Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. To collect critical event log of Windows computer

    There are only 'Error', 'Waring', 'Information' type of Windows logs can be collect, but no 'Critical' events. My customer wish to collect and monitor critical event logs.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  2. WebSphere

    Acept WebShere logs to log analytics

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  3. Ability to change the logging time

    We already log in UTC timezone on our machines, but the monitoring agent thinks it is in local time so it converts it.
    It would be great to have an option to switch between local and utc time when we are setting the delimiters for the logs

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Why Does MS Continuously Break Things that Work???

    I have Azure Functions. For certain operations, during development, I use context.getLogger().severe(logMessage); Simple. Straightforward. AppInsights, as piggish as it was, would at least show the message by default. I did not have to learn yet another bit of syntax that is almost but not quite like some other logging syntax. Now, I look at Log Analytics (something wrong with AppInsights as a name? Who could guess) and I get a bunch of useless IDs, but DO NOT GET THE LOG MESSAGE by default. OR THE SEVERITY. Supposedly a field called 'desc' should be in the result (is that the log…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Additional Paid Tier

    Have a cheaper paid option for 7 days of holding data and unlimited upload

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  6. Log rotation includes dynamic folder name change

    I am importing backup log to Azure log analytics via custom logs and will create alert if it fails ,but log rotation is enabled which will replace folder also,below is example.

    /mnt/backupfileshare/tool/flow/0/2018-11-150744/azure-backupfileincr02018-11-1507449535.log
    /mnt/backupfileshare/tool/flow/0/2018-11-160744/azure-backupfileincr02018-11-1607449535.log

    here my folders 2018-11-150744 & 2018-11-160744 also changing dynamically with log file.how to import this kind in Azure log analytic custom log

    MS URL:
    https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  7. Extend Keyword

    Extend the OMS Extend keyword to permit mapping of a field value such as Windows EventID to a business friendly term. Example:

    Type=SecurityEvent EventID IN {4728,4729} | Extend if(EventID=4728,"ADD","REMOVE")

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  8. Sorting of OMS-Upgrade Readiness items pending changes, should be filterable

    the display of items pending change are marked in red, they should also be grouped.
    Adding a column (pending changes - y/n) that is sortable would be beneficial

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Help with Log Monitoring

    Hello, I´ve had some trouble monitoring my Windows PC's; as you can see, the data only shows in time lapses an not continuosly, even if my machines are turned on all day long. I only get data between aproximately 9pm and 4am, but for the rest of the day there is no data from my windows machines.

    Do you know if there's something I need to configure for it to be countinuous? Or any way to solve my problem?

    Thank you!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. Correct Syslog parsing

    Add the correct / complete recognition syslog protocol. It is necessary to monitor network equipment.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  11. HDinsight: Can we enable Azure monitor through .net SDK

    We want to enable Azure monitor specifically for HDinsight cluster, As I can see the way to add workspace to the HDInsight cluster through portal/CLI/PowerShell is given but not for SDK,
    https://docs.microsoft.com/en-us/azure/hdinsight/hdinsight-hadoop-oms-log-analytics-tutorial

    Can enabling through SDK we can see in future ?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  12. Incorrect response codes in Log Analytics for WordPress apps hosted in App Service

    We have a couple WordPress apps hosted in an Azure App Service and MySQL database. We've enabled Application Insights which does capture some information that can be useful.

    Upon building dashboards with this data, we've noticed all the http response codes collected are 200 even though in the raw logs some responses are 404 (page not found). This makes the information when attempting to build useful dashboards invalid and/or inconsistent when we want to capture failures.

    Support ticket was raised but advised WordPress and App Insights is not supported. Please either remove the option for the plugin or provide support…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Thanks for your feedback and its now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  13. query sql directly from log analytics

    Azure Log Analytics needs the ability (like the externaldata command) to be able to directly query a relational sql table to bypass the 64 megabyte lookup limit.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  14. Shared query link

    Log analytical query “ share link once opened goes to Getting Started page and until we click getting started button query explorer does not run the query. Is there a way to skip the getting started page when using link shared for query?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  15. Scope Custom Logs in Log Analytics Workspace

    Apply custom log collection to specific agents (scoping). If the log file does not exist on certain agents an access denied message gets posted in the custom log every few minutes.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  16. log integration for linux machines

    I would like to see integration between Azure Log Integrator and Linux VM diagnostics. Currently Linux VM Diagnostics data goes to a storage account but Azure Log Integration server does not collect the info. It only collects the info for Windows servers. It will be nice to also read Linux diagnostics into Azure Log Integrator.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure log analytics , New aleart create option disable

    I have any issue, While defining new alert rule on Azure log analytics , New aleart create option is disable , PFA sanp

    it gives error, new alert rule is not supported, pls suggest

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  18. Event Logs (Application, System, etc) not being collected on certain servers

    I've added 8 new servers on the Operations console, and these servers are reporting heartbeat, alert, performance and usage data on the OMS portal.

    Then when I run the query Type=Event Computer=<domain>, it doesn't return any information even after configuring the Windows Event Logs as the screen attached.

    It's been more than 48 hours since the servers were added, and the events are collected from servers in a different management group and domain.

    Please, what can be done in order to fix this?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  19. Linux agent installed + updated by a repository

    Our security policies are being violated by Azure's Log Analytics agent because it is installed and updated by a process outside of the regular repository method. We would like to have it done by adding a repository to the system and updating it like we would any other system package (whether this is rpm or deb based).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Log Management and Log Collection Policy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Currently the JSON log messages getting truncated and split inot multiple lines when its very long

    Currently we are facing an issue while analysing application logs. When the JSON log message is very long its getting into multiple lines. Our requirement is to get them in one line. Could you please help us fix this issue? Please let me know if you need any further informations?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  • Don't see your idea?

Feedback and Knowledge Base