Hello shashank rastogi,
Greetings! Welcome to Microsoft Q&A Platform.
Storage Analytics logs detailed information about successful and failed requests to a storage service. This information can be used to monitor individual requests and to diagnose issues with a storage service. Requests are logged on a best-effort basis. This means that most requests will result in a log record, but the completeness and timeliness of Storage Analytics logs are not guaranteed.
For reference: Enable and manage Azure Storage Analytics logs (classic) | Microsoft Docs,https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings-policy
there is an option to create a custom policy for each Proxy Resource (blob, queue, file, table) under storage accounts that exist, each proxy resource Type under a storage account that exists will have a specific namespace that you can leverage and create the custom policy for that following the same process. refer - https://aka.ms/AzPolicyScripts and https://aka.ms/AzPolicyPipeline that will make it easier for Storage Accounts.
Kindly note that each Azure resource type has a unique set of categories listed in the diagnostic settings. Each resource type therefore requires a separate policy definition. Some resource types have built-in policy definitions that you can assign without modification. For other resource types, you can create a custom definition.
For list of the built-in policy definitions for resource types you have listed in your policy, you can refer this document.
For resource types that don't have a built-in policy, you need to create a custom policy definition. You could do create a new policy manually in the Azure portal by copying an existing built-in policy and then modifying it for your resource type.
Similar thread for reference - https://stackoverflow.com/questions/67828278/enabling-diagnostic-settings-for-azure-storage-account-using-powershell.
Thank you for sharing your custom policy configuration. It looks good and please check the below key points to resolve the issue,
- Field Type: Ensure the field type for Blob Services is correctly specified as "Microsoft.Storage/storageAccounts/blobServices".
- Existence Condition: The existence Condition checks for the specific log categories and their enabled status.
Ensure the policy specifically targets the Blob Service and checks for the required diagnostic settings.
Try applying this revised policy and see if it meets your requirement. If you still encounter any issues, please revert with the error details.
Hope this answer helps! please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.