Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. OMS security baseline assessment rule for Audit policy needs changing

    The baseline security assessment reports a fail for Audit Policy: Policy Change: Authentication Policy as I have it set to Success/Fail. I have this as per the active directory secure best practice doc https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations whereas the analyzer is expecting success only so fails the rule.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Populate ComputerIP field with agent manager Computer IP address

      ComputerIP is populated with the IP Address from which Azure Log Analytics is receiving data. For nodes behind a firewall/proxy or OMS Gateway this mean to have the external IP Address of the proxy.
      ComputerIP must contain IP(s) information collected by the Agent on the computer hosting it to enable Compliance and Security Scenario on the console.
      RemoteIPAddress could be added as the External IP address for proxy based agents or will contains the same address of the ComputerIP for agents not behind a proxy/firewall/Gateway.
      This have a serious impact on compliance in the actual implementation.

      94 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
      • Custom Log feature for log rotate

        Now, Log Analytics can not collect custom log which file is rotated by log rotation.
        But log rotation is necessary for collection log on OS.
        So, for mitigation we cannot unable to turn off log rotation.
        So, I request to add new request about Custom Log for collecting Log Rotation files.

        36 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          under review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Show database connections in Service Map

          It would be extremely useful to be able to map an IIS worker process making a connection to a particular database rather than just a SQL Server.

          An example, a web server with 5 (this could easily be 100 )unique and unrelated sites. These sites make connection to different databases, some of which are on a shared sql server and others may be on other shared sql servers. The existing solution will only show a connection to the sql server process, which makes the map less accurate than it could be.

          Could the databases be presented grouped under the SQL…

          15 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
          • HTTP / PowerShell Capability to Regenerate Primary and Secondary OMS Keys

            Currently the OMS Portal has the capability to regenerate the OMS primary and secondary keys. This must be a manual step. This is quite dangerous as the URL is open to the Internet - if anyone gets to know either key then they can do a HTTP POST into our OMS workspace. We need to be able to regenerate these over HTTP or PowerShell.

            There isn't any option of regenerating via the Azure Portal and I can't find any API that might allow this to be done. The only closest match I found is the 2015-11-01-preview API which is now…

            33 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
            • Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

              Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

              Is there a way to come around some major limitations when creating Alerts? The biggest problem is the Time Window restriction. This restricts us from searching in data older than 24 hours when creating an alert. I expect a record for a custom MessageType
              to arrive once a week, i am not able to create an Alert if this message does not appear as expected.
              The retention days for OMS Log Analytics is minimum 31 days according to this article: https://blogs.msdn.microsoft.com/…/change-oms-log-analytic…/
              Why do we then…

              29 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                under review  ·  3 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
              • Make the new API great again!

                The new API with the upgraded workspaces is great, but the result of a HTTP Get to get search results via a URL query results into a 'nested' JSON object, and not a key:value pair like the old API had.

                This makes it impossible to parse for the 3rd party app we are using to work with the results.

                Example old API:

                {
                "SearchResults": {
                "id": "subscriptions\/00000000-0000-0000-0000-000000000000\/resourceGroups\/oi-default-east-us\/providers\/Microsoft.OperationalInsights\/workspaces\<string>",
                "__metadata": {
                "resultType": "raw",
                "total": 3,
                "RequestId": "<string>",
                "Status": "Successful",
                "NumberOfDocuments": 0,
                "StartTime": "<date>",
                "LastUpdated": "<date>",
                "ETag": "<tag>",
                "sort": [
                {
                "name": "TimeGenerated",
                "order": "desc"
                }
                ],
                "requestTime": <value>
                },
                "value": [
                { …

                19 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →
                • scroll bar does not work in chrome and Safari

                  When going to the OMS Alert list (Overview->Settings) in chrome (Version 61.0.3163.100) and Safari (Version 10.0.3 (12602.4.8)) on MacOS (Version 10.12.3 (16D32)) the scroll bar does not appear on the screen when you have more Alerts than is available in the list. Nor are you allowed to scroll down the list of alerts with a scroll wheel when that component of the screen has focus.
                  The Scroll Bar works fine in FireFox (56.0) on the same computer. I have replicated this on multiple MacBook Pro's.

                  25 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    4 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
                  • NLog target for OMS data collector API

                    Please implement a NLog target for the OMS data collector API

                    5 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                    • service map timeline larger then 1 hour

                      Currently it only appears like I can view systems connected in service map in 1-hour windows. This makes it difficult to see what is being used having to go days/months back in 1-hour chunks. A total view of all connections would be great, or at the very least in 1 month chunks.

                      10 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →
                      • Analyse logs from App Service in the OMS portal

                        Hello,

                        I would like to Analyse logs from an App Service in the OMS portal, right now it's posible to save those logs in a storage account but this one can't be linked to the Log Analytics for an analysis in the OMS portal.

                        12 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  OMS Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                        • Make Container Logs optional / configurable in Service Fabric Analytics Solution

                          Make Container Logs optional / configurable in Service Fabric Analytics Solution.

                          I'm using a Service Fabric Cluster without the Container Feature.
                          But the Service Fabric Analytics Solution seems to expect Container logs as a default and throws errors at me in the OMS console. Additionally the Dashboard shows only the Container Error Msg instead of SF Data.

                          Make it optional for the Service Fabric Analytics Solution to include Containers.

                          10 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • User specified delimiter for custom logs

                            Request to introduce user defined delimiter for Custom logs

                            We run into issues where we're unable to delimit RabbitMQ log timestamp format
                            dd-MMM-yyyy::HH:mm:ss
                            Unfortunately, there is no configuration for us to change that timestamp format in RabbitMQ and have to implement a heavy workaround in order to work around this to convert it to a date time format supported by Microsoft then forwarding it to OMS.

                            25 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • Manage Patching solution with Powershell

                              The update management solution is quite nice while in preview, but using the search capabilities to define patches that need to be excluded is missing some things - for example, getting the exclusion list out to Powershell to be added to an update schedule, also through PowerShell would be ideal - to improve the exclusion of patches in an update window.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • What is RequiredUpdate schema and how to use it?

                                Schema definition should be provided for all the tables and there use for the developers.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  SQL Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                                • Skip operator for Query Search

                                  Old version Log Analytics has 'Skip' operator.
                                  But now, New version of Log Analytics Query does not have 'Skip' operator.

                                  I want this feature.
                                  Because when we use Query via REST API, for limitation about Log Analytics API, we cannot download all logs at one time.
                                  So, we must execute API many again and again.

                                  If there is 'skip' operator, I can use 'skip' and 'limit' for repeat.
                                  Now because there is no 'skip' operator, I don't get log from Log Analytics via REST API.

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    under review  ·  0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                  • OMI rpm %noreplace

                                    Please add the %noreplace option to omi RPM spec , every time omsagent is updated as part of azure oms extension. /etc/opt/omi/conf/omiserver.conf configuration is being restored to blank. we are using httpsport=1270 in the configuration as it is recommended here

                                    https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-linux#enable-the-oms-agent-for-linux-to-report-to-system-center-operations-manager

                                    8 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Two successive configuration applications from OMS Settings failed

                                      When I used log search, I found error message about Linux Agent for DSC.

                                      - Error Message
                                      Two successive configuration applications from OMS Settings failed – please report issue to github.com/Microsoft/PowerShell-DSC-for-Linux/issues

                                      I found that this issue is discussed in below:
                                      https://github.com/Microsoft/PowerShell-DSC-for-Linux/issues/258

                                      But the date of fix is unknown.
                                      Error is very noisy for collecting log from Linux Agent.
                                      So, I want to know the date of fix as soon as possible.
                                      I want to decrease this error.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Alert

                                        In most cases when you are looking at the Alert Management Solution you do not care about the instances of an alert - especially if you have been notified by runbook/webhook/email.

                                        I'd wager that most people care about the data in the search query that caused that alert and the data it returned. Having to copy and paste the LinkToSearchResults is quite time consuming. The UX on this should be improved to allow jumping directly to the search results that caused the alert, would save time on training too!

                                        18 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          under review  ·  3 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
                                        • resource ID for Linux machines

                                          Currently the heartbeat info for Linux does not include the resource group or resource id information that is available for windows machines through OMS. This would be very helpful when querying across linux/windows machines.

                                          6 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 37 38
                                          • Don't see your idea?

                                          Feedback and Knowledge Base