Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. No AzureActiveDirectory audit data in workspace after recreating ws with same name

    AAD diagnostic Settings do not update the id of the Workspace if this newly created one gets the same name again.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  2. Chart settings in Log Analytics data graph in Dashboards

    It would be great if we could select Y axis range in chart settings for Log Analytics data chart.

    I followed all the steps from this tutorial: https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-logs-dashboards

    But it's not possible to select the min and max values for Y axis in the chart.

    In the example shown by Microsoft, there's a host always with 100% CPU just to keep the graph pretty.

    Could you kindly take a look at this?

    Best Regards.

    Renan Araújo

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  3. Incorrect language in Activity log entries in Azure Portal

    When viewing Activity log of my Azure SQL Database, some of the entry details are in Czech language although my locales and my Portal settings are all set to English.. (Maybe my live id is set to Czech... ) See attached screenshot.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. The oms custom logs should support the custom timestamp rather than the static format

    Hi,
    We are working with the Radius NPS (Network Policy Server) and would like to push this custom log logs to oms. However we got the failure.

    "CLIENTCOMP","IAS",03/07/2008,13:04:33,1,"client",,,,,,,,,9,"10.10.10.10","npsclient",,,,,,,1,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

    I referred to this guideline: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/powershell-workspace-configuration#configuring-log-analytics-to-send-azure-diagnostics

    and

    https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs?toc=%2Fazure%2Fazure-monitor%2Ftoc.json#custom-log-record-properties

    Looks like the oms custom log just only supported:
    YYYY-MM-DD HH:MM:SS
    M/D/YYYY HH:MM:SS AM/PM
    Mon DD, YYYY HH:MM:SS
    yyMMdd HH:mm:ss
    ddMMyy HH:mm:ss
    MMM d hh:mm:ss
    dd/MMM/yyyy:HH:mm:ss zzz
    yyyy-MM-ddTHH:mm:ssK

    I believe that the OMS would be used in many systems and customers, so the oms custom logs should be supported the custom timestamp as needed.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  OMS Gateway  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  5. Bug with syntax parsing in log analytics alerting that works fine in application insights analytics

    There appears to be some sort of bug with using toscalar() on an application insights log in log analytics when making an alert.

    This query works fine in the application insights query interface:
    let endInstant = now() -15m;
    let beginInterval = 4h;
    let beginInstantTable = requests
    | where timestamp >= endInstant - beginInterval and timestamp < endInstant
    | summarize min(timestamp);
    let beginInstant = toscalar(beginInstantTable);
    let beginHoursAgo = datetime_diff("Hour", beginInstant, endInstant) + 1;
    requests
    | take 100
    | extend hoursAgo = datetime_diff("Hour", timestamp, endInstant)
    | make-series count() on hoursAgo from beginHoursAgo to 0 step 1 by operation_Name

    By contrast, it fails…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make Azure Log Analytics Dependency Agent available in Azure Portal GUI

    You currently can install the Dependency Agent through Azure Portal GUI, must use either PowerShell, ARM templates or possibly (haven't tested) Azure Policies. How?! Why?!

    Please make it possible to manage the Dependency Agent extension through the Azure Portal web GUI.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service Map  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  7. add a record to the activity log when the value of a tag has changed

    When the value of a tag has changed and this is recorded as an event in activity log, an alert can be triggered and an automated action can be started.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  8. Respect the indentation/tabs in the logs

    Our apps are currently logging request and response using indented JSON however Log Analytics removes all the indentation and pulls the text to the left which makes it difficult to understand.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  9. ANSI colour coding in log messages

    Many logging frameworks we are using use ANSI colour escape sequences to provide colour. These look fine in a console but when they get to log analytics, they show as the raw escape sequence like [96m.

    We can turn off the colour to workaround this but it would be good to see support for it in Log Analytics.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  10. Required to download log analytics report in suitable format

    In log analytics feature we cant save the chart and graph in file need to take screen shot and save it ,it's big task to do every time so this feature must be there .as my opinion .

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  11. add EventDataId to Activity Log Schema for Event Hub and Storage

    When querying Activity Logs using the REST API the json output has an EventDataID that uniquely identifies each log. When activity logs are streamed to EventHub or storage the schema is slightly different and the EventDataID is missing so there is no way to uniquely identify an event id. Given this information is already available can it added to Event Hub as well.

    The event hub schema is here - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-export

    The activity log schema for REST API is here:

    https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-schema

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  12. multiple OMS subscriptions to ability to pipe all Log Analytics data to one main OMS subscription

    We have multiple subscriptions under one tenant and one subscription will have 160 plus OMS subscriptions, all of which function as separate entities with their own resources. we would like to have the ability to pipe all Log Analytics data from these secondary subscriptions into your main subscription main OMS subscription, mostly for Threat Intelligence and Security Analytics so that you can correlate the data together. And to work with azure sentinel. Currently we have call AAD and office 365 data and AIP data go to the main OMS subscription. We need a central way to correlate data.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks a lot Aaron Shvarts for sharing your requirement. Currently there is a support to query cross resources with in Azure Monitor. However the limit is for 100 workspaces or application insights instance with in a query. https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/cross-workspace-query . Please have a look and see if that could cater your requirement. We understand that the limit is 100 and your requirement is 160+ resources. Please let us know if the cross resource query is something you can use and if there is a feature requirement to increase the current limit of 100, that can be done by a new feedback thread. Thanks

  13. To increase the number of column bars shown in a azure dashboard from current limit 25 to maximum so as all the resource in a subscription.

    To increase the number of column bars shown in a azure dashboard from current limit 25 to maximum so as all the resource in a subscription.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Browser Support  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  14. extention log

    please record the update activity for Azure VM Extensions in Azure Activity Logs.
    Some Extensions outputs error logs on system evt or syslog when these are updating, But it is not easy to confirm the update was done successfully via Azure Portal.
    If Azure Portal shows the update status and update activity, it is very good function.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  15. Send logs for all Office 365 audit log entries/schemas

    Currently O365 logs are only collected for AzureActiveDirectory, Exchange, SharePoint and OneDrive workloads. Please add support for other audit log schemas as well, eg. the ones that are exposed via Office 365 Management Activity API: Teams, PowerBI, Sway, Yammer, ...

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valuable feedback. Your feedback is open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  16. Color customization in log analytics chart

    A feature to customize the color of the charts should be available, as the default colors don't make any sense in many scenarios (green, blue, etc). Furthermore, when publishing the charts into a dashboard, the colors and chart shape are changed again (from pie to donut and from green and blue to dark blue and light blue).
    The ability to choose the colors should be added to the "render" method and consistency between the actual chart in log analytics and the published chart in the dashboard are very important features that should be available.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  17. Please make the deployment of datasource in the LogAnalytics workspace reliable

    Hi,
    I've been trying to deploy Microsoft.OperationalInsights/workspaces/dataSources resources as part of an ARM template.
    Oddly enough they do not always deploy fully... and what is more troublesome - no errors are thrown. Took a week to realize why some alerts do no trigger.

    Everything will "successfully" deploy and when you query them - half of the WindowsEvents and several of the Linux\Windows datasources will just not be there.

    I thought I was mistyping something, and tried configuring them by hand and export them (since possible values for the WindowsEvents are not documented anywhere) .. but that threw and error

    {"code":"ExportTemplateCompletedWithErrors","message":"Export…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

  18. Need average duration trend for Azure Data factory pipelines in Log analytics

    Azure Data Factory analytics(Preview) shows ADF statistics but it good to show the average duration of activities and pipelines for a week trend

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  19. Log Analytics - Alert rule does not work if the table is not yet created

    We want to create an alert rule on the non-existent table(yet), this is because we are sending the PSCustomObject to the custom table from the automation job, once the problem occurs, the initial table will be created with the results. We want to pre-recreate this rule, workaround, for now, is to generate the table with some custom data. Can this be fixed please?

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  20. Microsoft Dependency Agent does not support SUSE kernel 4.12.14-95.13-default

    Microsoft Dependency Agent does not support SUSE kernel 4.12.14-95.13-default

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  • Don't see your idea?

Feedback and Knowledge Base