Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Show Contextual data such as CPU and RAM for servers

    When I click over a list that shows servers and select a given server from the list it would be nice to get a quick overview of the system. Such as OS SKU, CPU, RAM, Disk Free and so on.

    127 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    We have not forgotten about this but this is a multi-faceted feedback that expresses a desire (show me/let me pivot to contextual data), but besides the graphical interaction we need to bring the right capabilities and the right data types to the platform first.

    A first step in this direction is the common ‘Computer’ field – http://feedback.azure.com/forums/267889-azure-operations-insights/suggestions/6519266-unify-standardize-computer-field-across-intellig
    that allows you to pivot from one data type to another, and to join different data types thru sub-searches http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519234-filter-groups-of-computers-thru-subqueries-in-n
    (which anyhow are generic and work with other fields too)

    We are starting to discuss what a UX for ‘context’ could look like, but we are not finished with bringing in new data types to make that really compelling :-)

    One example of such ‘context’ is in the form of tracking configuration changes – http://feedback.azure.com/forums/267889-azure-operations-insights/suggestions/6519185-need-configuration-change-tracking-solution-softw so you can move from a troubleshooting scenario (capacity or events) to a ‘context’ of what has changed…

  2. Skip operator for Query Search

    Old version Log Analytics has 'Skip' operator.
    But now, New version of Log Analytics Query does not have 'Skip' operator.

    I want this feature.
    Because when we use Query via REST API, for limitation about Log Analytics API, we cannot download all logs at one time.
    So, we must execute API many again and again.

    If there is 'skip' operator, I can use 'skip' and 'limit' for repeat.
    Now because there is no 'skip' operator, I don't get log from Log Analytics via REST API.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  3. 'render timechart' should support logarithmic y-scale

    Currently I need to manually exclude one series that has especially high values from my timechart. It means that the automatic scale has a very high max which means that the other series are not easily viewable.

    I'd like a parameter to 'render timechart' that lets me specify a log y scale, it will help all series to be visible.

    It's a fairly common feature in data visualization generally.

    I actually want this for Application Insights Analytics (https://feedback.azure.com/forums/357324-application-insights/suggestions/14110047-add-logarithmic-scale-to-charts). I'm not sure the right place for these requests now that there is standard Log Analytics Query Language.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support conversion and formatting functions in the search language

    There should be option in the search language to convert metrics. For example If I want to convert Bytes to Gigabytes that should be possible in the search language. Other examples are in converting time to specific format (shorter time format, adding timezone and etc.)

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add a keyboard shortcut to comment / uncomment the current line in the query editor (like CTRL+K in VS)

    There already is a shortcut that allows to run the query (Shift+Enter), which is great.
    A shortcut to toggle wheter the current line is a comment or not (by adding / removing "//" at the beginning of the line) would be great and save a lot of time while editing queries / functions.

    Similar to the shortcut VS or any other IDE: https://blogs.msdn.microsoft.com/zainnab/2010/04/13/comment-and-uncomment-code/

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow to search for 'parts' of a datetime field

    real world scenario: I need to analyze my alerts distribution by time windows (i.e. how many of them overnight vs during the day) and based on week day (how many on Sunday, Monday, ...)
    I think this scenario can be applied to every data source you have. To do that we need to be able to query on parts of the datetime fields.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    I have this capability on my query language improvement backlog already. I would like to allow folks to search via local time (instead of ISO UTC time) and use keywords like Sunday, 6PM, etc.

    This is currently behind JOIN, Regex, DEDUP, and search time custom field extraction.

  7. Save Time frame Scope

    Save time scope along with query, so we don't have to adjust in the GUI each time we click on a saved query. This should also apply to dashboard elements, so we don't end up with "half" graphs when you have limited TimeGenerated.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  8. Import groupings from SCOM

    Import already existing server groupings from SCOM for access in the Log Analytics or the pre-built assessments

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow us to filter deduped data set (* | dedup * | where ??)

    Ok now with dedup we can almost achieve the "last data point by Computer" scenario, but we cannot use where after dedup as in: Type:Heartbeat | dedup Computer | where TimeGenerated < NOW-10MINUTE
    Just add the ability to use "| where" to process the deduped data set.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  10. Increase number of distinct results for measure command (limit 100)

    Today measure command only support 100 distinct results. It´s a risk that alerts created with measure command don´t give correct results because of this limit. Now the first top 100 results is sent to measure.

    From documentation:

    Second, Measure count currently returns only the top 100 distinct results. This limit does not apply to the other statistical functions. So, you'll usually need to use a more precise filter first to search for specific items before you apply measure count().

    https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-log-searches#use-the-measure-command

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  11. Save Column Selections Along With Queries/Favorites

    The log search and ability to save queries/favorites is looking good. However, please include the column filters, column positions, and Display Time setting in the saving of queries, so that each time we return to a saved query we don't need to re-configure all of those settings to achieve the desired view. Thank you!

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  12. Minify on W3CIISLog

    Minify works great for logs. Specifically we would like to get REST endpoints our of the csUriStem

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  13. custom field based on regex

    sorry if this has been asked I searched but could not find anything similar.

    would love to be able to create a custom field based on a regex. Like I have csUsername as a field but I want to know the domain of the users not the email address, the stuff after the @ is this possible or are you working on it.

    love oms so far,I hopefully I didn't miss something

    ps this doesn't need to be a regex could be things like split,trim,end, lastindexof, etc..

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  14. Change a saved search (hassle free)

    Add the ability to change a saved search, without having to remember the exact same name and group to override the existing query. At the same time a rename function would be nice.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  15. custom field based on regex

    sorry if this has been asked I searched but could not find anything similar.

    would love to be able to create a custom field based on a regex. Like I have csUsername as a field but I want to know the domain of the users not the email address, the stuff after the @ is this possible or are you working on it.

    love oms so far,I hopefully I didn't miss something

    ps this doesn't need to be a regex could be things like split,trim,end, lastindexof, etc..

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add "render" option for query language

    Can we please have an option to display search results into different types of graphics? Similar to Kusto (or Application Insights Analytics) which has an option to render the search results into different graphics.
    For example:
    requests
    | where timestamp >= ago(24h)
    | summarize requestCount=count() by client_CountryOrRegion
    | order by requestCount desc
    | render piechart

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability for Searchs to Have Titles

    When I click on the "Locked-out Accounts" view from the Security IP, I am brought to the search section. There is no way on this page to tell what I am looking at without analysing the search. In the search bar it shows "EventID=4740" but who in their right mind has every event id memorized. There should be a title that shows I clicked on "Locked-out Accounts".

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback.

    This is similar to the behavior the mobile app has for ‘saved searches’ – they do show the title there.

    Coded drill-downs today don’t carry a title across pages, and changing this has an overall impact on the breadcrumb code, most likely – see this other idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519263-moving-across-pages-needs-to-be-seamless-clickable

    Keep in mind that the default drill down pages are meant as a convenience: once you identified a search you care about, you can SAVE it to your Saved Searches, and pin it on your own dashboard – those tiles in dashboards have a title (=the name of the saved search).

  18. Improve Log Search UI and and Results

    I would like to see the following:
    - Larger query input field
    - Tabs
    - Table result column filtering
    - Table rows expand to show full results
    - Table scrolls horizontally so that you can actually read the data when there area lot of columns
    - More "Last" time slices (Last 15 min, Last 30 min, Last 1 hour, etc...)
    - Column selection mechanism in UI (drop down with checkboxes instead of having to | select x, y, z)

    Analytics for App Insights has all of these features, and I constantly find myself wishing Log Search had them

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  19. Query auto correction

    auto correction when typing a query.
    e.g. "Type:SecurityEVent" (wrong capital 'V') will be auto corrected to "Type:SecurityEvent"

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
  20. Portal site Localization

    Now, OMS portal site is not localized to other languages.

    such as assessment intelligent pack, it has useful information, but many customer (in Japan) cannot understand English information...

    Please localize portal site to famous language.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Search UI and Language  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base