Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 330 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Provide an Intelligence Pack for System Center Service Manager

    Create an intelligence pack for System Center Service Manager to provide additional analytical data for problem management, incident analysis, and configuration item analysis.

    275 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. StorSimple Management from OMS

    Could it be possible to add StorSimple to the OMS dashboard? I would like to see monitoring, usage, updates and snapshots from within the dashboard.

    274 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Collect IIS Advanced logs

    Allow the collection and addition of custom fields using advanced logging or custom IIS modules. Example is to add x-forwarded-for to IIS logs in W3WC format.

    235 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Collect IIS Logs from Windows Azure Diagnostics storage (WAD) for Azure Web Sites

    Azure WebSites write to WAD in a different folder structure. The work of this other idea http://feedback.azure.com/forums/267889-azure-operations-insights/suggestions/6519377-collect-iis-logs-from-windows-azure-diagnostics-st enables reading those IIS logs for Azure Cloud Services (i.e. web role instances) but not for Azure Web sites.
    This new idea is for the latter scope.

    169 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Cloud Services / Virtual Machines write with a different container/folder structure in Azure blob than Azure WebSites. Our current ingestion processes the former, not the latter.

    Anyhow, also consider the ‘generic’ idea of a platform feature to ingest your own logs http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc

  6. One Overall OMS Dashboard integraded with SCOM - Cisco Prime -Solarwinds

    Lot of Enterprise organizations have Multi monitor environment Like Microsoft SCOM for Servers in the Datacenter, Cisco Prime for network infrastructure like WiFi and SolarWinds for Network components. Monitoring from outside to inside like Microsoft OMS could be the Service in the middle and make One single Dashboard for the Business, but also for IT Pro's.

    156 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks you for taking the time to provide this feedback. We are looking at developing a centralized alerting view which will support monitoring tools like Nagios, Zabbix, Solarwinds. If you are interested in participating on the private preview of this solution please email me.

  7. Expand Data Retention for Security and Audit IP

    Provide to ability to expand the data retention to 3-8 years. Some customers do have compliance rules to save their security related data for 8 years. When this could be accomplished we move our ACS implementations on premise to OpInsights.

    153 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  8. Show Contextual data such as CPU and RAM for servers

    When I click over a list that shows servers and select a given server from the list it would be nice to get a quick overview of the system. Such as OS SKU, CPU, RAM, Disk Free and so on.

    127 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    We have not forgotten about this but this is a multi-faceted feedback that expresses a desire (show me/let me pivot to contextual data), but besides the graphical interaction we need to bring the right capabilities and the right data types to the platform first.

    A first step in this direction is the common ‘Computer’ field – http://feedback.azure.com/forums/267889-azure-operations-insights/suggestions/6519266-unify-standardize-computer-field-across-intellig
    that allows you to pivot from one data type to another, and to join different data types thru sub-searches http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519234-filter-groups-of-computers-thru-subqueries-in-n
    (which anyhow are generic and work with other fields too)

    We are starting to discuss what a UX for ‘context’ could look like, but we are not finished with bringing in new data types to make that really compelling :-)

    One example of such ‘context’ is in the form of tracking configuration changes – http://feedback.azure.com/forums/267889-azure-operations-insights/suggestions/6519185-need-configuration-change-tracking-solution-softw so you can move from a troubleshooting scenario (capacity or events) to a ‘context’ of what has changed…

  9. Custom Log feature for log rotate

    Now, Log Analytics can not collect custom log which file is rotated by log rotation.
    But log rotation is necessary for collection log on OS.
    So, for mitigation we cannot unable to turn off log rotation.
    So, I request to add new request about Custom Log for collecting Log Rotation files.

    125 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. BizTalk Server Intelligence pack

    Create an Intelligence pack for BizTalk Server, something similar to BizTalk Server 2013 Monitoring Management Pack:

    - Application Views
    - Application Artifacts Views
    - Deployment Views
    - BAM Component Views
    - BAM Alerts
    etc

    As a MS partner company we have several customers very interested in this feature!!

    122 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    That’s a quote a lot of votes from a bunch of new users in a very short time, although 9 people are from the same two companies and 7 other are anonymous, and a few other ones. Let’s see how generally applicable/widespread the demand is.

    Also see the comment from Daniele M. below for general considerations about monitoring scenarios.

    Let’s also clarify (this is not clear in the request): is the request to support:
    a) ‘traditional’ on-premises BizTalk
    or
    b) Azure BizTalk services
    ?

  11. Populate ComputerIP field with agent manager Computer IP address

    ComputerIP is populated with the IP Address from which Azure Log Analytics is receiving data. For nodes behind a firewall/proxy or OMS Gateway this mean to have the external IP Address of the proxy.
    ComputerIP must contain IP(s) information collected by the Agent on the computer hosting it to enable Compliance and Security Scenario on the console.
    RemoteIPAddress could be added as the External IP address for proxy based agents or will contains the same address of the ComputerIP for agents not behind a proxy/firewall/Gateway.
    This have a serious impact on compliance in the actual implementation.

    100 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Collect Azure Storage Logging files

    On Microsoft Azure you can enable Azure Storage logging. The logging information is saved in a $logs container in your StorageAccount. It would be great if we can add this log information to OpInsights. More information about how you can enable this type of logging: https://msdn.microsoft.com/en-us/library/azure/dn782840.aspx

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Collect data from custom containers in storage account

    We are trying to use appinsights and trying to export that data to the storage container. In the current version of OMS we want to configure custom storage container from where the logs/application data must be read for doing Alert Management.

    Thanks
    TJ

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →

    Yes in the future we would like to enable this, but it needs work to define your own schema and fields first – not just their location.

    This general work is also needed for ‘generic’ log collection i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files

    Also, for doing ‘alerts’ you need to be able to create those alerts – check this idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-long-running-saved-searches-or-scheduled-that-ca

  14. Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

    Alerting TimeWindow limitation of 24-Hours makes Alerting useless. Shoud really match the retention for LogAnalytics!

    Is there a way to come around some major limitations when creating Alerts? The biggest problem is the Time Window restriction. This restricts us from searching in data older than 24 hours when creating an alert. I expect a record for a custom MessageType
    to arrive once a week, i am not able to create an Alert if this message does not appear as expected.
    The retention days for OMS Log Analytics is minimum 31 days according to this article: https://blogs.msdn.microsoft.com/…/change-oms-log-analytic…/
    Why do we then…

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  6 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow variables from saved search in email subject

    It would be helpful if you could dynamically add the variables (from saved searches - such as computername) to the subject line of email alerts.

    The reasoning behind this is in our ticketing system we want the computer name to be immediately visible for an OMS generated alert. We are currently hardcoding the searches per computer however with the amount of servers we manage we are hitting the saved search limit of 250.

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Alert Management Solution  ·  Flag idea as inappropriate…  ·  Admin →
  16. Collect ETW Trace Logs

    Windows Events collected today are only from the 'classic' NT-style eventlogs (Application/System) as well as from the Crimson logs (Vista and above) that are saved in ETVX format.

    It would be nice to enable collection of ETW Trace Logs too (.ETL), like /Analytics and /Debug logs.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Add Office365 as monitoring object

    I would like to have an Office365 IP. For example, I would like to monitor the mailflow. If no mail is comming in for a few hours, I need a warning that there might be something wrong.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. Make the OMS agent work on Linux with ARM architecture

    Since there are devices like Raspberry PI with ARM architecture, it would be great if you provided binaries for ARM based Linux systems as well. Currently, I am unable to run the agent on Raspberry with Raspbian despites the tutorials available on various sites.

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. 49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Here the requirement is clear/obvious. We just have not prioritized this work yet.

    The overall ‘performance’ data collection needs to be refined – not just for Linux.

    Right now we only collect/provide hourly aggregates of some specific performance counters related to HyperV for the ‘Capacity Intelligence Pack’ scenario.

    Real time monitoring scenario might need some different shape of performance data to start with, before we enable this for Linux or for Windows alike, i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519061-collect-custom-windows-performance-counters

  20. Add support for SQL Databases

    To complete the monitoring scenario with PaaS services in Azure we will value the possibility of adding Operational Insights for Azure SQL Database to help to detect complex escenarios and points for improvement (most heavey queries, concurrency, use of the performance tiers, DTUs, in my apps, detect cpu consuming queries, RAM consuming queries, etc.).

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
← Previous 1 3 4 5 12 13
  • Don't see your idea?

Feedback and Knowledge Base