Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Activity Log to be Scoped for a particular Resource Group

    When you collect the Azure Activity Log through Log Analytics, it collects Azure Activity for the entire subscription. We need the ability to collect it for just a specific resource group.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. Shorten Custom Log Pulls from 5 mins

    We are using OMS to track usb unplug events in our meeting rooms. But the wait time for an alert is 5 mins. Thats to long. We want to have self-healing scripts that would notify the user that something has been unplugged within a min of the disconnect.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. import data

    It would be good to have a way to automatically import azure tables into log analytics. Currently the only way is to call log analytics and after call azure tables to have a data replica. Other possibility it would be to export data from Log Analytics into azure tables. Currently log analytics is kind of a black box since the only way to pull or push data is through the API.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  4. No AzureActiveDirectory audit data in workspace after recreating ws with same name

    AAD diagnostic Settings do not update the id of the Workspace if this newly created one gets the same name again.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the feedback. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  5. Custom Field as a Primary Key and Status "Update" Discovery

    I believe that if we have the ability in custom logs to select a custom field as a Primary Key in order to correlate other events with that would be very helpful. For Example i have a log with Custom Field "ID" and another custom field "Status". If the Status has value "Open" i can create a view with "ID" and Status "OPEN" if something changes in that Primary Key in the STATUS Field to understand that this ID is now Closed. Thank you very much.
    The main function here is for OMS to understand the uniqueness of the custom…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Nagios Alert does not show Service Name

    Nagios alerts are collected by LogAnalytics.
    Customers were able to implement settings to send alerts to LogAnalytics and receive notifications.

    But there is a problem.
    That is AlertName = SERVICE ALERT data.
    The Service Name detected by Nagios is not stored in this column.
    Therefore, we can not judge from what LogAnalytics logs what service alerts are.

    The same problem is raised in Github.
    https://github.com/Microsoft/OMS-Agent-for-Linux/issues/613

    When is the ETA?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Agent for iOS/Android/Windows 10 Mobile

    I want to monitor iOS/Android/Windows 10 Mobile by Microsoft Operations Management Suite.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  8. Regex to support MM/DD/YYYY HH:MM:SS

    Need a Regex option in Custom Logs to support 24hr formatting minus the AM/PM requirement.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow a push stream to be sent to the HTTP Data Collector

    It should be possible to dynamically parse data and stream it to the HTTP Data Collector API using a push stream approach.

    This is not currently possible since the Content-Length is a required component of the Signature in the Authorization header and the size of the payload is not known ahead of time when generating a push stream.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  10. event log filtering

    provide ability to define custom event log filtering to include / exclude events from specific hosts or groups.
    All, Common, Minimal are not effective and are causing cost overruns.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. Custom logs - monitoringhost.exe crashes

    When configuring Collection of a custom log, then we see monitoring host crashes with event id 4000 every 10 min on most agents. Event description contains "A monitoring host is unresponsive or has crashed. The status code for the host failure was 2164195371". This also causes the NIC to be paused and restarted.

    Event ID 1026 is logged in the Application log containing: Application: MonitoringHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException at System.DateTime.op_Subtraction(System.DateTime System.TimeSpan) at Microsoft.EnterpriseManagement.HealthService.LogWatcher.LogDirectoryWatcher.ErrorRetryCallback(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext System.Threading.ContextCallback System.Object Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext System.Threading.ContextCallback System.Object Boolean) at System.Threading.TimerQueueTimer.CallCallback() at System.Threading.TimerQueueTimer.Fire()…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  12. Azure EA - OMS version

    I have 1 Azure EA with several subscriptions.
    I'd like to option add services/servers from all those subscriptions to the OMS potal.
    Right now that option is missing.
    When will you implement such an option (for Azure Enterprise customers?)

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. WebSphere

    Acept WebShere logs to log analytics

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. Ability to change the logging time

    We already log in UTC timezone on our machines, but the monitoring agent thinks it is in local time so it converts it.
    It would be great to have an option to switch between local and utc time when we are setting the delimiters for the logs

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  15. Why Does MS Continuously Break Things that Work???

    I have Azure Functions. For certain operations, during development, I use context.getLogger().severe(logMessage); Simple. Straightforward. AppInsights, as piggish as it was, would at least show the message by default. I did not have to learn yet another bit of syntax that is almost but not quite like some other logging syntax. Now, I look at Log Analytics (something wrong with AppInsights as a name? Who could guess) and I get a bunch of useless IDs, but DO NOT GET THE LOG MESSAGE by default. OR THE SEVERITY. Supposedly a field called 'desc' should be in the result (is that the log…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  16. Additional Paid Tier

    Have a cheaper paid option for 7 days of holding data and unlimited upload

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  17. Log rotation includes dynamic folder name change

    I am importing backup log to Azure log analytics via custom logs and will create alert if it fails ,but log rotation is enabled which will replace folder also,below is example.

    /mnt/backupfileshare/tool/flow/0/2018-11-150744/azure-backupfileincr02018-11-1507449535.log
    /mnt/backupfileshare/tool/flow/0/2018-11-160744/azure-backupfileincr02018-11-1607449535.log

    here my folders 2018-11-150744 & 2018-11-160744 also changing dynamically with log file.how to import this kind in Azure log analytic custom log

    MS URL:
    https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  18. Extend Keyword

    Extend the OMS Extend keyword to permit mapping of a field value such as Windows EventID to a business friendly term. Example:

    Type=SecurityEvent EventID IN {4728,4729} | Extend if(EventID=4728,"ADD","REMOVE")

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sorting of OMS-Upgrade Readiness items pending changes, should be filterable

    the display of items pending change are marked in red, they should also be grouped.
    Adding a column (pending changes - y/n) that is sortable would be beneficial

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Help with Log Monitoring

    Hello, I´ve had some trouble monitoring my Windows PC's; as you can see, the data only shows in time lapses an not continuosly, even if my machines are turned on all day long. I only get data between aproximately 9pm and 4am, but for the rest of the day there is no data from my windows machines.

    Do you know if there's something I need to configure for it to be countinuous? Or any way to solve my problem?

    Thank you!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base