Send diagnostic data to Log Analytics for Azure Virtual Desktop
Azure Virtual Desktop uses Azure Monitor for monitoring and alerts like many other Azure services. This lets admins identify issues through a single interface. The service creates activity logs for both user and administrative actions. Each activity log falls under the following categories:
Category | Description |
---|---|
Management Activities | Whether attempts to change Azure Virtual Desktop objects using APIs or PowerShell are successful. |
Feed | Whether users can successfully subscribe to workspaces. |
Connections | When users initiate and complete connections to the service. |
Host registration | Whether a session host successfully registered with the service upon connecting. |
Errors | Where users encounter issues with specific activities. |
Checkpoints | Specific steps in the lifetime of an activity that were reached. |
Agent Health Status | Monitor the health and status of the Azure Virtual Desktop agent installed on each session host. |
Network | The average network data for user sessions to monitor for details including the estimated round trip time. |
Connection Graphics | Performance data from the Azure Virtual Desktop graphics stream. |
Session Host Management Activity | Management activity of session hosts. |
Autoscale | Scaling operations. |
Connections that don't reach Azure Virtual Desktop won't show up in diagnostics results because the diagnostics role service itself is part of Azure Virtual Desktop. Azure Virtual Desktop connection issues can happen when the user is experiencing network connectivity issues.
Azure Monitor lets you analyze Azure Virtual Desktop data and review virtual machine (VM) performance counters, all within the same tool. This article will tell you more about how to enable diagnostics for your Azure Virtual Desktop environment.
Note
To learn how to monitor your VMs in Azure, see Monitoring Azure virtual machines with Azure Monitor. Also, make sure to review the Azure Virtual Desktop Insights glossary for a better understanding of your user experience on the session host.
Prerequisites
Before you can use Azure Virtual Desktop with Log Analytics, you need:
A Log Analytics workspace. For more information, see Create a Log Analytics workspace in Azure portal or Create a Log Analytics workspace with PowerShell. After you've created your workspace, follow the instructions in Connect Windows computers to Azure Monitor to get the following information:
- The workspace ID
- The primary key of your workspace
You'll need this information later in the setup process.
Access to specific URLs from your session hosts for diagnostics to work. For more information, see Required URLs for Azure Virtual Desktop where you'll see entries for Diagnostic output.
Make sure to review permission management for Azure Monitor to enable data access for those who monitor and maintain your Azure Virtual Desktop environment. For more information, see Get started with roles, permissions, and security with Azure Monitor.
Push diagnostics data to your workspace
You can push diagnostics data from your Azure Virtual Desktop objects into the Log Analytics for your workspace. You can set up this feature right away when you first create your objects.
To set up Log Analytics for a new object:
Sign in to the Azure portal and go to Azure Virtual Desktop.
Navigate to the object (such as a host pool, application group, or workspace) that you want to capture logs and events for.
Select Diagnostic settings in the menu on the left side of the screen.
Select Add diagnostic setting in the menu that appears on the right side of the screen.
The options shown in the Diagnostic Settings page will vary depending on what kind of object you're editing.
For example, when you're enabling diagnostics for an application group, you'll see options to configure checkpoints, errors, and management. For workspaces, these categories configure a feed to track when users subscribe to the list of apps. To learn more about diagnostic settings see Create diagnostic setting to collect resource logs and metrics in Azure.
Important
Remember to enable diagnostics for each Azure Resource Manager object that you want to monitor. Data will be available for activities after diagnostics has been enabled. It might take a few hours after first set-up.
Enter a name for your settings configuration, then select Send to Log Analytics. The name you use shouldn't have spaces and should conform to Azure naming conventions. As part of the logs, you can select all the options that you want added to your Log Analytics, such as Checkpoint, Error, Management, and so on.
Select Save.
Note
Log Analytics gives you the option to stream data to Event Hubs or archive it in a storage account. To learn more about this feature, see Stream Azure monitoring data to an event hub and Archive Azure resource logs to storage account.
How to access Log Analytics
You can access Log Analytics workspaces on the Azure portal or Azure Monitor.
Access Log Analytics on a Log Analytics workspace
Sign in to the Azure portal.
Search for Log Analytics workspace.
Under Services, select Log Analytics workspaces.
From the list, select the workspace you configured for your Azure Virtual Desktop object.
Once in your workspace, select Logs. You can filter out your menu list with the Search function.
Access Log Analytics on Azure Monitor
Sign in to the Azure portal.
Search for and select Monitor.
Select Logs.
Follow the instructions in the logging page to set the scope of your query.
You are ready to query diagnostics. All diagnostics tables have a "WVD" prefix.
Note
For more detailed information about the tables stored in Azure Monitor Logs, see the Azure Monitor data reference. All tables related to Azure Virtual Desktop are prefixed with "WVD."
Cadence for sending diagnostic events
Diagnostic events are sent to Log Analytics when completed.
Log Analytics only reports in these intermediate states for connection activities:
- Started: when a user selects and connects to an app or desktop in the Remote Desktop client.
- Connected: when the user successfully connects to the VM where the app or desktop is hosted.
- Completed: when the user or server disconnects the session the activity took place in.
Example queries
Access example queries through the Azure Monitor Log Analytics UI:
- Go to your Log Analytics workspace, and then select Logs. The example query UI is shown automatically.
- Change the filter to Category.
- Select Azure Virtual Desktop to review available queries.
- Select Run to run the selected query.
Learn more about the sample query interface in Saved queries in Azure Monitor Log Analytics.
The following query list lets you review connection information or issues for a single user. You can run these queries in the Log Analytics query editor. For each query, replace userupn
with the UPN of the user you want to look up.
To find all connections for a single user:
WVDConnections
|where UserName == "userupn"
|take 100
|sort by TimeGenerated asc, CorrelationId
To find the number of times a user connected per day:
WVDConnections
|where UserName == "userupn"
|take 100
|sort by TimeGenerated asc, CorrelationId
|summarize dcount(CorrelationId) by bin(TimeGenerated, 1d)
To find session duration by user:
let Events = WVDConnections | where UserName == "userupn" ;
Events
| where State == "Connected"
| project CorrelationId , UserName, ResourceAlias , StartTime=TimeGenerated
| join (Events
| where State == "Completed"
| project EndTime=TimeGenerated, CorrelationId)
on CorrelationId
| project Duration = EndTime - StartTime, ResourceAlias
| sort by Duration asc
To find errors for a specific user:
WVDErrors
| where UserName == "userupn"
|take 100
To find out whether a specific error occurred for other users:
WVDErrors
| where CodeSymbolic =="ErrorSymbolicCode"
| summarize count(UserName) by CodeSymbolic
Note
- When a user launches a full desktop session, their app usage in the session isn't tracked as checkpoints in the
WVDCheckpoints
table. - The
ResourcesAlias
column in theWVDConnections
table shows whether a user has connected to a full desktop or a published app. The column only shows the first app they open during the connection. Any published apps the user opens are tracked inWVDCheckpoints
. - The
WVDErrors
table shows you management errors, host registration issues, and other issues that happen while the user subscribes to a list of apps or desktops. - The
WVDErrors
table also helps you to identify issues that can be resolved by admin tasks. The value onServiceError
should always equalfalse
for these types of issues. IfServiceError
equalstrue
, you'll need to escalate the issue to Microsoft. Ensure you provide the CorrelationID for errors you escalate. - When debugging connectivity issues, in some cases client information might be missing even if the connection events completes. This applies to the
WVDConnections
andWVDCheckpoints
tables.
Next steps
- Enable Insights to monitor Azure Virtual Desktop.
- To review common error scenarios that the diagnostics feature can identify for you, see Identify and diagnose issues.