Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add copy and paste in Windows Phone app

    Add copy and paste for Search query in mobile app.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →

    Will forward to the mobile app team. You mean in the ‘search’ query editor you can select but you can’t copy/paste, right?

    The best way at this stage is to, however, compose and save your ‘saved searches’ in the portal and then use them. the query editor on mobile is meant for quick ad-hoc modifications, not full scale editing :-)

  2. Chargeback Intelligence Pack

    Get chargeback with On Premisse System Center is not easy because you need to install SCSM or get third software. Why not get chargeback reports trough Azure Operational Insights?

    Obs.: Sorry for the poor english.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. BizTalk Server Intelligence pack

    Create an Intelligence pack for BizTalk Server, something similar to BizTalk Server 2013 Monitoring Management Pack:


    • Application Views

    • Application Artifacts Views

    • Deployment Views

    • BAM Component Views

    • BAM Alerts
      etc

    As a MS partner company we have several customers very interested in this feature!!

    125 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. User interface / owned - not owned

    Make it more intuitive which packs have been added and which have not. There is just the label "Owned".

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    ‘owned’ currently means ‘added’ to this workspace.
    We got the term for consistency with how it says in the Windows Store, but there is no concept of a ‘user’ acquiring an IP and then adding it to the workspace(s). You always just add it to the workspace and that’s it.

    But we’ll consider a better/clearer terminology if this is unclear, thanks for the feedback.

    You seem to like just ‘Added’?

  5. 12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  6. Health View

    Would be nice to have a health view of the systems in our environment so that we can click on a server or component and see the health. This would be hugely beneficial for us.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. iPad Friendly App

    Provide iPad Friendly App to access Operational Insights

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  8. Android Tablet friendly App

    Provide Android Tablet friendly App to access Operational Insights

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Mobile App  ·  Flag idea as inappropriate…  ·  Admin →
  9. Collect ETW Trace Logs

    Windows Events collected today are only from the 'classic' NT-style eventlogs (Application/System) as well as from the Crimson logs (Vista and above) that are saved in ETVX format.

    It would be nice to enable collection of ETW Trace Logs too (.ETL), like /Analytics and /Debug logs.

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Log Filtering

    I want to be able to filter stuff I don't want to collect in logs. For example with ACS (in SCOM) I could apply filters that didn't collect system logins. I would like this functionality in all logs, for example I would want to filter IIS logs to remove data from certain IP addresses.
    I can see customers wanting to use this type of functionality when the costs of data start to pile up.

    89 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Ability to open multiple panes when troubleshooting

    When troubleshooting, I want to keep each pane open that I bring up rather than drilling down and losing original search pane.
    Typically when I troubleshoot, I have multiple panes open, for example on a server I may have the event log, perf mon and Bing search open. When I use AOI, I may find a useful bit of info but then lose that screen when I look for something else.
    I would like the ability to resize and snap upto 4 different search screens on one page or be able to snap a view into another browser window. This…

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Browser Support  ·  Flag idea as inappropriate…  ·  Admin →
  12. Intelligence pack for operations manager assessment

    Operation managers Health and assessment will be a good report with which we can review and identify how the SCOM monitoring system is monitoring the systems.

    Management Servers are already connected to Azure Ops Insights to send the data ,so collecting this information should be easy.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Allow customization to point to team specific knowledge base along with the customer support.microosoft.com site

    Currently the product points to the knowledge base which is at support.microsoft.com,instead of that if that can be reconfigured so as it can be pointed to some customized knowledge based solutions.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Collect IIS Advanced logs

    Allow the collection and addition of custom fields using advanced logging or custom IIS modules. Example is to add x-forwarded-for to IIS logs in W3WC format.

    310 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. Collect HTTPERR Logs in addition to IIS Logs

    I see that someone already suggested IIS Log inclusion, another log source leveraged in IIS is the HTTPERR Log which compliments the IIS Logs and provides the bigger picture of IIS health
    [edited title, separate scope]

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We are doing work on at the moment on custom fields – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-or-xpath-to-pe – which represents a stepping stone to allow custom data types into the system.

    The first iteration will only extract new (per tenant) fields for existing types, but later we need to address also the collection/gathering aspect (i.e. is your custom data already in azure? http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc or is your data something that comes from an existing log – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files) to allow customers to define what logs you want, where they are, how do they look, how to parse them, etc.

    Basically, we might or might not address this item as an out of the box ‘solution’ but the current thinking is to leave it open until the generic platform capabilities can support it (this and any other logs, at that point).

  16. When pivoting from results of Measure count() queries that use INTERVAL (based on field TimeGenerated) drill down query returns no result

    REPRO steps:
    Do a query like Type:Event | Measure count() interval 1DAY; the grouped results you get back will have TimeGenerated as the first field.... but the row in the table really represents a time RANGE/interval
    When clicking on a group, the resulting query becomes something like Type:Event TimeGenerated:"2014-02-25T20:04:39.234Z" - this yelds no results because the TimeGenerated is really just the BEGINNING of the '1DAY' interval.

    How it should work:
    backend API should provide more information back to the caller, such as
    - informing that this group is not based on a fixed string value (like in many other cases…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow me to choose the 'width' of each time bar in 'results over time' facet / time control

    Now it automatically adjusts - i.e. when looking at 7 days, each bar becomes 6 hours. It would be nice to decide what interval to choose.
    6 hours is an odd interval. If I am looking at 7 days I would rather see how many of those results are there each day/24 hrs intervals/buckets.
    If I am querying 1 or 2 days, I probably want to see a hourly breakdown.

    The idea is to offer a drop down to allow selecting specific aggregation intervals.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,

    Thanks for offering this feature. Currently the plan is to upgrade the portal with many new features, the timeline is being re-designed as part of it.
    Until that, I can only recommend you to use the query to generate charts that describe this in the manner that fits your data best.

    We’ve recently upgraded the query language. Here’s an example of the new syntax, using 3-hour bins over the last two days of events:
    Event
    | where TimeGenerated > now(-2d)
    | summarize count() by bin(TimeGenerated, 3h)
    | render timechart

    Regards,
    Noa

  18. Need more status update than "let it run overnight" "wait several hours"

    Need more status update than "let it run overnight" "wait several hours". It would be great to get additional status. For example: we've successfully connected to your onpremise System Center server. OR you need to setup a connection before we can pull data. OR we're currently pulling data (1GB out of 10GB).

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Workspace Settings / Administration  ·  Flag idea as inappropriate…  ·  Admin →

    There are a few different requirements and different things that can happen for each intelligence pack. Some of that troubleshooting needs to be done on-premises (the service doesn’t know what it has never seen…). Refer to our troubleshooting blog post for the latest http://blogs.technet.com/b/momteam/archive/2014/05/29/advisor-error-3000-unable-to-register-to-the-advisor-service-amp-onboarding-troubleshooting-steps.aspx

    Nevertheless, onboarding has been greatly simplified (a few times, leading to GA of the service) in the last year, including the introduction of the ‘Settings’ tile (hub), and the scale of the service has improved to deal with higher data rates (not making you wait too long, basically, see this http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519343-real-time-near-realtime-data-collection ).

    We think we are in a much better place than when you filed this idea, do you agree?

  19. Business Service / Distributed Application health from SCOM

    I would like to be able to provide a summary for a business service. For instance, if I had a 3 tier distributed application defined in Operations Manager, report on configuration, performance, security against the DA.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    This isn’t really a prioritized scenario at this point, as we don’t really bring all of the OpsMgr data to the cloud, but only for specific scenarios (to which you can opt in/out by adding/removing ‘intelligence packs’).

    I updated the category of this idea to match it is a new Intelligence Pack/scenario suggestion.

  20. A column should be added next to the top latency to show top throughput (IOPS).

    Under direct attached storage tab it would be helpful to have another column of servers that show the top throughput list. Perhaps anpther column showing lowest would also be helpful.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Capacity Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base