Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. BizTalk Server Intelligence pack

    Create an Intelligence pack for BizTalk Server, something similar to BizTalk Server 2013 Monitoring Management Pack:

    - Application Views
    - Application Artifacts Views
    - Deployment Views
    - BAM Component Views
    - BAM Alerts
    etc

    As a MS partner company we have several customers very interested in this feature!!

    122 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      That’s a quote a lot of votes from a bunch of new users in a very short time, although 9 people are from the same two companies and 7 other are anonymous, and a few other ones. Let’s see how generally applicable/widespread the demand is.

      Also see the comment from Daniele M. below for general considerations about monitoring scenarios.

      Let’s also clarify (this is not clear in the request): is the request to support:
      a) ‘traditional’ on-premises BizTalk
      or
      b) Azure BizTalk services
      ?

    • User interface / owned - not owned

      Make it more intuitive which packs have been added and which have not. There is just the label "Owned".

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)

        ‘owned’ currently means ‘added’ to this workspace.
        We got the term for consistency with how it says in the Windows Store, but there is no concept of a ‘user’ acquiring an IP and then adding it to the workspace(s). You always just add it to the workspace and that’s it.

        But we’ll consider a better/clearer terminology if this is unclear, thanks for the feedback.

        You seem to like just ‘Added’?

      • 11 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
        • Health View

          Would be nice to have a health view of the systems in our environment so that we can click on a server or component and see the health. This would be hugely beneficial for us.

          11 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • iPad Friendly App

            Provide iPad Friendly App to access Operational Insights

            8 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
            • Android Tablet friendly App

              Provide Android Tablet friendly App to access Operational Insights

              6 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
              • Collect ETW Trace Logs

                Windows Events collected today are only from the 'classic' NT-style eventlogs (Application/System) as well as from the Crimson logs (Vista and above) that are saved in ETVX format.

                It would be nice to enable collection of ETW Trace Logs too (.ETL), like /Analytics and /Debug logs.

                57 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)

                  Feedback received in email and posted on behalf of the user.

                  We see ETW support more suited for ‘diagnostics’ rather than ‘operational’ scenarios, anyhow – and our focus is more on the latter, at least right now.

                  but wonder how many people would like to see this?

                • Log Filtering

                  I want to be able to filter stuff I don't want to collect in logs. For example with ACS (in SCOM) I could apply filters that didn't collect system logins. I would like this functionality in all logs, for example I would want to filter IIS logs to remove data from certain IP addresses.
                  I can see customers wanting to use this type of functionality when the costs of data start to pile up.

                  67 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Ability to open multiple panes when troubleshooting

                    When troubleshooting, I want to keep each pane open that I bring up rather than drilling down and losing original search pane.
                    Typically when I troubleshoot, I have multiple panes open, for example on a server I may have the event log, perf mon and Bing search open. When I use AOI, I may find a useful bit of info but then lose that screen when I look for something else.
                    I would like the ability to resize and snap upto 4 different search screens on one page or be able to snap a view into another browser window. This…

                    13 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      3 comments  ·  Browser Support  ·  Flag idea as inappropriate…  ·  Admin →
                    • Data Retention Intervals By Data Type

                      Would like to request a data retention interval by data type (Similar to what is done in SCOM.) Specifically, the ability to set retention timeframes on "Performance Data", "Event data", and "Analytic Data."

                      88 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        planned  ·  0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
                      • Intelligence pack for operations manager assessment

                        Operation managers Health and assessment will be a good report with which we can review and identify how the SCOM monitoring system is monitoring the systems.

                        Management Servers are already connected to Azure Ops Insights to send the data ,so collecting this information should be easy.

                        14 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • Allow customization to point to team specific knowledge base along with the customer support.microosoft.com site

                          Currently the product points to the knowledge base which is at support.microsoft.com,instead of that if that can be reconfigured so as it can be pointed to some customized knowledge based solutions.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                          • Collect IIS Advanced logs

                            Allow the collection and addition of custom fields using advanced logging or custom IIS modules. Example is to add x-forwarded-for to IIS logs in W3WC format.

                            192 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)

                              Let’s see how many come here and vote this, but we probably won’t special case this one log type ourselves.

                              We are anyhow doing work to enable per-tenant schema (since your fields would be different than mine) – tracked as part of the ‘custom fields’ work http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-allow-to-perform-parsing-and-custom-fields-extract
                              to be followed eventually by ‘custom logs’ http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files
                              and
                              http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc

                              which will enable this scenario – and many more!

                            • Collect IIS Logs from Windows Azure Diagnostics storage (WAD) for Azure Web Sites

                              Azure WebSites write to WAD in a different folder structure. The work of this other idea http://feedback.azure.com/forums/267889-azure-operations-insights/suggestions/6519377-collect-iis-logs-from-windows-azure-diagnostics-st enables reading those IIS logs for Azure Cloud Services (i.e. web role instances) but not for Azure Web sites.
                              This new idea is for the latter scope.

                              166 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • Collect HTTPERR Logs in addition to IIS Logs

                                I see that someone already suggested IIS Log inclusion, another log source leveraged in IIS is the HTTPERR Log which compliments the IIS Logs and provides the bigger picture of IIS health
                                [edited title, separate scope]

                                19 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)

                                  We are doing work on at the moment on custom fields – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-or-xpath-to-pe – which represents a stepping stone to allow custom data types into the system.

                                  The first iteration will only extract new (per tenant) fields for existing types, but later we need to address also the collection/gathering aspect (i.e. is your custom data already in azure? http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc or is your data something that comes from an existing log – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files) to allow customers to define what logs you want, where they are, how do they look, how to parse them, etc.

                                  Basically, we might or might not address this item as an out of the box ‘solution’ but the current thinking is to leave it open until the generic platform capabilities can support it (this and any other logs, at that point).

                                • When pivoting from results of Measure count() queries that use INTERVAL (based on field TimeGenerated) drill down query returns no result

                                  REPRO steps:
                                  Do a query like Type:Event | Measure count() interval 1DAY; the grouped results you get back will have TimeGenerated as the first field.... but the row in the table really represents a time RANGE/interval
                                  When clicking on a group, the resulting query becomes something like Type:Event TimeGenerated:"2014-02-25T20:04:39.234Z" - this yelds no results because the TimeGenerated is really just the BEGINNING of the '1DAY' interval.

                                  How it should work:
                                  backend API should provide more information back to the caller, such as
                                  - informing that this group is not based on a fixed string value (like in many other cases…

                                  2 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    under review  ·  0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Allow me to choose the 'width' of each time bar in 'results over time' facet / time control

                                    Now it automatically adjusts - i.e. when looking at 7 days, each bar becomes 6 hours. It would be nice to decide what interval to choose.
                                    6 hours is an odd interval. If I am looking at 7 days I would rather see how many of those results are there each day/24 hrs intervals/buckets.
                                    If I am querying 1 or 2 days, I probably want to see a hourly breakdown.

                                    The idea is to offer a drop down to allow selecting specific aggregation intervals.

                                    5 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

                                      Hi,

                                      Thanks for offering this feature. Currently the plan is to upgrade the portal with many new features, the timeline is being re-designed as part of it.
                                      Until that, I can only recommend you to use the query to generate charts that describe this in the manner that fits your data best.

                                      We’ve recently upgraded the query language. Here’s an example of the new syntax, using 3-hour bins over the last two days of events:
                                      Event
                                      | where TimeGenerated > now(-2d)
                                      | summarize count() by bin(TimeGenerated, 3h)
                                      | render timechart

                                      Regards,
                                      Noa

                                    • Need more status update than "let it run overnight" "wait several hours"

                                      Need more status update than "let it run overnight" "wait several hours". It would be great to get additional status. For example: we've successfully connected to your onpremise System Center server. OR you need to setup a connection before we can pull data. OR we're currently pulling data (1GB out of 10GB).

                                      7 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

                                        There are a few different requirements and different things that can happen for each intelligence pack. Some of that troubleshooting needs to be done on-premises (the service doesn’t know what it has never seen…). Refer to our troubleshooting blog post for the latest http://blogs.technet.com/b/momteam/archive/2014/05/29/advisor-error-3000-unable-to-register-to-the-advisor-service-amp-onboarding-troubleshooting-steps.aspx

                                        Nevertheless, onboarding has been greatly simplified (a few times, leading to GA of the service) in the last year, including the introduction of the ‘Settings’ tile (hub), and the scale of the service has improved to deal with higher data rates (not making you wait too long, basically, see this http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519343-real-time-near-realtime-data-collection ).

                                        We think we are in a much better place than when you filed this idea, do you agree?

                                      • Business Service / Distributed Application health from SCOM

                                        I would like to be able to provide a summary for a business service. For instance, if I had a 3 tier distributed application defined in Operations Manager, report on configuration, performance, security against the DA.

                                        25 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)

                                          This isn’t really a prioritized scenario at this point, as we don’t really bring all of the OpsMgr data to the cloud, but only for specific scenarios (to which you can opt in/out by adding/removing ‘intelligence packs’).

                                          I updated the category of this idea to match it is a new Intelligence Pack/scenario suggestion.

                                        • A column should be added next to the top latency to show top throughput (IOPS).

                                          Under direct attached storage tab it would be helpful to have another column of servers that show the top throughput list. Perhaps anpther column showing lowest would also be helpful.

                                          9 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            under review  ·  0 comments  ·  Capacity Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base