Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Log Analytics -> Logs (Preview) blade needs Saved Searches-like feature

    The current "Logs" blade is pre-populated with "A few more queries to try" and heavily pre-populated "Saved Searches" for common queries. This UI feature was critical to my understanding of log queries. If the new "Logs (Preview)" blade is to supersede the current "Logs" blade: please bring over a similar each to find and use feature.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow updating Analytics queries for existing dashboard tiles

    Creating a Azure Portal Dashboard tile based on an Analytics Portal query is super easy. But changing the query later on requires to re-create the whole tile.
    There should be a way to click on the tile, modify the query and then cklick on "Save" to simply modifiying the query and updating the Dashboard tile.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  My Dashboard  ·  Flag idea as inappropriate…  ·  Admin →
  3. 6 hours SLA on indexing custom log data is a very long time to alert on

    According to this article https://azure.microsoft.com/en-us/support/legal/sla/log-analytics/v1_1/ SLA on indexing log data might take up to 6 hours. OMS has built in alerting that allows you to trigger actions within 5 minutes of data arrival. But if indexing takes more than 5 minutes - then what's the point of creating alert that might trigger on something that is no longer a problem, or not trigger at all if there is real problem. What is the average data indexing time? Log Analytics would be much more useful and have many more applications in real world if that indexing time is much lower. 6…

    364 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We have recently published an article – https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-ingestion-time that details various aspects of data ingestion time for Log Analytics, and clarifies distinction between the financially-backed SLA and our Service-Level Objectives. In fact, the typical latency to ingest data into Log Analytics is between 3 and 10 minutes, with 95% of data ingested in less than 7 minutes.

    We are also actively working to bring this latency down even further, and many customers already report that they experienced a significant improvement, but more is coming.

  4. Allow for performance data to be monitored by the VMware solution

    Add the possibility to monitor performance data as well in VMware environments, both for the hosts and for the VM´s.

    Examples for what I would want to look at with the solution;
    * Are there any snapshots? If so, what´s the size and age of these?
    * Show information about the datastores connected, both the size and usage details (free space, used space etc.)
    * Host CPU and memory utilization
    * VM CPU and memory utilization

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Upgrade the version of the ruby bundled with the Linux oms agent

    A lot of FluentD plugins depend on the activesupport gem, which in turn depends on a Ruby version >= 2.2.2. This Ruby version in particular solves a nasty security bug related to SSL.

    The OMS agent bundles a Ruby interpreter version prior to 2.2.2, which prevents us from using a lot of useful fluentd plugins.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Custom Logs (import and delete) and add custom timestamps

    One amazing idea is create custom fields on custom log sample process. Another good idea is add more timestamp samples (like ISO 8601 format, YYYYMMDDThhmmss.fffK where YYYY: Year, MM: Month, DD: Day in month, T: Delimiter, hh: Hour, mm: Minutes, ss: Seconds, fff: Milliseconds, K: Time zone offset) or add the possobility to create a custom timestamp.
    It will be possible delete some imported custom logs to make some tests?

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We’re planning on allowing you to import/export Custom Logs & Fields via the UI & ARM Templates. We’re currently implementing the ARM support today for most of Settings in OMS.

    Thanks for sharing some of the timestamps you need. Feel free to e-mail them to me here: evanhi(at)microsoft.com

    We’re actively planning way for you to specify timestamps yourselves.

  7. Microsoft System Center Advisor Advanced Threat Analytics events

    The MP Microsoft System Center Advisor Advanced Threat Analytics events seems to try to collect events from the Microsoft ATA event log on all your servers, but that event log only exists on the ATA center and GW servers. Result is unhealth SCOM management Group and event ID 26005 is logged in the OpsMgr event log saying The Windows Event Log Provider was unable to open the Microsoft ATA event log on computer <computer name> for reading.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. Provide the ability to add an Operations Management icon to the main screen.

    OMS has a different portal. It provides access to server data. This needs a link to open that other portal. Best case would be to integrate the portals so the icons from OMS will show on this Azure portal.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Target Solution packs to group of computers/data centers

    I don't want to use *ALL* solution packs on *ALL* onboarded servers. At the moment the only workaround is to create workspaces by solution pack and maintain your server list by solution packs.

    1) While Adding a Solution; optionally specify groups to target. (e.g. All; only this group members or All groups except members of this group)
    2) Track data/$$ by solution pack and by servers/user defined groups. This can be used to Alert when a SP or computer/group consumes more than expected-->trigger runbook to unload SP on the server.
    3) Configure data flow by restricting (Servers; solutions;group of servers;…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Import custom xml .net app logs

    Custom Log import. We have some .net applications that write error logs to a .xml file and we would like to be able to import and parse those logs.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Provide More Detailed Status when setting up AD Replication Status. Direct Download link for AD Status Replication Intelligence Pack.

    Provide More Detailed Status when setting up AD Replication Status. If error return an error code to web GUI from the server event log. A troubleshooting link or prerequisites to get this feature working. I can pull in Assessment and Auditing data from all of my domain controllers but this does not work. I believe it is related to this error I am now getting in my Event Logs. An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {45FB4600-E6E8-4928-B25E-50476FF79425} was rejected errors.

    A direct download link to the AD Status Replication Intelligence Pack might…

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  AD Replication Result Solution  ·  Flag idea as inappropriate…  ·  Admin →
  12. collect solution data only from some servers

    When I activate the WireData solution because I want to see the data from 10 Servers, the solution will collect data from all Servers.

    Allow to define from which Servers i want to collect which data.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Multihome agents

    It would be fantastic if we could multihome agents to various workspaces.
    Right now we use the SCOM agent to connect to OMS, which means one OMS workspace. But we would like to have multiple workspaces depending on type of server (eg Production servers, Dev servers, application servers etc).
    I understand we can multihome OMS to different workspaces by multihoming the SCOM agent to different SCOM management groups, but having an entire management group set up just so agents can talk to different OMS workspaces is like swatting a fly with a sledgehammer.
    Even if we can manually configure each…

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. "incoming connections" recommendation should not be made on non-Azure instances

    I get the "Configure SQL Server to accept incoming connections" recommendation for all of my instances, despite none of them being in Azure. It would be preferable to only get this recommendation on Azure as it does not apply otherwise.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  SQL Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  15. Wiredata is consuming too much CPU after Sep 15th update

    Huston we have a problem. The wire data update on Sep 15th caused my production systems monitoring hosts to basically use one CPU core. I had to remove wire data IP. I can share more data and dumps if needed.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Wire Data Solution  ·  Flag idea as inappropriate…  ·  Admin →
  16. Owner in Alert IP

    Add Owner field to alerts - would be great for management to see, who is having problems with resolving alerts :)

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support conversion and formatting functions in the search language

    There should be option in the search language to convert metrics. For example If I want to convert Bytes to Gigabytes that should be possible in the search language. Other examples are in converting time to specific format (shorter time format, adding timezone and etc.)

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  18. Update the recommendation solutions to reflect that On-prem machines might be used

    My systems running the OMS agent are all local and on-prem in my envrionment. And yet, most of the copy in the solutions refers to them as Azure machines.

    I think this copy could be updated to reflect the fact that many people will use OMS as an SCOM alternative to manage machines that might be on-prem or off. Any explicit references to 'Azure' when refering to infrastructure strikes me as legacy text that should be updated.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  SQL Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  19. inefficient sql queries

    Give a report/recommendation in the SQL assessment IP for inefficient queries.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  SQL Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
  20. Log Filtering

    I want to be able to filter stuff I don't want to collect in logs. For example with ACS (in SCOM) I could apply filters that didn't collect system logins. I would like this functionality in all logs, for example I would want to filter IIS logs to remove data from certain IP addresses.
    I can see customers wanting to use this type of functionality when the costs of data start to pile up.

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base