Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Deep link to specific solution dashboard

    With the old OMS Portal, it was possible to deep link directly into a specific solution dashboard. This is no longer possible with Log Analytics in the Azure Portal as the URL doesn't change after hitting the Workspace Summary/Overview tab. We also used to be able to specify the time range as part of the URL for a dashboard too. For example, an old OMS Portal deep link, with a time range, might have looked like;

    https://oms.portal.mms.microsoft.com/#Workspace/overview/solutions/details/index?_timeInterval.intervalDuration=86400&solutionId=My%2520Custom%2520Solution

    These are super useful for monitoring screen type dashboards which are displayed on a big screen with an automatic refresh. It is currently…

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. timestamp last collection only for all queries

    There should be the possibillity to run query with the timestamp last data collection only whenever it was. ago or now-x not helpful and not correct for example on performance counters like free diskspace, or alternate have a filter option last timestamp per server, if you have the same server more as one time as result. Example timestamp perf counter >=1h. same server more as one time. I need only last collection.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  3. Activity Log should not display clientIpAddresses from Resource Provider

    When auditing activity logs using Get-AzureRmLog command through powershell, ClientIpAddress value in HttpRequest shows Azure internal IP addresses which correspond to resource provider IP addresses.
    So far I have found that CRP and Disk RP appear in activity logs and they should not appear as this can bring unnecessary confusion points to customers.
    I had a customer who was curious about IP addresses which belonged to our Resource Providers. I explained what those IP addresses were but customer was very complaining about this.

    I think we SHOULD NOT HAVE INTERNAL IP ADDRESSES in activity logs, as this has little meaning…

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Log Analytics - allow configuring different data collection settings per connected machine\agent in the same workspace

    for example: in a scenario where two windows machines are connected to the same log analytics workspace, provide the option to ingest windows performance counters data to the workspace only for the first machine (when both machines connected to the same log analytics workspace)

    This feature will be very useful when a customer needs to use a single workspace for different use cases, but willing to keep all the data in a single location, while preventing unnecessary data ingestion which will result in additional costs.

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Chnaging the default syntax which errors when clicking on an event in Replication Status

    Change the default syntax when drilling down on a replication error as the current syntax gives an error
    Example:
    ADReplicationResult | summarize arg_max(TimeGenerated, *) by SourceServer, DestinationServer, PartitionName, TenantId | where LastSyncResult != 0 and "DestinationServer == "<servername fqdn>"" | sort by TimeGenerated desc

    The set of quotes (") at the start of DestinationServer and at the end of the server name need to be removed for the query to work. This can be done manually but can the default syntax be changed so this does not error each time an event/error is clicked on ?. Does not make for…

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  AD Replication Result Solution  ·  Flag idea as inappropriate…  ·  Admin →
  6. why loganalytics alert is very costly than monitor alert?

    when trying to setup an alert with log analytics workspace it showed a cost of 1.5 $ but when it configured with monitor it cost only 0.10 $, I am trying to understand why there is this price variation? can any one pls clarify this?

    2 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  7. Network Performance Monitor : custom network test has a test frequency of min 5 minutes

    Network Performance Monitor - Configuration - Service Connectivity Monitor. The custom network test has a test frequency of min 5 minutes. 5 minute intervals to check an endpoint is too long, its also too long to graph out trends or analyses in troubleshooting. 1 minute intervals will be needed. This is the only thing preventing my clients from using this solution for network monitoring.

    20 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Network Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  8. Log Analytics not supported SCOM 2012R2 UR7 servers

    Giving me error MMA agent can not be installed on SCOM servers, as I am trying to install MMA latest version which is downloaded from OMS since there is no option to add workspace ID in MMA agent. Please add this features so that OMS can connect to SCOM servers as well.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. DCR: powershell cmdlet to collect activity log across subscription in Log analytics workspace

    We have activity log solution here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/collect-activity-logs
    cx want to do the below steps by powershell command:
    - Configure activity logs to go to your Log Analytics workspace.
    - In the Azure portal, select your workspace and then click Azure Activity log.
    - For each subscription, click the subscription name.

    Currently we don't have any powershell commands to do the same, as I know, we have some powershell command to enable custom logs in log analytics, hence please also provide similar command to connect activity logs in workspace across subscription.

    29 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Integrate log analytics with Data Studio to have desktop solution

    It would be awesome to have the capability to query log analytuics from from Azure Data Studio so I can use one IDE for all my data style analytics. save queries, connect to different workspaces. The portal is a poor experience for this currently

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Extensibility  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add workspace name for the "cross subscription " scenario in HDInsight monitoring UI.

    Currently, only workspace ID and workspace key is supported for the cross subscription resources . The same to Powershell cmdlet.

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Wire Data Agent - Support for Oracle Linux 7.x

    Wire Data Agent - Oracle Linux 7.x

    Support of Wire Data Agent for Oracle Linux 7.x versions, as the latest version supported in Oracle Linux is 6.6 (a release from 2014)

    9 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Wire Data Solution  ·  Flag idea as inappropriate…  ·  Admin →
  13. Option to filter Microsoft Updates from software inventory

    When viewing the software category of the Configuration Management / Inventory solution there's a huge amount of noise generated by updates delivered via Windows/Microsoft Update.

    The worst offender is easily Windows Defender. For example, on our tenant there's 41 pages of software inventory details, of which ~36 pages are just Windows Defender updates. Once you also exclude Windows Server and Malicious Software Removal Tool updates there's only ~2 pages of software inventory information remaining, and this is the information I'm interested in 99% of the time.

    Some simple option in the Azure portal to "Exclude Microsoft Updates" would be incredibly…

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Change Tracking Solution  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to configure permissions on log types

    We need the ability to configure permissions or RBAC on log types as we want our developers to be able to query certain logs but block them from querying other logs that might have sensitive data.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  15. Maximum number of search results in notification e-mail limited to 10 results only

    The number search results shown in the e-mail generated by the Alerting engine seems to be limited to 10. The "search results" field in the alert e-mail shows e.g. "49 result(s)", but the results previews below only shows 10. In a setup where stakeholders need to know about all results, but are -with respect to regulatory laws- not allowed to access the Azure Monitor site itself, this is a very rough limitation. It would help to be able to increase this limit generously (1000 results).

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to use back button to navigate back to previous query in Azure Log Analytics

    Currently the back button can't be used to navigate back to the last query in the new Azure Portal log analytics interface.
    There is no way of navigating back to a previous query which would be very useful if drilling down into a query and then wanting to revert.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  17. Please add a removal/delete option for Machines and VMs.

    We accidentally ran the MMASetup-AMD64.exe on a desktop computer instead of the intended VM. Now that desktop computer is added to our automation group, but we can't remove it very easily. It'd be really nice if a remove or delete option were available in the GUI and we didn't have to code a removal through powershell for something that could be simpler.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  18. To collect critical event log of Windows computer

    There are only 'Error', 'Waring', 'Information' type of Windows logs can be collect, but no 'Critical' events. My customer wish to collect and monitor critical event logs.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Webhooks for Azure activity Metric Json

    Hello,
    We need to be able to send JSON Payload from the Metric Alerts also.
    Currently is possible only for the Logs Alerts.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  20. Need bandwidth utilization consumed per subscription level from the NPM Dashboard or using Log Search

    I would really encourage if we can get the bandwidth utilization per azure subscription level so that we can check and alert our users on the utilization.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Network Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base