Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Skip operator for Query Search

    Old version Log Analytics has 'Skip' operator.
    But now, New version of Log Analytics Query does not have 'Skip' operator.

    I want this feature.
    Because when we use Query via REST API, for limitation about Log Analytics API, we cannot download all logs at one time.
    So, we must execute API many again and again.

    If there is 'skip' operator, I can use 'skip' and 'limit' for repeat.
    Now because there is no 'skip' operator, I don't get log from Log Analytics via REST API.

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  2. 'render timechart' should support logarithmic y-scale

    Currently I need to manually exclude one series that has especially high values from my timechart. It means that the automatic scale has a very high max which means that the other series are not easily viewable.

    I'd like a parameter to 'render timechart' that lets me specify a log y scale, it will help all series to be visible.

    It's a fairly common feature in data visualization generally.

    I actually want this for Application Insights Analytics (https://feedback.azure.com/forums/357324-application-insights/suggestions/14110047-add-logarithmic-scale-to-charts). I'm not sure the right place for these requests now that there is standard Log Analytics Query Language.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  3. Save Column Selections Along With Queries/Favorites

    The log search and ability to save queries/favorites is looking good. However, please include the column filters, column positions, and Display Time setting in the saving of queries, so that each time we return to a saved query we don't need to re-configure all of those settings to achieve the desired view. Thank you!

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support conversion and formatting functions in the search language

    There should be option in the search language to convert metrics. For example If I want to convert Bytes to Gigabytes that should be possible in the search language. Other examples are in converting time to specific format (shorter time format, adding timezone and etc.)

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add a keyboard shortcut to comment / uncomment the current line in the query editor (like CTRL+K in VS)

    There already is a shortcut that allows to run the query (Shift+Enter), which is great.
    A shortcut to toggle wheter the current line is a comment or not (by adding / removing "//" at the beginning of the line) would be great and save a lot of time while editing queries / functions.

    Similar to the shortcut VS or any other IDE: https://blogs.msdn.microsoft.com/zainnab/2010/04/13/comment-and-uncomment-code/

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow to search for 'parts' of a datetime field

    real world scenario: I need to analyze my alerts distribution by time windows (i.e. how many of them overnight vs during the day) and based on week day (how many on Sunday, Monday, ...)
    I think this scenario can be applied to every data source you have. To do that we need to be able to query on parts of the datetime fields.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    I have this capability on my query language improvement backlog already. I would like to allow folks to search via local time (instead of ISO UTC time) and use keywords like Sunday, 6PM, etc.

    This is currently behind JOIN, Regex, DEDUP, and search time custom field extraction.

  7. Save Time frame Scope

    Save time scope along with query, so we don't have to adjust in the GUI each time we click on a saved query. This should also apply to dashboard elements, so we don't end up with "half" graphs when you have limited TimeGenerated.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  8. Import groupings from SCOM

    Import already existing server groupings from SCOM for access in the Log Analytics or the pre-built assessments

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow us to filter deduped data set (* | dedup * | where ??)

    Ok now with dedup we can almost achieve the "last data point by Computer" scenario, but we cannot use where after dedup as in: Type:Heartbeat | dedup Computer | where TimeGenerated < NOW-10MINUTE
    Just add the ability to use "| where" to process the deduped data set.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  10. Increase number of distinct results for measure command (limit 100)

    Today measure command only support 100 distinct results. It´s a risk that alerts created with measure command don´t give correct results because of this limit. Now the first top 100 results is sent to measure.

    From documentation:

    Second, Measure count currently returns only the top 100 distinct results. This limit does not apply to the other statistical functions. So, you'll usually need to use a more precise filter first to search for specific items before you apply measure count().

    https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-log-searches#use-the-measure-command

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  11. Minify on W3CIISLog

    Minify works great for logs. Specifically we would like to get REST endpoints our of the csUriStem

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  12. custom field based on regex

    sorry if this has been asked I searched but could not find anything similar.

    would love to be able to create a custom field based on a regex. Like I have csUsername as a field but I want to know the domain of the users not the email address, the stuff after the @ is this possible or are you working on it.

    love oms so far,I hopefully I didn't miss something

    ps this doesn't need to be a regex could be things like split,trim,end, lastindexof, etc..

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  13. Change a saved search (hassle free)

    Add the ability to change a saved search, without having to remember the exact same name and group to override the existing query. At the same time a rename function would be nice.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  14. custom field based on regex

    sorry if this has been asked I searched but could not find anything similar.

    would love to be able to create a custom field based on a regex. Like I have csUsername as a field but I want to know the domain of the users not the email address, the stuff after the @ is this possible or are you working on it.

    love oms so far,I hopefully I didn't miss something

    ps this doesn't need to be a regex could be things like split,trim,end, lastindexof, etc..

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add "render" option for query language

    Can we please have an option to display search results into different types of graphics? Similar to Kusto (or Application Insights Analytics) which has an option to render the search results into different graphics.
    For example:
    requests
    | where timestamp >= ago(24h)
    | summarize requestCount=count() by client_CountryOrRegion
    | order by requestCount desc
    | render piechart

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability for Searchs to Have Titles

    When I click on the "Locked-out Accounts" view from the Security IP, I am brought to the search section. There is no way on this page to tell what I am looking at without analysing the search. In the search bar it shows "EventID=4740" but who in their right mind has every event id memorized. There should be a title that shows I clicked on "Locked-out Accounts".

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback.

    This is similar to the behavior the mobile app has for ‘saved searches’ – they do show the title there.

    Coded drill-downs today don’t carry a title across pages, and changing this has an overall impact on the breadcrumb code, most likely – see this other idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519263-moving-across-pages-needs-to-be-seamless-clickable

    Keep in mind that the default drill down pages are meant as a convenience: once you identified a search you care about, you can SAVE it to your Saved Searches, and pin it on your own dashboard – those tiles in dashboards have a title (=the name of the saved search).

  17. Improve Log Search UI and and Results

    I would like to see the following:
    - Larger query input field
    - Tabs
    - Table result column filtering
    - Table rows expand to show full results
    - Table scrolls horizontally so that you can actually read the data when there area lot of columns
    - More "Last" time slices (Last 15 min, Last 30 min, Last 1 hour, etc...)
    - Column selection mechanism in UI (drop down with checkboxes instead of having to | select x, y, z)

    Analytics for App Insights has all of these features, and I constantly find myself wishing Log Search had them

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  18. Query auto correction

    auto correction when typing a query.
    e.g. "Type:SecurityEVent" (wrong capital 'V') will be auto corrected to "Type:SecurityEvent"

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  19. Portal site Localization

    Now, OMS portal site is not localized to other languages.

    such as assessment intelligent pack, it has useful information, but many customer (in Japan) cannot understand English information...

    Please localize portal site to famous language.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  20. Create your own custom time ranges (i.e. last 26 hours)

    Create a personalized standard date / time filter:
    i.e. last 26 hours: 24 hours + 2 hours in which you can perform your daily checks, making sure you never miss out any log info while not having to manually customize every check

    Context:
    I perform daily checks in the first two hours of my working day: now I have to manually set the search window to make sure I don't miss out any data. (like today I checked 9AM, but yesterday 8AM, with 24 search i'll miss one hour)

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base