Azure Log Analyics Custom Logs with FSLogix Profile Logs - Time Format not supported?

asked 2022-06-09T15:04:58.457+00:00
bsonnek 41 Reputation points

Is it possible to capture the FSLogix Component-Specific Profile Logs into an Azure Log Analytics Workspace table?

I'm finding that the FSLogix Component-Specific Logs files do not use a standardized time format which doesn't allow the log file to be parsed by a Log Analytics Agent or Azure Monitor Agent.
https://learn.microsoft.com/en-us/fslogix/logging-diagnostics-reference#component-specific-log-files

Here are a few links showing time formats and instructions for using Log Analytics or Azure Monitor agents to import custom log files.

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-text-log#log-files-supported
https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.management.monitor.models.logfiletextsettings.recordstarttimestampformat?view=azure-dotnet
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-text-log#create-data-collection-rule
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-custom-logs#step-2-upload-and-parse-a-sample-log

We're trying to import these logs into Azure Monitor Insights workbooks to allow us to query and troubleshoot Azure Virtual Desktop session hosts without logging in to each VM to troubleshoot issues. I find it hard to believe that with FSLogix at the core of AVD, these logs aren't using a standard format that would make them usable in Azure Log Analytics Workspaces.

Please help me find a way to make this happen or that a solution is currently being created to make this possible.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
1,805 questions
FSLogix
FSLogix
A set of solutions that enhance, enable, and simplify non-persistent Windows computing environments and may also be used to create more portable computing sessions when using physical devices.
367 questions
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2022-06-13T11:23:11.347+00:00
    AnuragSingh-MSFT 9,976 Reputation points Microsoft Employee

    Hi @bsonnek ,

    Thanks for posting the question.

    I understand that you are trying to use the Azure Monitor's custom log collection feature to collect FSLogix's Component-specific log files. Please note that you have 2 options to set as delimiter of logs as they are collected.
    New Line , and
    Timestamp in the supported format as *available here *
    210797-image.png

    Therefore, even if the timestamp formats of the logs are not in the required format, you can still use the Azure Monitor's custom log collection feature to collect logs, meeting the following requirements:

    1. Each entry are on a single line, separated by a newline
    2. The log files are either ASCII or UTF-8 encoded.

    The screenshot below shows logs collected in a test scenario where the timestamp did not meet the required format

    210826-image.png


    Also, Azure Monitor by default provides extensive insights monitoring of Azure Virtual Desktop along with optional Resource diagnostic settings. Please refer to this link for more details - Use Azure Monitor for Azure Virtual Desktop to monitor your deployment

    I would suggest enabling monitoring using the already available options and observing if it helps meet your requirements. In case the available options are not enough, you may also submit feedback to AVD team using this link.


    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

    No comments