Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Need bandwidth utilization consumed per subscription level from the NPM Dashboard or using Log Search

    I would really encourage if we can get the bandwidth utilization per azure subscription level so that we can check and alert our users on the utilization.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
    • 4 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Alert email query character limit

        There is a link in the alert emails from Log Analytics that pulls up the query results in a browser. There seems to be a character limit on the query that is returned by the link. One of our queries is 800+ characters and is only partially displayed, resulting in a syntax error when following the link. Please increase the character limit of the linked query.

        9 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
        • dnat or network rule alert and/or search query

          It would be nice to be able to search if anyone create specifically a dnat rule using azure firewall . At the momemt it is only possible to create a Activity Log Alert for "Creates or updates an Azure Firewall" event , however it’s not limited to NAT Rule Collection only but creates activity logs if it falls under below criteria and you can create an alert on top of it. it’s a broader alert for any activity within the Firewall resource

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
          • Ruby Rails

            Ruby version in Azure. The current version of Ruby Rails supported by Azure will no longer be supported in 2019. What is the upgrade path?

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Recursive Log Collection paths

              Recursive Log collection paths for Custom Logs

              This will help users like me with folders that have logs + subfolders with logs.

              39 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • Ability to set Daily volume cap using Azure Powershell or AzureRM template

                Currently there is no other way to set "Data volume cap" for Log Analytics workspace except Azure Portal. When mass deploying workspaces for our customers it is very inconvenient.
                Powershell cmdlet similar to Set-AzureRmApplicationInsightsDailyCap would work.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
                • Provide Proxy Details to be passed in Portal, rather than logging into the servers and rerun the OMS agent with proxy paramaters

                  Provide Proxy Details to be passed in Portal, rather than logging into the servers and rerun the OMS agent with proxy paramaters.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • event log filtering

                    provide ability to define custom event log filtering to include / exclude events from specific hosts or groups.
                    All, Common, Minimal are not effective and are causing cost overruns.

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                    • Add the ability to regenerate individual keys (primary or secondary) via REST APIs

                      The API claims to have a way of regenerating keys but it only seems to allow regenerating both keys at the same time. This defeats the purpose of having two keys since that is supposed to enable you to use one key while regenerating the other. This is also at odds with what is exposed in the Azure portal - where the primary and secondary keys each have a hyperlink to regenerate and seem to be able to regenerate independently.

                      Link to API - https://docs.microsoft.com/en-us/rest/api/loganalytics/workspaces%202015-03-20/regeneratesharedkeys

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
                      • Custom Logs to support Unicode files

                        SQL Server supports unicode files only and this is not a supported format to import into custom logs. https://blog.sqlauthority.com/2018/05/14/sql-server-fix-msg-22004-the-log-file-is-not-using-unicode-format/

                        9 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • Provide ability to query resource Graph data from Log Analytics

                          Please provide option to query resource graph data from Log Analytics. That will allow to correlate data between those and some interesting scenarios will be possible. Also you should be able to use Log Analytics query that reaches resource graph and you can create Log Search alert.

                          15 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Extensibility  ·  Flag idea as inappropriate…  ·  Admin →
                          • We should be able to customize the email body of the email notification generated by Alerts.

                            So, Alerts will be sending default emails.. we should be able to generate the customized email with the search results.

                            22 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              2 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
                            • MAG NPM - Service Connectivty Monitor - List O365 GCC High / DoD Endpoints

                              Within Azure Government - the NPM Service Connectivity Monitor's pre-canned rules for Office 365 point to the Commercial instance. Idea is for the following:
                              1. Add additional pre-canned rules for O365 GCC High and DoD endpoints
                              2. Create an Azure Doc that lists the endpoint URLs and ports that way proper monitoring could be configured within NPM SCM (or 3rd party tooling)

                              The O365 URL / IP list is not a viable list as it lists wildcard hostnames (which is appropriate for firewall configurations, not for monitoring)
                              https://docs.microsoft.com/en-us/office365/enterprise/office-365-u-s-government-gcc-high-endpoints

                              5 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Network Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                              • Microsoft Teams integration with Azure Log Analytics

                                How to integrate, connect Microsoft Teams to Azure Log Analytics? and send Microsoft Teams logs to Azure Log Analytics

                                5 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Bola carfasom

                                  Agent shop

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Ability to turn off Filter (preview)

                                    When using the Log Analytics query portal, every time we execute a query, the portal automatically switches to the Filter (preview) pane. When working with complex data (such as AzureDiagnostics or Syslog), this hangs the browser--sometimes for several minutes.

                                    Can we please have the option to turn this feature OFF? I personally find it useless for my day-to-day work anyway (and I live in Log Analytics).

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Enable Microsoft Teams connect, integration with Azure Log Analytics

                                      How to integrate, connect Microsoft Teams to Azure Log Analytics? and send Microsoft Teams logs to Azure Log Analytics

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow us to create Dashboards and Tiles through the CLI or a script

                                        It would be nice if we could generate new dashboards for new VMs via a script.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
                                        • kubelet

                                          it would be really nice to add the functionality to collect kubelet logs to log analytics for AKS monitoring.

                                          sudo journalctl -u kubelet -o cat

                                          https://docs.microsoft.com/en-us/azure/aks/kubelet-logs

                                          6 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          • Don't see your idea?

                                          Feedback and Knowledge Base