How can we improve Azure Log Analytics ?

Make the pricing tiers more granular (broken down by solution)

Today the free tier is based on GB/day of data uploaded. If you turn on certain Solutions in the Gallery (Security, Log data), you can exceed these tiers with a 2 computer lab very easily. This will make it hard for prospects to evaluate the product successfully. I think you it would be better to break down the free tier into per-solution limits, so that individual solutions could support an appropriate amount of data for free that would allow for evaluation of those solutions in a small lab environment while looking at other solutions as well. That would be a better solution than simply increasing the free tier limit because it would keep each solution's value limited while under the free tier. Figuring out the actual cost is a headache that you shouldn't have to worry about until you're ready to go beyond free.

13 votes
Vote
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
You have left! (?) (thinking…)
Kirk Munro shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Danny commented  ·   ·  Flag as inappropriate

    If the pricing tiers are broken down by solution and are consistent across all solutions this would help to also make the solutions required more cost effective.
    E.g. If we are looking at providing a security offering using the Security and Audit solution, I think that the Change Tracking solution fits in with this. However, when I enable Change Tracking I need to add an automation account which adds the automation and control category and I need to change pricing to per node. This makes the cost of adding a single solution very expensive and detracts from our ability to justify/implement Log Analytics.

  • Neil G. commented  ·   ·  Flag as inappropriate

    Note: Having better pre-filtering of data for the security solution would help with this.

    Also having a simple assessment - for each log that is about to be utilized, first run a volume check based on count of events in the log for prior 24 hours and prior 168 hours - if there are more than X then WARN before deploying solution on that computer.

Feedback and Knowledge Base