Azure Log Analyics Custom Logs with FSLogix Profile Logs - Time Format not supported?

bsonnek 51 Reputation points
2022-06-09T15:04:58.457+00:00

Is it possible to capture the FSLogix Component-Specific Profile Logs into an Azure Log Analytics Workspace table?

I'm finding that the FSLogix Component-Specific Logs files do not use a standardized time format which doesn't allow the log file to be parsed by a Log Analytics Agent or Azure Monitor Agent.
https://learn.microsoft.com/en-us/fslogix/logging-diagnostics-reference#component-specific-log-files

Here are a few links showing time formats and instructions for using Log Analytics or Azure Monitor agents to import custom log files.

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-text-log#log-files-supported
https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.management.monitor.models.logfiletextsettings.recordstarttimestampformat?view=azure-dotnet
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-text-log#create-data-collection-rule
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-custom-logs#step-2-upload-and-parse-a-sample-log

We're trying to import these logs into Azure Monitor Insights workbooks to allow us to query and troubleshoot Azure Virtual Desktop session hosts without logging in to each VM to troubleshoot issues. I find it hard to believe that with FSLogix at the core of AVD, these logs aren't using a standard format that would make them usable in Azure Log Analytics Workspaces.

Please help me find a way to make this happen or that a solution is currently being created to make this possible.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,820 questions
FSLogix
FSLogix
A set of solutions that enhance, enable, and simplify non-persistent Windows computing environments and may also be used to create more portable computing sessions when using physical devices.
463 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AnuragSingh-MSFT 20,431 Reputation points
    2022-06-13T11:23:11.347+00:00

    Hi @bsonnek ,

    Thanks for posting the question.

    I understand that you are trying to use the Azure Monitor's custom log collection feature to collect FSLogix's Component-specific log files. Please note that you have 2 options to set as delimiter of logs as they are collected.
    New Line , and
    Timestamp in the supported format as *available here *
    210797-image.png

    Therefore, even if the timestamp formats of the logs are not in the required format, you can still use the Azure Monitor's custom log collection feature to collect logs, meeting the following requirements:

    1. Each entry are on a single line, separated by a newline
    2. The log files are either ASCII or UTF-8 encoded.

    The screenshot below shows logs collected in a test scenario where the timestamp did not meet the required format

    210826-image.png

    Also, Azure Monitor by default provides extensive insights monitoring of Azure Virtual Desktop along with optional Resource diagnostic settings. Please refer to this link for more details - Use Azure Monitor for Azure Virtual Desktop to monitor your deployment

    I would suggest enabling monitoring using the already available options and observing if it helps meet your requirements. In case the available options are not enough, you may also submit feedback to AVD team using this link.

    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

    0 comments