alert's search query (which is what I just clicked on).

    1. Save should track changes (and provide a prompt for save existing or create new)
    2. Clicking Alert, when the search was selected from the Alerts section, should take you…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  16. timestamp last collection only for all queries

    There should be the possibillity to run query with the timestamp last data collection only whenever it was. ago or now-x not helpful and not correct for example on performance counters like free diskspace, or alternate have a filter option last timestamp per server, if you have the same server more as one time as result. Example timestamp perf counter >=1h. same server more as one time. I need only last collection.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  17. Running a query should not reset result view

    I've run a query and look at the line chart representing the data. I realize that the query should be altered.

    I alter the query and click Go in the upper right corner.
    Instead of the line chart I just had, I now get the "raw" table data. I then have to select Chart and then Line to get back to the view I just had.
    This is fairly inconvenient.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  18. Unique

    It would be incredibly powerful if we were able to do a Select Distinct/Unique on a given result set.

    I'm thinking something similar to how this is done in PowerShell:

    Get-Process | Select Name, Path -Unique | Sort Name

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sytax Suggestions

    Don't give me syntax suggestions if they are invalid!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  20. whitespace

    There is too much whitespace. The bar with icons for alerts etc incl.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
1 3 Next →
  • Don't see your idea?

Feedback and Knowledge Base