Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Alert email query character limit

    There is a link in the alert emails from Log Analytics that pulls up the query results in a browser. There seems to be a character limit on the query that is returned by the link. One of our queries is 800+ characters and is only partially displayed, resulting in a syntax error when following the link. Please increase the character limit of the linked query.

    9 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  2. dnat or network rule alert and/or search query

    It would be nice to be able to search if anyone create specifically a dnat rule using azure firewall . At the momemt it is only possible to create a Activity Log Alert for "Creates or updates an Azure Firewall" event , however it’s not limited to NAT Rule Collection only but creates activity logs if it falls under below criteria and you can create an alert on top of it. it’s a broader alert for any activity within the Firewall resource

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ruby Rails

    Ruby version in Azure. The current version of Ruby Rails supported by Azure will no longer be supported in 2019. What is the upgrade path?

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Recursive Log Collection paths

    Recursive Log collection paths for Custom Logs

    This will help users like me with folders that have logs + subfolders with logs.

    39 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Ability to set Daily volume cap using Azure Powershell or AzureRM template

    Currently there is no other way to set "Data volume cap" for Log Analytics workspace except Azure Portal. When mass deploying workspaces for our customers it is very inconvenient.
    Powershell cmdlet similar to Set-AzureRmApplicationInsightsDailyCap would work.

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  6. Provide Proxy Details to be passed in Portal, rather than logging into the servers and rerun the OMS agent with proxy paramaters

    Provide Proxy Details to be passed in Portal, rather than logging into the servers and rerun the OMS agent with proxy paramaters.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. event log filtering

    provide ability to define custom event log filtering to include / exclude events from specific hosts or groups.
    All, Common, Minimal are not effective and are causing cost overruns.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. Add the ability to regenerate individual keys (primary or secondary) via REST APIs

    The API claims to have a way of regenerating keys but it only seems to allow regenerating both keys at the same time. This defeats the purpose of having two keys since that is supposed to enable you to use one key while regenerating the other. This is also at odds with what is exposed in the Azure portal - where the primary and secondary keys each have a hyperlink to regenerate and seem to be able to regenerate independently.

    Link to API - https://docs.microsoft.com/en-us/rest/api/loganalytics/workspaces%202015-03-20/regeneratesharedkeys

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  9. Custom Logs to support Unicode files

    SQL Server supports unicode files only and this is not a supported format to import into custom logs. https://blog.sqlauthority.com/2018/05/14/sql-server-fix-msg-22004-the-log-file-is-not-using-unicode-format/

    9 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Provide ability to query resource Graph data from Log Analytics

    Please provide option to query resource graph data from Log Analytics. That will allow to correlate data between those and some interesting scenarios will be possible. Also you should be able to use Log Analytics query that reaches resource graph and you can create Log Search alert.

    44 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Extensibility  ·  Flag idea as inappropriate…  ·  Admin →
  11. We should be able to customize the email body of the email notification generated by Alerts.

    So, Alerts will be sending default emails.. we should be able to generate the customized email with the search results.

    23 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  12. MAG NPM - Service Connectivty Monitor - List O365 GCC High / DoD Endpoints

    Within Azure Government - the NPM Service Connectivity Monitor's pre-canned rules for Office 365 point to the Commercial instance. Idea is for the following:
    1. Add additional pre-canned rules for O365 GCC High and DoD endpoints
    2. Create an Azure Doc that lists the endpoint URLs and ports that way proper monitoring could be configured within NPM SCM (or 3rd party tooling)

    The O365 URL / IP list is not a viable list as it lists wildcard hostnames (which is appropriate for firewall configurations, not for monitoring)
    https://docs.microsoft.com/en-us/office365/enterprise/office-365-u-s-government-gcc-high-endpoints

    5 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Network Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  13. Microsoft Teams integration with Azure Log Analytics

    How to integrate, connect Microsoft Teams to Azure Log Analytics? and send Microsoft Teams logs to Azure Log Analytics

    15 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Bola carfasom

    Agent shop

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to turn off Filter (preview)

    When using the Log Analytics query portal, every time we execute a query, the portal automatically switches to the Filter (preview) pane. When working with complex data (such as AzureDiagnostics or Syslog), this hangs the browser--sometimes for several minutes.

    Can we please have the option to turn this feature OFF? I personally find it useless for my day-to-day work anyway (and I live in Log Analytics).

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable Microsoft Teams connect, integration with Azure Log Analytics

    How to integrate, connect Microsoft Teams to Azure Log Analytics? and send Microsoft Teams logs to Azure Log Analytics

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow us to create Dashboards and Tiles through the CLI or a script

    It would be nice if we could generate new dashboards for new VMs via a script.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  18. kubelet

    it would be really nice to add the functionality to collect kubelet logs to log analytics for AKS monitoring.

    sudo journalctl -u kubelet -o cat

    https://docs.microsoft.com/en-us/azure/aks/kubelet-logs

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Add support for Managed Service Identity (MSI)

    If Log Analytics had support for MSI then we wouldn't have to deal with client IDs and secrets in apps running on a VM that has an identity in AAD, and can acquire MSI tokens.

    We would like to control for each VM according to its role, to be able to read/write/manage the Log Analytics workspace.

    https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-msi#azure-services-that-support-azure-ad-authentication

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Azure Resource Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. ITSM

    For incidents logged by the ITSM connector it would be beneficial to pass the Azure resource name into Service Now as the configuration item. Currently all incidents raised have a blank CI.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base