Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Option to select Resource-Specific with CLI, PowerShell and Rest API for collect resources logs

    Please add an option to select Resource-Specific with CLI, PowerShell and Rest API for collect resources logs.
    The documentation https://docs.microsoft.com/en-us/azure/azure-monitor/platform/resource-logs-collect-workspace#select-the-collection-mode shows it's currently not possible to select this destination with a script. So all logs will be stored by default to AzureDiagnostics and we can face some limits with the number of columns of the table.
    It's also recommended by Microsoft to select Resource-Specific target tables, but in our context, we need to be able to do it in an automated fashion. Thanks

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  2. Recursive Log Collection paths

    Recursive Log collection paths for Custom Logs

    This will help users like me with folders that have logs + subfolders with logs.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Enable configuration of multiple log analytics workspaces for linux agent

    Currently the log analytics agent for Linux only supports the configuration of one log analytics workspace. It'd be of advantage to be able to send the logs to multiple log analytics workspaces.

    We have a probably quite common setup among mid to large size enterprises that consists of hub(s) and multiple subscriptions connected to them. For Update Management we are utilizing Azure Automation which should be controlled through our hub(s). Azure Automation therefore requires to be linked to one log analytics workspace in the same subscription.

    At the same time the development / operations teams that make use of the…

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Please DO NOT RETIRE the demo site: https://portal.loganalytics.io/demo#/query/main

    For log analytics, there is a demo site: https://portal.loganalytics.io/demo#/query/main, which is very useful for testing purpose since it has a lot of data.

    And now I see it will be retired on September 2nd, 2019, please keep it alive.

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. DCR: powershell cmdlet to collect activity log across subscription in Log analytics workspace

    We have activity log solution here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/collect-activity-logs
    cx want to do the below steps by powershell command:
    - Configure activity logs to go to your Log Analytics workspace.
    - In the Azure portal, select your workspace and then click Azure Activity log.
    - For each subscription, click the subscription name.

    Currently we don't have any powershell commands to do the same, as I know, we have some powershell command to enable custom logs in log analytics, hence please also provide similar command to connect activity logs in workspace across subscription.

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Ability to see what resources support Resource-Specific Diagnostics

    Currently we aren't able to determine which resources support Resource-Specific Collection Mode. It is buried in the documentation for each resource: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/resource-logs-collect-workspace It would be gratefully beneficial to have a complete list seeing Microsoft is recommending users to switch to this mode for their resources where applicable due to the 500 field limit on the AzureDiagnostic Table

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Fix Operations Manager Health Service Modules Event ID 26007

    Operations Manager fails to collect events from the Windows Security Event log, because the EventLog service concludes the Security Event log is corrupt. The underlying reason appears to be corrupt events in the Security Event log generated by the Microsoft Monitoring Agent. See attached screenshot.

    I'd like some help troubleshooting this issue. Thanks.

    Marco

    Log Name: Operations Manager
    Source: Health Service Modules
    Date: 2/3/2016 3:36:30 PM
    Event ID: 26007
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer:
    Description:
    The EventLog service reported that the Security event log on computer '
    ' is corrupt. The Windows Event Log Provider…

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. sccm support\configuration manager

    connection for SCCM 2012 R2 so that we can see all hardware inv data on all managed servers

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. SharePoint ULS

    It would be great to be able to have a log type for SharePoint ULS logs.
    The Custom Logs is a great step in this process, but still seems clumsy.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Windows Server Cluster log collection.

    This would be invaluable in investigating failure issues and correlating them to external problems (ie, SAN problems)

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Windows Server 2003 and before were using TEXT log files http://support.microsoft.com/kb/168801

    Windows Server 2008 and beyond use ETL traces – http://blogs.msdn.com/b/clustering/archive/2008/09/24/8962934.aspx

    Also refer to these generic ideas:

    Text log files collection tracked here http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files

    Collection of ETW traces is tracked here http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6691402-collect-etw-trace-logs

  11. View surrounding logs

    Kibana has an amazing feature, where you can view surrounding logs to the current log that you are investigating.
    Could we get this in Log Analytics.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  12. TimeGenerated overwrite - Log Analytics HTTP Data Collector API

    Hi,

    I'm trying sent to OMS some logs with date and time (Like explained in https://azure.microsoft.com/pt-pt/documentation/articles/log-analytics-data-collector-api/) but i can't get TimeGenerated overwitted by log timestamp.

    I'm using JSON with "time-generated-field" to pass the String with Log data.
    Example:
    public static void PostData(string signature, string date, string json)

        {
    
    string url = &quot;<a rel="nofollow noreferrer" href="https://&quot;">https://&quot;</a>+ customerId +&quot;.ods.opinsights.azure.com/api/logs?api-version=2016-04-01&quot;;
    using (var client = new WebClient())
    {
    client.Headers.Add(HttpRequestHeader.ContentType, &quot;application/json&quot;);
    client.Headers.Add(&quot;Log-Type&quot;, LogName);
    client.Headers.Add(&quot;Authorization&quot;, signature);
    client.Headers.Add(&quot;x-ms-date&quot;, date);
    client.Headers.Add(&quot;time-generated-field&quot;, TimeStampField);
    client.UploadString(new Uri(url), &quot;POST&quot;, json);
    }
    }

    Can anyone Help me?

    Best regards,

    Hugo Faria

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Allow system exclusion for IIS logs

    Today the IIS log files collection is an all or nothing choice, I have customers that want to exclude specific systems from the collection thus keeping IIS logging enabled locally. Give us the chance to exclude specific systems from the collection.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Want VM inventory in Automation to collect SQL server edition

    May I have a request about the enhancement to the information reported on by Log Analytics in the VM inventory? Because currently it doesn’t include the SQL server edition. Thanks a lot !

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. Collect HTTPERR Logs in addition to IIS Logs

    I see that someone already suggested IIS Log inclusion, another log source leveraged in IIS is the HTTPERR Log which compliments the IIS Logs and provides the bigger picture of IIS health
    [edited title, separate scope]

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We are doing work on at the moment on custom fields – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-or-xpath-to-pe – which represents a stepping stone to allow custom data types into the system.

    The first iteration will only extract new (per tenant) fields for existing types, but later we need to address also the collection/gathering aspect (i.e. is your custom data already in azure? http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc or is your data something that comes from an existing log – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files) to allow customers to define what logs you want, where they are, how do they look, how to parse them, etc.

    Basically, we might or might not address this item as an out of the box ‘solution’ but the current thinking is to leave it open until the generic platform capabilities can support it (this and any other logs, at that point).

  16. Event Log Bug

    While using Internet explorer 11 On settings menu you cannot remove or edit Windows event logs you can do same task if you use chrome

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Integration with APM collection

    Add APM collection to log management

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. custom logs timestamp

    Please add this timestamp delimiter YYYY-M-D HH:mm:ss.

    Currently have logs in an application that use this and would like to gather the custom logs using this delimiter format.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  19. archive data

    Would it be possible to archive data back to on-premise once the data retention limit is hit - specifically with logs?
    Maybe a powershell do download everything.

    It would be handy for organisations that need to keep information longer than 12 months.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    In the future we will work on plans for higher retention policy.

    For the ‘export’ functionality, you might want to check the API idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519057-programmatically-submit-search-requests-and-receiv but, realistically, after you uploaded terabytes of data over a few months time… even the concept of downloading everything back at that point seems daunting.

  20. Duplicate computernames cause issues for performance metrics

    We have subscriptions that contain identical VM names in different resource groups. For most data events in OMS this is not a problem since they contain the ResourceID/Resourcegroup name.

    The problem is that for performance metrics no unique information is logged in OMS to distinguish between those VMs. This means for example that when a "Disk full" Alert is triggered from these metrics, there is no way to know from which resource this alert originates.

    Solution: please add resourceID to performance metrics, or at least the MMA agent ID.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base