Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Operational Insights Onboarding Issues, Error 4200

    I have been have some issues connecting my existing Operations Center install to Operational Insights. I had experimented with the very first version of operational insights and had subsequentially removed it after some initial testing, I have readded the management packs and tried to reconnect to a new workspace I have created but I get the following Error :

    Error 4200: Unable to register to Operational Insights Service. Please contact the system administrator.

    I do notice that some of the management packs are downloaded, but I also received a lot of error messages in my event logs.

    The following messages…

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Error 4200 is “Unable To Save Settings”.
    This means that registration and saving the certificate in the Runas profile in SCOM succeeded, but when we tried to save the other settings like urls and workspace Id – something failed there – these are just calls to SCOM SDK, so the underlying issue could be in the SCOM management system / database (maybe load related).

    The best first step to take for this investigation is to enable VERBOSE tracing to see what precisely fails – refer to the tracing article https://support.microsoft.com/en-us/kb/942864 (you might need to involve formal support channel to decipher this).

  2. Inaccuracy in configuration assessment for patches

    We currently have configuration assessment enabled, and we are receiving alerts for 'Servicing state update 2871777 reduces errors when applying Windows Server 2012 updates. The problem is that this is superseded by KB3003729, which we have installed on the servers throwing this alert for the prior update.

    I realize that we can select to ignore these alerts, but if I want to receive value from Op Insights I don't feel it should be necessary to 'tune' alerts for things that are being recommended by Microsoft, having to essentially evaluate the validity of each alert before acting upon it.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Will forward the bug report to the team. These rules are still maintained, but you have noticed that part of the product still uses Silverlight screens and the ‘old’ (non search) backend.

    Generally speaking, the original Advisor scenario has evolved in a few ways:

    - Configuration ‘best practices’ check are being implemented per technology in vertical IP’s such as SQL Assessment – http://blogs.technet.com/b/momteam/archive/2014/10/23/new-sql-server-assessment-intelligence-pack-in-advisor.aspx and AD Assessment http://blogs.technet.com/b/momteam/archive/2015/02/24/new-active-directory-assessment-intelligence-pack-in-azure-operational-insights.aspx

    - tracking changes of configuration has been turned into the ‘Change Tracking’ solution http://blogs.technet.com/b/momteam/archive/2014/09/24/wish-you-knew-which-configuration-change-caused-the-issue-or-what-changed-on-a-server.aspx

    - System Update Assessment for tracking overall patch status

    The new platform allows more data types and scenarios and is still evolving.

  3. Allow for more than 1 tile for Azure Automation

    currently the automation tile is limited to show the status of a single Automation account,

    there is going to be a need for more than 1 Automation tile as people create more Automation accounts in there subscription.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  4. Horizontal Scroll Bar

    Add a horizontal scroll bar to the table view, or anywhere else that columns are re-sizeable.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →

    Maybe, but nested scrolling in web pages/frames becomes not very usable very quickly.

    Please check the related ideas with regards to how we are approaching ‘columns’ in table view.

    http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519229-allow-resize-of-columns-in-table-view-for-aggregate

    http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519220-columns-in-search

  5. manually trigger sql assessments

    Would be great to be able to trigger a refresh of the SQL assessment and email the results instead of waiting for the normal refresh cycle for the SQL assessments.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  SQL Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →

    Stopping and starting the agent, in the absence of a ‘synctime’ (see thread here https://social.msdn.microsoft.com/Forums/azure/en-US/a0b938c9-ed0f-4649-9f43-7aa14cd42ec4/controllingscheduling-advisor-runtime?forum=opinsights ) will force it to re-run. But we prevent it from running more frequently than 4 hours to minimize performance issues.

    Are you in SCOM or Direct agent?
    For SCOM we might be able to whip up a ‘task’ to click in console… otherwise there is no other infrastructure at the moment that allows ‘pushing’/triggering tasks from the cloud onto agents – the solution packs only contain a bunch of MPs that get downloaded every few minutes and contain RULEs that run on a schedule… ; probably future enhancements / deeper integration with the Automation engine might make this possible.

    Will pass along to the team, thanks for the feedback.

    For the way we think about ‘emails’ – it’s more as in alerts notifications at this stage – see this other item http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-long-running-saved-searches-or-scheduled-that-ca

  6. Make membername field facetable

    I am trying to search and find out security group changes for a user. The field I need is greyed out.

    The query I am running is Type=SecurityEvent EventID=4728 OR EventID=4729
    and I want to drill down into the MemberName field

    More info can be found here
    https://social.msdn.microsoft.com/Forums/azure/en-US/22a19ec3-a273-479a-8b7d-7aeb902d494b/fields-greyed-out?forum=opinsights

    Why is it unavailable, and can it be made available? it's a very useful security query.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  7. Please add an overview of exactly what data is collected

    Currently it is not clear on exactly what data is collected by which component.
    I want to be able to review the data which is collected by MOMS.
    Like which eventlogs, which performance counters exactly.
    Same goes for the integration packs, show us what is collect, why and how.
    We need this information to decide if data can be collected.
    Maybe and overview of rules and information from each inegration packl.

    In SCOM we can look at rules and telle exactly what is being collected.
    Look at monitors / script and tell exactly what is running on an agent.

    This…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for your feedback. Indeed. In SCOM, you can look at those rules.

    The old ‘Configuration Assessment – that was opaque. But all the new solutions just import MP’s whose rules you can see in SCOM, take apart, and study. All in all, we think this is much more transparent approach than the older one… does it make sense?

  8. Update the recommendation solutions to reflect that On-prem machines might be used

    My systems running the OMS agent are all local and on-prem in my envrionment. And yet, most of the copy in the solutions refers to them as Azure machines.

    I think this copy could be updated to reflect the fact that many people will use OMS as an SCOM alternative to manage machines that might be on-prem or off. Any explicit references to 'Azure' when refering to infrastructure strikes me as legacy text that should be updated.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  SQL Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  9. when doing a custom dashboard the titles are getting truncated

    when doing a custom dashboard the titles are getting truncated.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow to deploy agent using GPO

    I know there is way to deploy agent with workspace details but this requires to use the setup.exe file
    Can you please provide a way to deploy with GPO?
    thanks

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    You have a few options today:

    - startup scripts from GPO’s would be the most generic way to install and configure the agent. Command line to silent install as well as script snippets on how to enable/disable/configure thru COM API are documented here https://azure.microsoft.com/en-us/documentation/articles/operational-insights-direct-agent/

    - Powershell magazine came up with a DSC module that allows you to install the agent that way http://www.powershellmagazine.com/2014/11/26/dsc-resource-module-for-microsoft-monitoring-agent-install-and-configuration-for-azure-operational-insights/

    - if the machines are in Azure, there is a VM extension http://azure.microsoft.com/en-us/updates/easily-enable-operational-insights-for-azure-virtual-machines/

  11. Provide Intelligence Pack for AWS workloads

    What I would propose is to extend the capability of monitoring AWS workloads beyond simply installing an agent on their IAAS VMs. The AWS management pack for SCOM (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/AWSManagementPack.html) after importing the AWS IAM key into the system provides the capability to get fabric level details for their AWS environment.

    •EC2 instances
    •EBS volumes
    •ELB load balancers
    •Auto Scaling groups and Availability Zones
    •Elastic Beanstalk applications
    •CloudFormation stacks
    •CloudWatch Alarms
    •CloudWatch Custom Metrics

    If OpsInsight wants to target the cross platform as its goal, this should be a priority target.

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Add Office365 as monitoring object

    I would like to have an Office365 IP. For example, I would like to monitor the mailflow. If no mail is comming in for a few hours, I need a warning that there might be something wrong.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. sharepoint related alerts and issues

    Is there any way to streamline the alerts, errors, issues, space issue, content databases related issues etc to the Operation Management suite?

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    It depends what you mean.
    If you have Operations Manager, the Alert Management intelligence pack/ solution is what will sync those alerts (hence also those from SharePoint Management pack) to OMS – see here http://blogs.msdn.com/b/dmuscett/archive/2014/11/05/iis-mp-event-alerting-rules-s-opinsights-searches-equivalents.aspx

    If without OM, OMS today isn’t really (yet) a reactive/monitoring tool – by knowing the instrumentation/logs you can build search queries that are rough equivalents to monitoring ‘rules’ – i.e. see the exercise here for IIS http://blogs.msdn.com/b/dmuscett/archive/2014/11/05/iis-mp-event-alerting-rules-s-opinsights-searches-equivalents.aspx

    As for actual real time monitoring (i.e. producing alerts) – this idea can be tracked here http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-long-running-saved-searches-or-scheduled-that-ca

  14. Intelligence Pack to monitor LogicApps/Api apps events

    Requirement
    Need to monitor Logic App, out-of box api app and custom api apps.

    Thanks
    Tushar J

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. Collect data from custom containers in storage account

    We are trying to use appinsights and trying to export that data to the storage container. In the current version of OMS we want to configure custom storage container from where the logs/application data must be read for doing Alert Management.

    Thanks
    TJ

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →

    Yes in the future we would like to enable this, but it needs work to define your own schema and fields first – not just their location.

    This general work is also needed for ‘generic’ log collection i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files

    Also, for doing ‘alerts’ you need to be able to create those alerts – check this idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-long-running-saved-searches-or-scheduled-that-ca

  16. inefficient sql queries

    Give a report/recommendation in the SQL assessment IP for inefficient queries.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  SQL Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  17. 14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  18. 38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Manage Azure VM's from a Solution

    I am a Service Provider who offers managed ASR and Backup so two new solutions are great, but I also offer Managed VM's (IAAS) and managed App's (PAAS), I would like to be able to view and manage scoped views of VM's from the Azure VM's. This could be a list view of the VM's like how they are viewed in the Azure Portal, and basic abilities such as stop/start/pause/checkpoint VM's would be awesome (like you can do in the SCOM VMM MP). You could then have a create VM link and jump to Azure portal to create new VM…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. Ability to define a "friendly"name for machines reporting into Azure Opperational Insights

    In our scenario as a ISV we have many machines at different customer sites that have the same machine name. It would be extremely helpful if we were able to provide a friendly name or a description for machines reporting into the Azure Operational Insights Console.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base