Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Cannot add account with underscore in the email address

    I get an error when I try to add my external account.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →
  2. Intelligence Pack Updates

    With IP's that are pushed out from Microsoft down to SCOM, it would be handy to have a RSS feed, or SCOM alert, that would notify that a new IP is being distributed, along with a list of changes.
    This could be also for changes to the Ops Insights website.

    If anything does go wrong with a change MS makes, especially if it affects SCOM clients/monitoring, we can at least be aware that a change has happened.

    As I understand, MS push out changes to IP's, so we have no control on when those changes affect our environment.

    Currently I've…

    18 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We do multiple deployments a day, this is very challenging to do in a services world, especially for the cloud part: the portal and multiple other parts of the online service can change and be redeployed dozens of times each day, every day, on a typical week when developers check in new code, this goes thru a bunch of automated validation, and then gets pushed out.
    We have ability to show/hide new features to selected tenants/workspaces – but there are a lot of teams that independently contribute to the portal and system for various scenarios, and check in and deploy their changes independently thru automated workflows.

    We intentionally go ‘slower’ with the Intelligence Packs – because we know that they can affect on-premises. Those are generally pushed out at a slower cadence, but can still happen a few different times in the same week; the deployment mechanisms are similar, but…

  3. Sharepoint Integration

    Could there be functionality to embed dashboard widgets into a SharePoint page? We are putting a lot of our SCOM dashboards into SharePoint, and it would be fantastic to include Ops Insights dashboards into the same SharePoint site, without sending users to another web site.

    13 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Extensibility / Partner scenarios  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback.

    A starting point you could look at in this sense is the opsmgr dashboard integration, which is script-based (so, easy to dissect and recompose – it shows you how to issue your own search to the portal’s search page programmatically) http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519195-integrate-search-into-opsmgr-dashboards

    or today you can run your own code – the recently released Search API http://blogs.technet.com/b/momteam/archive/2015/06/18/oms-log-search-api-documentation-is-here.aspx

    Also look at this other – related, more generic – idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6984082-access-read-only-dashboard-directly-from-url

  4. Failover nodes that are running inside of Windows Server 2012 virtual machines may fail to join the cluster

    I am getting alert "Failover nodes that are running inside of Windows Server 2012 virtual machines may fail to join the cluster". The suggested fix and referenced KB article (http://go.microsoft.com/fwlink/?LinkId=320726) talk about disabling the "Microsoft Failover Cluster Virtual Adapter Performance Filter" binding on the host nodes (not in the guest).

    However, I am getting this alert with a Windows 2012 VM guest cluster in Azure IaaS (using the cluster for SQL AlwaysOn). I obviously can't change the host nodes in Azure. What am I supposed to do? Should I disable this binding in the guest OS also?

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Incorrect (again) - Unsupported SQL Server version used by VMM

    This issue was Previously reported and marked fixed on Aug 18, 2014, but I am seeing it now with a supported version of SQL server.

    I am running VMM 2012 R2 UR4 (VMM Version: 3.2.7768.0). SQL version used by instance hosting VMM database (as reported by select @@VERSION) is:

    Microsoft SQL Server 2012 (SP1) - 11.0.3401.0 (X64) Jan 9 2014 13:22:15 Copyright (c) Microsoft Corportation Enterprise Edition: Core-based Licensing (64-bit) on Windows NT 6.2 <X64> (Build 9200:) (Hypervisor)

    It appears the rule/monitor cannot detect the SQL version. See export of the alert attached

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Ability to upload logs on Demand and then remove them once analyzed.

    Support Scenario- Engineers ingesting “on demand”, any log from any server/customer they would like into a temporary/their workspace, querying them, working on the issue, and subsequently deleting the data when they are done.

    15 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    For ‘bring your own logs’ – Yes we would like to enable that – we need to first do work to enable per-workspace/per-tenant schema (types and their fields) definition – so you can define how to parse your own custom logs in the first place. See this item http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-or-xpath-to-pe

    Then – new types of logs or existing ‘known’ types that are already defined in the system – then comes the part of defining where do I find the log to ingest in the first place – would you store it in Azure storage, do you expect to ‘upload’ it via the portal on demand for troubleshooting? We have appetite for something like polling from a storage account (we do it for WAD already anyway) – but still mostly from an ‘ongoing’ pulling of data for warehousing or monitoring.

    Not sure about the removal part either – all our billing and…

  7. Multi tenant management for the enterprise

    Azure Operational Insights Portal screen can be viewed is subscriber only. The Azure Operational Insights enterprise-friendly features as a subscription for more than one portal screen can review together and happy.

    34 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

    Currently, you can add your users fro the ‘settings’ page and invite either LiveID or AAD users/groups to access the workspace directly from https://preview.opinsights.azure.com/

    You can have direct agents and SCOM management groups that live in different subscriptions than the one the workspace is linked to. The only scenario that is limited at the moment is ingesting data from storage accounts (WAD data). We are investigating for how many this is important enough to allow cross-subscription reading of Storage accounts.

    Also read this other thread for an additional requirement we have heard in this area http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519233-improve-multitenancy-for-managed-services-provider#comments

  8. Allow me to remove managed systems (Management Groups and Directly Connected Servers/Agents) from Usage page

    Implements a feature to remove managed ( Management Groups and to Directly Connected Servers ) Overview Usage from want? I think even if servers Connected Directly, the agent is uninstalled, cannot be removed from Operational Insights Usage. Cannot disconnect in the SCOM Management Groups are for the Operational Insights on want to remove.

    41 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    In the current implementation, Management groups CAN already be removed, but only once they are ‘stale’ == have not reported ANY data for >14days, the link to remove will appear.

    The number of Directly reporting agents in ‘settings’ page is the actual number of servers registered, but the drill down will take you to search (where servers presence is inferred from the data).

    We will be working on options to de-register directly connected servers, similarly to we offer for SCOM management groups.

  9. Is there a way to log changes of the product itself?

    Who added IPs? Who did any user management actions? etc.

    17 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

    Today we log actions taken through the Azure portal (e.g. create/delete workspace, add/remove storage account). These are viewed under “Operational Logs” from the “Dashboard” page in the Azure portal.

    We intend to add more logging of actions (e.g. add/remove intelligence packs) in the future.

    Add votes to this to help us prioritize when this occurs.

  10. 324 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Support parametrized search query in dashboard tiles

    Have ability to save search query that accept parameter, like
    "All Accounts log in to Computer X" where X will be provided later

    17 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  12. Keep a history of navigation in addition to search queries

    In addition to search query history keep the navigation history , like which IP has been opened, what drill down has been used to user can easily go few steps back in his investigation and take another path.

    11 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Browser Support  ·  Flag idea as inappropriate…  ·  Admin →
  13. Provide an Intelligence Pack for System Center Service Manager

    Create an intelligence pack for System Center Service Manager to provide additional analytical data for problem management, incident analysis, and configuration item analysis.

    272 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Enable Share Search functionality on Mobile app

    When you away from your desktop and have a mobile app handy, frequently you see the search result that you would like to share with your colleagues. This request it to enable Share functionality on Search, so you can email the query to your colleague or to yourself.

    5 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  15. Display Servers & Usage on the Mobile app

    Have ability to display amount of data being sent to OpInsights and ability to see if the data crossed the (defined) thresholds.
    Also, have ability to see the list of servers sending the data.

    22 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →

    Let’s see how many need this on mobile.

    Currently, metering information 9as in KB/MB/GB sent) is only available as a daily total for the whole workspace, irrespective of where the data comes from.

    You can already get a breakdown of which machines are sending the most data by using search queries and counting how many records (record count, not size in KB) are there for each machine, i.e.

    Type=Event | Measure count() by Computer

  16. Add copy and paste in Windows Phone app

    Add copy and paste for Search query in mobile app.

    8 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →

    Will forward to the mobile app team. You mean in the ‘search’ query editor you can select but you can’t copy/paste, right?

    The best way at this stage is to, however, compose and save your ‘saved searches’ in the portal and then use them. the query editor on mobile is meant for quick ad-hoc modifications, not full scale editing :-)

  17. Chargeback Intelligence Pack

    Get chargeback with On Premisse System Center is not easy because you need to install SCSM or get third software. Why not get chargeback reports trough Azure Operational Insights?

    Obs.: Sorry for the poor english.

    9 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. BizTalk Server Intelligence pack

    Create an Intelligence pack for BizTalk Server, something similar to BizTalk Server 2013 Monitoring Management Pack:

    - Application Views
    - Application Artifacts Views
    - Deployment Views
    - BAM Component Views
    - BAM Alerts
    etc

    As a MS partner company we have several customers very interested in this feature!!

    122 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    That’s a quote a lot of votes from a bunch of new users in a very short time, although 9 people are from the same two companies and 7 other are anonymous, and a few other ones. Let’s see how generally applicable/widespread the demand is.

    Also see the comment from Daniele M. below for general considerations about monitoring scenarios.

    Let’s also clarify (this is not clear in the request): is the request to support:
    a) ‘traditional’ on-premises BizTalk
    or
    b) Azure BizTalk services
    ?

  19. User interface / owned - not owned

    Make it more intuitive which packs have been added and which have not. There is just the label "Owned".

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    ‘owned’ currently means ‘added’ to this workspace.
    We got the term for consistency with how it says in the Windows Store, but there is no concept of a ‘user’ acquiring an IP and then adding it to the workspace(s). You always just add it to the workspace and that’s it.

    But we’ll consider a better/clearer terminology if this is unclear, thanks for the feedback.

    You seem to like just ‘Added’?

  20. 11 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base