Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Get the top Public IPs in the Traffic Analytics Geo Map View

    Hi,
    I would like to get the top Public IPs in the Traffic Analytics Geo Map View menu.
    Right now we only get the malicious traffic IPs.
    This could be useful if we want to monitor the traffic amount even for IPs that are not tagged as malicious.

    Thanks

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Network Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  2. Full instance name for performance counters

    Exchange Server has composite Instance names. For example, latency info for databases is located in "MSExchange Database ==> Instances(*)\I/O Database Reads (Attached) Average Latency" counter . An instance name looks like 'Information Store - DB1\_Total', 'Information Store - DB2\_Total'. But Log Analytics leaves only last part of an instance value an I see "_Total#1", "_Total#2" etc. It's not possible to identify a corresponding database. It's necessary to store a full instance name in some column.

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Email Notifications should show all devices instead of only 10

    Currently OMS email notifications show details of only 10 devices/machines in the email body even if there are more devices in the notification list. Requesting a change to the email notification to include all results in the email or atleast the ability to modify the max number of devices in the email body.

    15 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  4. Auto Extraction of JSON Data

    It needs the ability to import JSON files (and other fomats such as XML) and have the fields auto extracted as custom fields. Without this, it makes searching on new fields cumbersome and creating new custom fields for all new JSON fields isn't feasible.

    This would more closely match the capabilities of Splunk and allow more people to make a more seamless transition.

    8 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Issues creating workspaces if you selected all subscription in Azure Portal filter

    if you are creating workspace and you selected all subscription in Azure Portal filter. the worskpace will be created in the first one and this could be confused. this is not in the official documentation.

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Connect Tableau to Log Analytics

    it is still not possible to connect to Log Analytics using Tableau to generate reports

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Log Analytics Alerts Resource Type changes from what is in Template

    When programatically deploying Log Analytics Custom Query search Alerts, the template specifies a resource type of "Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions" Once the deployment finishes though, the Alert resource type shows "Microsoft.Insights/scheduledQueryRules"

    I'm using this documentation to deploy my alerts:
    https://docs.microsoft.com/en-us/azure/monitoring/monitoring-solutions-resources-searches-alerts

    When I use that template I'm able to easily surpass the quota of 800 resources per Resource Group which is great, I have thousands of alerts I'd like in one resource group. When I attempt to deploy Application Insights Alerts to the same Resource Group, I get a ResourceQuotaExceeded exception.

    Application Insights Template documentation:
    https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-alerts-unified-log-template

    The Resource Type shouldn't change from what's in…

    5 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Azure Resource Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enable in UK West

    Flow logs have to use storage in the same region as the NSG, but then Traffic Analytics recommends that you use an OMS/LA workspace that's in the same region as your storage to minimise data egress.

    If you have an NSG in UK West, then that's impossible as OMS/LA is not available there.

    Either enable LA in UK West or provide free data egress for this purpose.

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  9. Express route monitoring error "Not passing through circuit(s)"

    I am able to ping and tracert from One system to another system but in Express route monitoring i get an error "Not passing through cirtcuit(s)"

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Network Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  10. Can I monitor process on Linux?

    Linux Agent can not monitor process other than custom log.
    When is process monitoring installed as a standard function?
    Customer wants to use it.
    Because customer need to take cost for using Custom Log.
    Now, customer redirects result of ps command to Custom log file.
    They want to stop these operation.

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Save container labels in ContainerLog entries, and allow querying by them in Log Analytics

    The docker logging system allows labels and/or tags to be added to the log output, depending on the logging driver in use; see https://docs.docker.com/config/containers/logging/configure/#use-environment-variables-or-labels-with-logging-drivers for example.

    When a container's logs are picked up by the OMS Agent and forwarded to Container Monitoring as part of Log Analytics, It would be useful if these labels/tags could be saved as part of each log entry.
    Also, it would be useful if log queries could be filtered according to these labels/tags, for example something like this:
    ContainerLog
    | where Labels.environment == "production" and Labels.nodetype = "worker"

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. SQL Assessment performance tempdb

    Priority Performance recommendation to "Configure the tempdb database to reduce page allocation contention" reporting incorrectly for SQL 2017 instance. Trace flag -T1118 is obsolete and has no effect in SQL 2017 per MS white paper.

    2 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  SQL Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  13. Can't create alerts based on cross-resource queries

    It used to be possible through the OMS portal to link an Application Insights instance to Log Analytics. Since the portal is being depreciated, along with the App Insights connector, we are forced to use cross-resource queries to query an App Insights instance from a separate Log Analytics instance. This works fine for general queries, but we cannot create alerts based on cross-resource queries. The alert will not create because of a "syntax error", when the same query works in Log Analytics.

    There should be a way to ingest App Insights data into a Log Analytics instance. Or else we…

    44 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  14. log analytics we don't have recovery solution

    We have only backup solution in OMS, cx would also recovery solution in OMS in Azure portal.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Want VM inventory in Automation to collect SQL server edition

    May I have a request about the enhancement to the information reported on by Log Analytics in the VM inventory? Because currently it doesn’t include the SQL server edition. Thanks a lot !

    20 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Sum durations in SQL Analytics Query page

    Please add sum duration column to the queries table on Query durations page in SQL Analytics solution. Please see the attached screenshot. Thx

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Bug: OMS Gateway.msi - product id number not same after install (registery)

    hi,
    i just tried to install the OMS Gateway.msi with the package dsc resource, unfortunately it installs not correct. Although it does install the oms gateway. issue is, by installatation it checks on ProductCode : 5225CCB2-878D-4D3E-8EF3-E9ED963556B7 .

    BUT after installation , it registers with a different productcode CC7658E2-7EB2-44D1-97C0-D0048717F6A9 .
    for now i fixed it for my dsc configuration, might be a minor to look into

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  OMS Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  18. Bring back the capacity and performance Solution Pack

    Please bring back the Capacity and Performance Solution Pack

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Capacity Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  19. Create the cmdlet to fetch our OMS alert or alert rule to easly maintenance, due Get-AzureRmAlertRule do not support this feature today.

    Add support to get-azurermalertrule to handle the OMS Alert and alert rule to maintenance, clone, delete, etc. Due actually is not supported, if you need it required to work on Alert API.

    24 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  20. ServiceNow User App for Microsoft OMS integration support for ServiceNow London release

    We want to integrate our ServiceNow London release instance with the OMS ITSM solution.

    Currently the ServiceNow User App for Microsoft OMS integration is only supported till ServiceNow Kingston release. We also want to have some clarification how often the app will be updated oin the future to follow the ServiceNow release schedule.

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base