azure firewall logs not showing

Question

when I'm running azure firewall logs i get message like this

'parse' operator: Failed to resolve scalar expression named 'msg_s' Request id: 96c34b02-3935-49f2-978f-db9cc5d7dcf9

also i don't get any logs from azure firewall

Answer 1

@Rijo Joy thank you for the question and apologies for the delayed response.

Please find below the response to your questions/suggestions to troubleshoot this issue if you are still facing this issue:

1. No logs in AZFWFlowTrace table - The query used in the screenshot contains a filter operation - | where Flag == "INVALID". This would basically filter the output to only contain the entries for which the Flag is not invalid. I would suggest removing this filter and seeing if you are getting some result. You could use the query below for test to ensure that the logs are flowing in LA workspace:

      AZFWFlowTrace
      | order by TimeGenerated desc
      | take 10
   

2. 'parse' operator: Failed to resolve scalar expression named 'msg_s' - The exact query using this operator is not listed in the question. I would suggest reviewing the document of parse operator for details of its usage here - parse operator.

Hope this helps.

If the answer did not help, please add more context/follow-up question for it for example the exact query being used, sample content of "msg_s" column. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.