Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. User interface / owned - not owned

    Make it more intuitive which packs have been added and which have not. There is just the label "Owned".

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    ‘owned’ currently means ‘added’ to this workspace.
    We got the term for consistency with how it says in the Windows Store, but there is no concept of a ‘user’ acquiring an IP and then adding it to the workspace(s). You always just add it to the workspace and that’s it.

    But we’ll consider a better/clearer terminology if this is unclear, thanks for the feedback.

    You seem to like just ‘Added’?

  2. 12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  3. Health View

    Would be nice to have a health view of the systems in our environment so that we can click on a server or component and see the health. This would be hugely beneficial for us.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. iPad Friendly App

    Provide iPad Friendly App to access Operational Insights

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  5. Android Tablet friendly App

    Provide Android Tablet friendly App to access Operational Insights

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  6. Collect ETW Trace Logs

    Windows Events collected today are only from the 'classic' NT-style eventlogs (Application/System) as well as from the Crimson logs (Vista and above) that are saved in ETVX format.

    It would be nice to enable collection of ETW Trace Logs too (.ETL), like /Analytics and /Debug logs.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Log Filtering

    I want to be able to filter stuff I don't want to collect in logs. For example with ACS (in SCOM) I could apply filters that didn't collect system logins. I would like this functionality in all logs, for example I would want to filter IIS logs to remove data from certain IP addresses.
    I can see customers wanting to use this type of functionality when the costs of data start to pile up.

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. Ability to open multiple panes when troubleshooting

    When troubleshooting, I want to keep each pane open that I bring up rather than drilling down and losing original search pane.
    Typically when I troubleshoot, I have multiple panes open, for example on a server I may have the event log, perf mon and Bing search open. When I use AOI, I may find a useful bit of info but then lose that screen when I look for something else.
    I would like the ability to resize and snap upto 4 different search screens on one page or be able to snap a view into another browser window. This…

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Browser Support  ·  Flag idea as inappropriate…  ·  Admin →
  9. Data Retention Intervals By Data Type

    Would like to request a data retention interval by data type (Similar to what is done in SCOM.) Specifically, the ability to set retention timeframes on "Performance Data", "Event data", and "Analytic Data."

    112 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Intelligence pack for operations manager assessment

    Operation managers Health and assessment will be a good report with which we can review and identify how the SCOM monitoring system is monitoring the systems.

    Management Servers are already connected to Azure Ops Insights to send the data ,so collecting this information should be easy.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Allow customization to point to team specific knowledge base along with the customer support.microosoft.com site

    Currently the product points to the knowledge base which is at support.microsoft.com,instead of that if that can be reconfigured so as it can be pointed to some customized knowledge based solutions.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Collect IIS Advanced logs

    Allow the collection and addition of custom fields using advanced logging or custom IIS modules. Example is to add x-forwarded-for to IIS logs in W3WC format.

    259 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Collect HTTPERR Logs in addition to IIS Logs

    I see that someone already suggested IIS Log inclusion, another log source leveraged in IIS is the HTTPERR Log which compliments the IIS Logs and provides the bigger picture of IIS health
    [edited title, separate scope]

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We are doing work on at the moment on custom fields – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-or-xpath-to-pe – which represents a stepping stone to allow custom data types into the system.

    The first iteration will only extract new (per tenant) fields for existing types, but later we need to address also the collection/gathering aspect (i.e. is your custom data already in azure? http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc or is your data something that comes from an existing log – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files) to allow customers to define what logs you want, where they are, how do they look, how to parse them, etc.

    Basically, we might or might not address this item as an out of the box ‘solution’ but the current thinking is to leave it open until the generic platform capabilities can support it (this and any other logs, at that point).

  14. When pivoting from results of Measure count() queries that use INTERVAL (based on field TimeGenerated) drill down query returns no result

    REPRO steps:
    Do a query like Type:Event | Measure count() interval 1DAY; the grouped results you get back will have TimeGenerated as the first field.... but the row in the table really represents a time RANGE/interval
    When clicking on a group, the resulting query becomes something like Type:Event TimeGenerated:"2014-02-25T20:04:39.234Z" - this yelds no results because the TimeGenerated is really just the BEGINNING of the '1DAY' interval.

    How it should work:
    backend API should provide more information back to the caller, such as
    - informing that this group is not based on a fixed string value (like in many other cases…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow me to choose the 'width' of each time bar in 'results over time' facet / time control

    Now it automatically adjusts - i.e. when looking at 7 days, each bar becomes 6 hours. It would be nice to decide what interval to choose.
    6 hours is an odd interval. If I am looking at 7 days I would rather see how many of those results are there each day/24 hrs intervals/buckets.
    If I am querying 1 or 2 days, I probably want to see a hourly breakdown.

    The idea is to offer a drop down to allow selecting specific aggregation intervals.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,

    Thanks for offering this feature. Currently the plan is to upgrade the portal with many new features, the timeline is being re-designed as part of it.
    Until that, I can only recommend you to use the query to generate charts that describe this in the manner that fits your data best.

    We’ve recently upgraded the query language. Here’s an example of the new syntax, using 3-hour bins over the last two days of events:
    Event
    | where TimeGenerated > now(-2d)
    | summarize count() by bin(TimeGenerated, 3h)
    | render timechart

    Regards,
    Noa

  16. Need more status update than "let it run overnight" "wait several hours"

    Need more status update than "let it run overnight" "wait several hours". It would be great to get additional status. For example: we've successfully connected to your onpremise System Center server. OR you need to setup a connection before we can pull data. OR we're currently pulling data (1GB out of 10GB).

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

    There are a few different requirements and different things that can happen for each intelligence pack. Some of that troubleshooting needs to be done on-premises (the service doesn’t know what it has never seen…). Refer to our troubleshooting blog post for the latest http://blogs.technet.com/b/momteam/archive/2014/05/29/advisor-error-3000-unable-to-register-to-the-advisor-service-amp-onboarding-troubleshooting-steps.aspx

    Nevertheless, onboarding has been greatly simplified (a few times, leading to GA of the service) in the last year, including the introduction of the ‘Settings’ tile (hub), and the scale of the service has improved to deal with higher data rates (not making you wait too long, basically, see this http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519343-real-time-near-realtime-data-collection ).

    We think we are in a much better place than when you filed this idea, do you agree?

  17. Business Service / Distributed Application health from SCOM

    I would like to be able to provide a summary for a business service. For instance, if I had a 3 tier distributed application defined in Operations Manager, report on configuration, performance, security against the DA.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    This isn’t really a prioritized scenario at this point, as we don’t really bring all of the OpsMgr data to the cloud, but only for specific scenarios (to which you can opt in/out by adding/removing ‘intelligence packs’).

    I updated the category of this idea to match it is a new Intelligence Pack/scenario suggestion.

  18. A column should be added next to the top latency to show top throughput (IOPS).

    Under direct attached storage tab it would be helpful to have another column of servers that show the top throughput list. Perhaps anpther column showing lowest would also be helpful.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Capacity Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add time control to 'overview' page and respect the time selection consistently across scenarios

    I had a lot of confusion over how the Malware tile shows the worst status of last 7 days and neither indicates this in the view nor can be configured with either fewer days or current status. Only by going to the detail pane and selecting a shorter time frame can you see the near-term status. It would be OK if the top level tile said "worst state in last 7 days" and even better if the top level tile saved my preference for example "worst state last 24 hours".

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

    If you notice the more recent IP’s are starting to provide information with what time the data refers to. There might never be a ‘global’ time window that all scenarios can snap to, but we are trying to make the tiles more informative as to what period they are showing.

    Also in ‘my dashboard’ (where there IS a global time selector) you will have to deal with the time dimension, which can’t always be global – see the consideration that Stas wrote on his blog here https://cloudadministrator.wordpress.com/2014/10/19/system-center-advisor-restarted-time-matters-in-dashboard-part-6/

  20. reset all counters and data / empty the account / force grooming

    Currently I'm testing our QA environment in SCA and it would be nice when I'm ready to start moving our production gear over to have the option to reset/delete all data as opposed to closing the account, typing in a reason why, and then setting everything back up.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Real-time cleanup would be expensive in the current architecture. When you close the account, data isn’t deleted immediately, but within several days (detailed in the terms of service and/or privacy statement), as part of grooming.

    Right now you’d have to close and re-open account for this.

    Anyhow I am leaving the idea open, but we feel that at this point this is a ‘nice to have’ – not a critical one – and would take many cycles and resources from doing much higher priority work.

  • Don't see your idea?

Feedback and Knowledge Base