Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SharePoint ULS

    It would be great to be able to have a log type for SharePoint ULS logs.
    The Custom Logs is a great step in this process, but still seems clumsy.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Windows Server Cluster log collection.

    This would be invaluable in investigating failure issues and correlating them to external problems (ie, SAN problems)

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Windows Server 2003 and before were using TEXT log files http://support.microsoft.com/kb/168801

    Windows Server 2008 and beyond use ETL traces – http://blogs.msdn.com/b/clustering/archive/2008/09/24/8962934.aspx

    Also refer to these generic ideas:

    Text log files collection tracked here http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files

    Collection of ETW traces is tracked here http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6691402-collect-etw-trace-logs

  3. Please DO NOT RETIRE the demo site: https://portal.loganalytics.io/demo#/query/main

    For log analytics, there is a demo site: https://portal.loganalytics.io/demo#/query/main, which is very useful for testing purpose since it has a lot of data.

    And now I see it will be retired on September 2nd, 2019, please keep it alive.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. TimeGenerated overwrite - Log Analytics HTTP Data Collector API

    Hi,

    I'm trying sent to OMS some logs with date and time (Like explained in https://azure.microsoft.com/pt-pt/documentation/articles/log-analytics-data-collector-api/) but i can't get TimeGenerated overwitted by log timestamp.

    I'm using JSON with "time-generated-field" to pass the String with Log data.
    Example:
    public static void PostData(string signature, string date, string json)
    {
    string url = "https://"+ customerId +".ods.opinsights.azure.com/api/logs?api-version=2016-04-01";
    using (var client = new WebClient())
    {
    client.Headers.Add(HttpRequestHeader.ContentType, "application/json");
    client.Headers.Add("Log-Type", LogName);
    client.Headers.Add("Authorization", signature);
    client.Headers.Add("x-ms-date", date);
    client.Headers.Add("time-generated-field", TimeStampField);
    client.UploadString(new Uri(url), "POST", json);
    }
    }

    Can anyone Help me?

    Best regards,

    Hugo Faria

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Allow system exclusion for IIS logs

    Today the IIS log files collection is an all or nothing choice, I have customers that want to exclude specific systems from the collection thus keeping IIS logging enabled locally. Give us the chance to exclude specific systems from the collection.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Want VM inventory in Automation to collect SQL server edition

    May I have a request about the enhancement to the information reported on by Log Analytics in the VM inventory? Because currently it doesn’t include the SQL server edition. Thanks a lot !

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. Collect HTTPERR Logs in addition to IIS Logs

    I see that someone already suggested IIS Log inclusion, another log source leveraged in IIS is the HTTPERR Log which compliments the IIS Logs and provides the bigger picture of IIS health
    [edited title, separate scope]

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We are doing work on at the moment on custom fields – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-or-xpath-to-pe – which represents a stepping stone to allow custom data types into the system.

    The first iteration will only extract new (per tenant) fields for existing types, but later we need to address also the collection/gathering aspect (i.e. is your custom data already in azure? http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc or is your data something that comes from an existing log – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files) to allow customers to define what logs you want, where they are, how do they look, how to parse them, etc.

    Basically, we might or might not address this item as an out of the box ‘solution’ but the current thinking is to leave it open until the generic platform capabilities can support it (this and any other logs, at that point).

  8. Color customization in log analytics chart

    A feature to customize the color of the charts should be available, as the default colors don't make any sense in many scenarios (green, blue, etc). Furthermore, when publishing the charts into a dashboard, the colors and chart shape are changed again (from pie to donut and from green and blue to dark blue and light blue).
    The ability to choose the colors should be added to the "render" method and consistency between the actual chart in log analytics and the published chart in the dashboard are very important features that should be available.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  9. Event Log Bug

    While using Internet explorer 11 On settings menu you cannot remove or edit Windows event logs you can do same task if you use chrome

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Integration with APM collection

    Add APM collection to log management

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. custom logs timestamp

    Please add this timestamp delimiter YYYY-M-D HH:mm:ss.

    Currently have logs in an application that use this and would like to gather the custom logs using this delimiter format.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  12. Duplicate computernames cause issues for performance metrics

    We have subscriptions that contain identical VM names in different resource groups. For most data events in OMS this is not a problem since they contain the ResourceID/Resourcegroup name.

    The problem is that for performance metrics no unique information is logged in OMS to distinguish between those VMs. This means for example that when a "Disk full" Alert is triggered from these metrics, there is no way to know from which resource this alert originates.

    Solution: please add resourceID to performance metrics, or at least the MMA agent ID.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Custom Logs - Remove header

    When i upload one log file to the Custom Logs it's possible Recognize /Delete the first line of this log?
    It could be important to reduce Custom Fields recognized on OMS

    Congrats,

    Hugo

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Custom Logs should include a File "name" or "path" property to indicate where it came from

    Similar to 'SourceSystem,' this could be called 'SourceFile' or 'SourcePath.' This field, which should be searchable, contains the full path of the collected log as the value.

    The existing field 'Type' does not suffice for this purpose- it doesn't scale well when defining custom logs with a wildcard. One 'Type' can have many individual logs. Without a searchable 'SourceFile' property, you wouldn't know where the logs came from, exactly.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. IP Trace (Country)

    I see remote desktop failures alot. Some Chiness hackers are trying to hack my Windows Virtual Machines. I see many differnt IP address and it is hard to find where or which country's ip address. It would be great there is embadded IP TRACE feature so that I can see where IP originate from.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Log Analytics - allow configuring different data collection settings per connected machine\agent in the same workspace

    for example: in a scenario where two windows machines are connected to the same log analytics workspace, provide the option to ingest windows performance counters data to the workspace only for the first machine (when both machines connected to the same log analytics workspace)

    This feature will be very useful when a customer needs to use a single workspace for different use cases, but willing to keep all the data in a single location, while preventing unnecessary data ingestion which will result in additional costs.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Import Application specific logs from Blob Storage or Table entries into Log Analytics for Azure Functions

    Import Application specific logs from Blob Storage or Table entries into Log Analytics for Azure Functions

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. Add realtime logging ( tail -f )

    My customers would like to see logging happening realtime, in case of a critical problem. Like they would typically achieve with 'tail -f' on Linux based systems.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Ability to upload logs on Demand and then remove them once analyzed.

    Support Scenario- Engineers ingesting “on demand”, any log from any server/customer they would like into a temporary/their workspace, querying them, working on the issue, and subsequently deleting the data when they are done.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    For ‘bring your own logs’ – Yes we would like to enable that – we need to first do work to enable per-workspace/per-tenant schema (types and their fields) definition – so you can define how to parse your own custom logs in the first place. See this item http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-or-xpath-to-pe

    Then – new types of logs or existing ‘known’ types that are already defined in the system – then comes the part of defining where do I find the log to ingest in the first place – would you store it in Azure storage, do you expect to ‘upload’ it via the portal on demand for troubleshooting? We have appetite for something like polling from a storage account (we do it for WAD already anyway) – but still mostly from an ‘ongoing’ pulling of data for warehousing or monitoring.

    Not sure about the removal part either – all our billing and…

  20. linux

    Could we see more documenation around the Linux OMS log forwarding function, and how to troubleshoot when things start to go wrong. I think this would be an excellent resource.

    I've been working with OMS, using a linux (CentOS7) based agent to forward syslogs events to my OMS linux agent, and having that host route the relevant log events into OMS.

    Having had some experience with logstash, I spotted that the architecture was based around fluentd, so I had a good grasp of what I was working with. I also have a decent level of unix experience.

    With that said…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base