Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. IP Trace (Country)

    I see remote desktop failures alot. Some Chiness hackers are trying to hack my Windows Virtual Machines. I see many differnt IP address and it is hard to find where or which country's ip address. It would be great there is embadded IP TRACE feature so that I can see where IP originate from.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. archive data

    Would it be possible to archive data back to on-premise once the data retention limit is hit - specifically with logs?
    Maybe a powershell do download everything.

    It would be handy for organisations that need to keep information longer than 12 months.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    In the future we will work on plans for higher retention policy.

    For the ‘export’ functionality, you might want to check the API idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519057-programmatically-submit-search-requests-and-receiv but, realistically, after you uploaded terabytes of data over a few months time… even the concept of downloading everything back at that point seems daunting.

  3. Log Analytics - allow configuring different data collection settings per connected machine\agent in the same workspace

    for example: in a scenario where two windows machines are connected to the same log analytics workspace, provide the option to ingest windows performance counters data to the workspace only for the first machine (when both machines connected to the same log analytics workspace)

    This feature will be very useful when a customer needs to use a single workspace for different use cases, but willing to keep all the data in a single location, while preventing unnecessary data ingestion which will result in additional costs.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. Import Application specific logs from Blob Storage or Table entries into Log Analytics for Azure Functions

    Import Application specific logs from Blob Storage or Table entries into Log Analytics for Azure Functions

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Ability to upload logs on Demand and then remove them once analyzed.

    Support Scenario- Engineers ingesting “on demand”, any log from any server/customer they would like into a temporary/their workspace, querying them, working on the issue, and subsequently deleting the data when they are done.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    For ‘bring your own logs’ – Yes we would like to enable that – we need to first do work to enable per-workspace/per-tenant schema (types and their fields) definition – so you can define how to parse your own custom logs in the first place. See this item http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-or-xpath-to-pe

    Then – new types of logs or existing ‘known’ types that are already defined in the system – then comes the part of defining where do I find the log to ingest in the first place – would you store it in Azure storage, do you expect to ‘upload’ it via the portal on demand for troubleshooting? We have appetite for something like polling from a storage account (we do it for WAD already anyway) – but still mostly from an ‘ongoing’ pulling of data for warehousing or monitoring.

    Not sure about the removal part either – all our billing and…

  6. Failed to import the latest Advisor Management Packs to the Management Server

    Getting the following Alerts in SCOM 2012 server every 12 hours...
    Date and Time: 6/21/2016 11:08:36 PM
    Log Name: Operations Manager
    Source: Advisor
    Event Number: 55006
    Level: 2
    Logging Computer: SCOM-SERVER.DOMAIN.local
    User: N/A
    Description:
    Failed to import the latest Advisor Management Packs to the Management Server. Reason: System.ArgumentException: The requested management pack is not valid. See inner exception for details. Parameter name: managementPack ---> Microsoft.EnterpriseManagement.Common.ManagementPackException: Verification failed with 1 errors: ------------------------------------------------------- Error 1: Found error in 2|Microsoft.IntelligencePack.InventoryChangeTracking.Configuration|1.0.0.0|Microsoft.IntelligencePack.InventoryChangeTracking.Configuration|| with message: Could not load management pack [ID=Microsoft.SystemCenter.Library, KeyToken=31bf3856ad364e35, Version=7.0.8433.0]. The management pack was not found in the store. : Version mismatch. The…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  7. linux

    Could we see more documenation around the Linux OMS log forwarding function, and how to troubleshoot when things start to go wrong. I think this would be an excellent resource.

    I've been working with OMS, using a linux (CentOS7) based agent to forward syslogs events to my OMS linux agent, and having that host route the relevant log events into OMS.

    Having had some experience with logstash, I spotted that the architecture was based around fluentd, so I had a good grasp of what I was working with. I also have a decent level of unix experience.

    With that said…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. Collect CMDB data held in the Windows registry

    I'd like to have the means to inventory a specific registry key location and bring in the values into OMS as associated with each computer. We imprint CMDB data at a known registry location and having this collected into OMS will allow me to create dynamic groups based on CMDB data.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. Ability to pull logs from log files using encoding other than UTF-8 and ANSI

    Ability to pull logs from log files using encoding other than UTF-8 and ANSI. This will be very useful to pull logs from MS SQL Server Logs like ERRORLOG and SQL Agent Log files, since these are not encoded using UTF-8 or ANSI. Also, OMS should be able to deal with log files which do not have an extension. For example, we cant pull off logs from SQL Server ERRORLOG since this file does not have an extension.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Can I monitor process on Linux?

    Linux Agent can not monitor process other than custom log.
    When is process monitoring installed as a standard function?
    Customer wants to use it.
    Because customer need to take cost for using Custom Log.
    Now, customer redirects result of ps command to Custom log file.
    They want to stop these operation.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Monitoring for ALL Azure Services

    I see on https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-azure-storage that monitoring for several Azure services is still missing, for example Machine Learning, Stream Analytics, Data Factory. These tools provide their own or storage/log structure for investigation, but a centralized monitoring solution for all our Azure services would be beneficial to avoid checking individually for problems in each service. Currently, we have to resort to creating custom monitoring code in Azure functions.

    Monitoring a custom log structure stored in blob storage would also be essential.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Collect & correlate Windows Server SMTP logs in W3C format

    We utilize Windows Server SMTP Relay to send emails from SharePoint/Project Server to customer. I would like to easily monitor the logs using Op Insights.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. Log analytics to support multi dimensional metrics input from Event Hubs

    Sending multi-dimensional metrics via diagnostic settings is not currently supported. Metrics with dimensions are exported as flattened single dimensional metrics, aggregated across dimension values.
    For example: The 'Incoming Messages' metric on an Event Hub can be explored and charted on a per queue level. However, when exported via diagnostic settings the metric will be represented as all incoming messages across all queues in the Event Hub.

    The Diagnostics and Metrics team did confirm that the Incoming messages metric is multi-dimensional. And because of this when sending the data to Log Analytics it will only present all of the incoming messages…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the feedback . Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  14. Two successive configuration applications from OMS Settings failed

    When I used log search, I found error message about Linux Agent for DSC.


    • Error Message
      Two successive configuration applications from OMS Settings failed – please report issue to github.com/Microsoft/PowerShell-DSC-for-Linux/issues

    I found that this issue is discussed in below:
    https://github.com/Microsoft/PowerShell-DSC-for-Linux/issues/258

    But the date of fix is unknown.
    Error is very noisy for collecting log from Linux Agent.
    So, I want to know the date of fix as soon as possible.
    I want to decrease this error.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. Integration with public rest API's for Sentiment Analysis

    Ability to pull in Four Square Checkin's, Twitter Feeds, weather etc so sentiment analysis can be added to log analysis for business realated event analysis

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  16. Include "Valued caching policies" on the analytics result

    It would be very helpful if you have a built-in mechanism for counting value cache misses/success.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for your feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  17. Capture DNS Server logs

    Can the OMS agent capture Microsoft-Windows-DNS-Server/Analytical logs?

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. Custom Logs to support Unicode files

    SQL Server supports unicode files only and this is not a supported format to import into custom logs. https://blog.sqlauthority.com/2018/05/14/sql-server-fix-msg-22004-the-log-file-is-not-using-unicode-format/

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. Add kubernetes specific information to container logs

    When running the agent on a Kubernetes cluster, it would be very useful to add kubernetes specific information to the log lines. For example:


    • namespace

    • pod name

    • tags

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  20. Add multiple performance counters at once

    When adding performance counters to collect, ability to add multiple performance counters at once with wildcards like: Processor()* or SQLServer

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base