Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
158 questions
How to resolve the following error for creating Azure NSG flow log with Traffic Analytics
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 63%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Murali R
205
Reputation points
Hi Team,
Receiving the following error while deploying NSG flow log with Traffic Analytics through BICEP template
##[error]Deployment template validation failed: 'The template resource '[format('{0}/Microsoft.Network{1}{2}', parameters('networkWatcherNames')[range(0, length(parameters('nsgIds')))[copyIndex()]], parameters('nsgRgNames')[range(0, length(parameters('nsgIds')))[copyIndex()]], parameters('nsgNames')[range(0, length(parameters('nsgIds')))[copyIndex()]])]' at line '1' and column '924' is not valid: The language expression property array index '3' is out of bounds..
Below is the BICEP template that iam trying to deploy. I see the error is caused due to Network Watcher and location parameters being an array. I have also tried modifying the below BICEP template where i have used those parameter name as string and the deployment was successful.
Please note that the networkWatcherNames and locations belong to NetworkWatcherRG and the rest of the parameters belong to NetworkSecurityGroupRG.
Iam trying to achieve Single BICEP template where i can use Single RG or multiple RG deployment also. Kindly help me with the error. Also i would like to know whether this requirement (having all the parameters as an array) is achievable.
param nsgRgNames array = [] // Your actual values
param nsgIds array = [] // Your actual values
param nsgNames array = [] // Your actual values
param networkWatcherNames array = [] // This is now an array of Network Watcher names
param locations array = [] // This is now an array of locations
param storageIds array = [] // This is now an array of storage account IDs
@description('Log analytics workspace resource Guid')
param workspaceId string = '' // Your actual value
@description('Log analytics workspace region')
param workspaceRegion string = '' // Your actual value
@description('Log analytics workspace resource id')
param workspaceResourceId string = '' // Your actual value
resource flowLogs 'Microsoft.Network/networkWatchers/flowLogs@2020-11-01' = [for i in range(0, length(nsgIds)): {
name: '${i < length(networkWatcherNames) ? networkWatcherNames[i] : networkWatcherNames[0]}/Microsoft.Network${nsgRgNames[i]}${nsgNames[i]}'
location: i < length(locations) ? locations[i] : locations[0]
properties: {
targetResourceId: nsgIds[i]
storageId: storageIds[i]
enabled: true
format: {
type: 'JSON'
version: 2
}
retentionPolicy: {
days: 0
enabled: true
}
flowAnalyticsConfiguration: {
networkWatcherFlowAnalyticsConfiguration: {
enabled: true
workspaceId: workspaceId
workspaceRegion: workspaceRegion
workspaceResourceId: workspaceResourceId
}
}
tags: {
'nsgRgName': nsgRgNames[i]
}
}
}]
{count} votes
-
KapilAnanth-MSFT 35,246 Reputation points Microsoft Employee2023-12-22T10:34:10.2833333+00:00 Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
The script looks correct only.
Can you try the below 2 and let me know if that works,
- You can just use "networkWatcherNames[i]" instead of ternary operator.
- Please try removing the ternary operators at networkWatcherNames and location and give it a try.
- Can you try to run the script for only one Loop.
i.e, use networkWatcherNames[0] and locations[0]
Cheers,
Kapil
- You can just use "networkWatcherNames[i]" instead of ternary operator.
-
Murali R 205 Reputation points
2023-12-22T13:27:46.0333333+00:00 Hi Still receiving out of bound errors after modifying the BICEP template as per your suggestion.
##[error]Deployment template validation failed: 'The template resource '[format('{0}/Microsoft.Network{1}{2}', parameters('networkWatcherNames')[range(0, length(parameters('nsgIds')))[copyIndex()]], parameters('nsgRgNames')[range(0, length(parameters('nsgIds')))[copyIndex()]], parameters('nsgNames')[range(0, length(parameters('nsgIds')))[copyIndex()]])]' at line '1' and column '932' is not valid: The language expression property array index '3' is out of bounds.. Please see https://aka.ms/arm-functions for usage details.'.Below is the modified BICEP
param nsgRgNames array = [] // Your actual values param nsgIds array = [] // Your actual values param nsgNames array = [] // Your actual values param networkWatcherNames array = [] // This is now an array of Network Watcher names param locations array = [] // This is now an array of locations param storageAccountIds array = [] // This is now an array of storage account IDs @description('Log analytics workspace resource Guid') param workspaceId string = '' // Your actual value @description('Log analytics workspace region') param workspaceRegion string = '' // Your actual value @description('Log analytics workspace resource id') param workspaceResourceId string = '' // Your actual value resource flowLogs 'Microsoft.Network/networkWatchers/flowLogs@2020-11-01' = [for i in range(0, length(nsgIds)): { name: '${networkWatcherNames[i]}/Microsoft.Network${nsgRgNames[i]}${nsgNames[i]}' location: locations[0] properties: { targetResourceId: nsgIds[i] storageId: storageAccountIds[i] enabled: true format: { type: 'JSON' version: 2 } retentionPolicy: { days: 0 enabled: true } flowAnalyticsConfiguration: { networkWatcherFlowAnalyticsConfiguration: { enabled: true workspaceId: workspaceId workspaceRegion: workspaceRegion workspaceResourceId: workspaceResourceId } } } }] -
Murali R 205 Reputation points
2023-12-22T13:30:56.84+00:00 Hi @KapilAnanth-MSFT Also to add iam using Powershell script to collect the value of existing NSG and storageId. Below is the script FYR. When i run this locally iam receiving correct output
param ( $FilePath, $ResourceGroupNames, $networkWatcherNames, $locations, $workspaceRegion, $workspaceResourceId, $workspaceId ) # Convert the comma-separated strings to arrays $ResourceGroupNames = $ResourceGroupNames -split ',' $networkWatcherNames = $networkWatcherNames -split ',' $locations = $locations -split ',' $nsgIds = @() $nsgNames = @() $nsgRgNames = @() $storageAccountIds = @() # Iterate over each RG for ($i=0; $i -lt $ResourceGroupNames.Length; $i++) { # Get all NSGs in the RG $nsgs = Get-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroupNames[$i] foreach ($nsg in $nsgs) { $nsgIds += $nsg.Id $nsgNames += $nsg.Name $nsgRgNames += $nsg.ResourceGroupName } # Get all storage accounts in the current resource group $storageAccount = Get-AzStorageAccount -ResourceGroupName $ResourceGroupNames[$i] | Select-Object -First 1 # Extract the Storage ID $storageAccountIds += $storageAccount.Id } $data = @{ "`$schema" = "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#" "contentVersion" = "1.0.0.0" "parameters" = @{ "nsgIds" = @{ "value" = $nsgIds } "nsgNames" = @{ "value" = $nsgNames } "nsgRgNames" = @{ "value" = $nsgRgNames } "networkWatcherNames" = @{ "value" = $networkWatcherNames } "locations" = @{ "value" = $locations } "workspaceRegion" = @{ "value" = $workspaceRegion } "workspaceResourceId" = @{ "value" = $workspaceResourceId } "workspaceId" = @{ "value" = $workspaceId } "storageAccountIds" = @{ "value" = $storageAccountIds } } } $data | ConvertTo-Json -Depth 100 | Out-File -FilePath $FilePath -
KapilAnanth-MSFT 35,246 Reputation points Microsoft Employee
2023-12-26T04:42:40.2066667+00:00 To troubleshoot further, I think we will need a specialized 1:1 session, where a support engineer can pinpoint the issue.
If you have a support plan you may file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.
Cheers,
Kapil
-
Murali R 205 Reputation points
2023-12-27T11:41:15.16+00:00 HI @KapilAnanth-MSFT Thanks for the suggestion. Let me raise the Support ticket and work with them. Also, if i get any solution for my requirement, let me update in this forum accordingly.
-
KapilAnanth-MSFT 35,246 Reputation points Microsoft Employee
2023-12-29T04:54:43.13+00:00
Sign in to comment