Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. kubelet

    it would be really nice to add the functionality to collect kubelet logs to log analytics for AKS monitoring.

    sudo journalctl -u kubelet -o cat

    https://docs.microsoft.com/en-us/azure/aks/kubelet-logs

    6 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Add support for Managed Service Identity (MSI)

      If Log Analytics had support for MSI then we wouldn't have to deal with client IDs and secrets in apps running on a VM that has an identity in AAD, and can acquire MSI tokens.

      We would like to control for each VM according to its role, to be able to read/write/manage the Log Analytics workspace.

      https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-msi#azure-services-that-support-azure-ad-authentication

      4 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Azure Resource Management  ·  Flag idea as inappropriate…  ·  Admin →
      • ITSM

        For incidents logged by the ITSM connector it would be beneficial to pass the Azure resource name into Service Now as the configuration item. Currently all incidents raised have a blank CI.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Get the top Public IPs in the Traffic Analytics Geo Map View

          Hi,
          I would like to get the top Public IPs in the Traffic Analytics Geo Map View menu.
          Right now we only get the malicious traffic IPs.
          This could be useful if we want to monitor the traffic amount even for IPs that are not tagged as malicious.

          Thanks

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Network Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
          • Full instance name for performance counters

            Exchange Server has composite Instance names. For example, latency info for databases is located in "MSExchange Database ==> Instances(*)\I/O Database Reads (Attached) Average Latency" counter . An instance name looks like 'Information Store - DB1\_Total', 'Information Store - DB2\_Total'. But Log Analytics leaves only last part of an instance value an I see "_Total#1", "_Total#2" etc. It's not possible to identify a corresponding database. It's necessary to store a full instance name in some column.

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
            • Email Notifications should show all devices instead of only 10

              Currently OMS email notifications show details of only 10 devices/machines in the email body even if there are more devices in the notification list. Requesting a change to the email notification to include all results in the email or atleast the ability to modify the max number of devices in the email body.

              15 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                2 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
              • Auto Extraction of JSON Data

                It needs the ability to import JSON files (and other fomats such as XML) and have the fields auto extracted as custom fields. Without this, it makes searching on new fields cumbersome and creating new custom fields for all new JSON fields isn't feasible.

                This would more closely match the capabilities of Splunk and allow more people to make a more seamless transition.

                8 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Issues creating workspaces if you selected all subscription in Azure Portal filter

                  if you are creating workspace and you selected all subscription in Azure Portal filter. the worskpace will be created in the first one and this could be confused. this is not in the official documentation.

                  4 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                  • Connect Tableau to Log Analytics

                    it is still not possible to connect to Log Analytics using Tableau to generate reports

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Log Analytics Alerts Resource Type changes from what is in Template

                      When programatically deploying Log Analytics Custom Query search Alerts, the template specifies a resource type of "Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions" Once the deployment finishes though, the Alert resource type shows "Microsoft.Insights/scheduledQueryRules"

                      I'm using this documentation to deploy my alerts:
                      https://docs.microsoft.com/en-us/azure/monitoring/monitoring-solutions-resources-searches-alerts

                      When I use that template I'm able to easily surpass the quota of 800 resources per Resource Group which is great, I have thousands of alerts I'd like in one resource group. When I attempt to deploy Application Insights Alerts to the same Resource Group, I get a ResourceQuotaExceeded exception.

                      Application Insights Template documentation:
                      https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-alerts-unified-log-template

                      The Resource Type shouldn't change from what's in…

                      5 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Azure Resource Management  ·  Flag idea as inappropriate…  ·  Admin →
                      • Enable in UK West

                        Flow logs have to use storage in the same region as the NSG, but then Traffic Analytics recommends that you use an OMS/LA workspace that's in the same region as your storage to minimise data egress.

                        If you have an NSG in UK West, then that's impossible as OMS/LA is not available there.

                        Either enable LA in UK West or provide free data egress for this purpose.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
                        • Express route monitoring error "Not passing through circuit(s)"

                          I am able to ping and tracert from One system to another system but in Express route monitoring i get an error "Not passing through cirtcuit(s)"

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Network Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                          • Can I monitor process on Linux?

                            Linux Agent can not monitor process other than custom log.
                            When is process monitoring installed as a standard function?
                            Customer wants to use it.
                            Because customer need to take cost for using Custom Log.
                            Now, customer redirects result of ps command to Custom log file.
                            They want to stop these operation.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • Save container labels in ContainerLog entries, and allow querying by them in Log Analytics

                              The docker logging system allows labels and/or tags to be added to the log output, depending on the logging driver in use; see https://docs.docker.com/config/containers/logging/configure/#use-environment-variables-or-labels-with-logging-drivers for example.

                              When a container's logs are picked up by the OMS Agent and forwarded to Container Monitoring as part of Log Analytics, It would be useful if these labels/tags could be saved as part of each log entry.
                              Also, it would be useful if log queries could be filtered according to these labels/tags, for example something like this:
                              ContainerLog
                              | where Labels.environment == "production" and Labels.nodetype = "worker"

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • SQL Assessment performance tempdb

                                Priority Performance recommendation to "Configure the tempdb database to reduce page allocation contention" reporting incorrectly for SQL 2017 instance. Trace flag -T1118 is obsolete and has no effect in SQL 2017 per MS white paper.

                                2 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  SQL Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                                • Can't create alerts based on cross-resource queries

                                  It used to be possible through the OMS portal to link an Application Insights instance to Log Analytics. Since the portal is being depreciated, along with the App Insights connector, we are forced to use cross-resource queries to query an App Insights instance from a separate Log Analytics instance. This works fine for general queries, but we cannot create alerts based on cross-resource queries. The alert will not create because of a "syntax error", when the same query works in Log Analytics.

                                  There should be a way to ingest App Insights data into a Log Analytics instance. Or else we…

                                  41 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    2 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
                                  • log analytics we don't have recovery solution

                                    We have only backup solution in OMS, cx would also recovery solution in OMS in Azure portal.

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Want VM inventory in Automation to collect SQL server edition

                                      May I have a request about the enhancement to the information reported on by Log Analytics in the VM inventory? Because currently it doesn’t include the SQL server edition. Thanks a lot !

                                      20 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Sum durations in SQL Analytics Query page

                                        Please add sum duration column to the queries table on Query durations page in SQL Analytics solution. Please see the attached screenshot. Thx

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                        • Bug: OMS Gateway.msi - product id number not same after install (registery)

                                          hi,
                                          i just tried to install the OMS Gateway.msi with the package dsc resource, unfortunately it installs not correct. Although it does install the oms gateway. issue is, by installatation it checks on ProductCode : 5225CCB2-878D-4D3E-8EF3-E9ED963556B7 .

                                          BUT after installation , it registers with a different productcode CC7658E2-7EB2-44D1-97C0-D0048717F6A9 .
                                          for now i fixed it for my dsc configuration, might be a minor to look into

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  OMS Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base