Internal Server Error for deploying Vnet Flow Logs with Traffic Analytics

Jay 86 Reputation points
2024-08-09T04:26:35.6466667+00:00

Trying to deploy the new Azure VNET Flow Logs with traffic analytics, however, not able to succeed so far. I have attempted azure policy, azure cli,portal manually, and REST API all are failing with the internal server error


{

  "name": "vnetflowlog",

  "properties": {

    "targetResourceId": "...../vnet-01",

    "storageId": "...flowsa01",

    "enabled": true,

    "flowAnalyticsConfiguration": {

      "networkWatcherFlowAnalyticsConfiguration": {

        "enabled": true,

        "workspaceId": "310dfd4a-1137-4a05-8130-abde",

        "workspaceRegion": "eastus2",

        "workspaceResourceId": ".../abcdef",

        "trafficAnalyticsInterval": 60

      }

    },

    "retentionPolicy": {

      "days": 7,

      "enabled": true

    },

    "format": {

      "type": "JSON",

      "version": 2

    }

  },

  "type": "Microsoft.Network/networkWatchers/flowLogs",

  "location": "eastus2",

}

It failed with the below error always

  "content": {

    "status": "Failed",

    "error": {

      "code": "InternalServerError",

      "message": "An error occurred.",

      "details": []

    }

  }


and makes the provisioningState to Failure If i just removed or make the networkWatcherFlowAnalyticsConfiguration.enabled to false its working fine. So, is there anyone able to successfully deploy the vent flow logs with traffic analytics enabled without having such an error? Let me know If I'm making any mistake in my deployment

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,552 questions
{count} votes

2 answers

Sort by: Most helpful
  1. KapilAnanth-MSFT 47,646 Reputation points Microsoft Employee
    2024-08-09T11:36:08.4466667+00:00

    @Jay ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    Unfortunately, I am unable to repo the issue.

    If the issue persists,

    • Did you try with different user accounts?
    • Did you try to use a different VNET/Subnet (for testing)?
    • May I ask the region you are trying to create a VNET Flow Log
      • Can you try to use a different region(for testing)?

    Cheers,

    Kapil


  2. Jay 86 Reputation points
    2024-11-25T15:06:11.0633333+00:00

    After a deeper investigation I have found that the reason for this error is due the policy enforcement that we deployed for tag compliance

    So whenever we create a vnet flow logs with traffic analytics its internaly creating two new resources called dataCollectionEndpoints and dataCollectionRules. This resource is not having the proper tags which getting the cause of the entire flow log to fail .

    Update

    After i tried to pass the tags for vnet flow logs but still it getting failed this is because the tag that i passed during vnetflow logs is not inherited by the 2 resources (dataCollectionRules and dataCollectionEndpoints) so the only way this to work by updating the policy definition to allow these resources with specific naming pattern as the names always starts with NWTA-* i hope ms will not change this naming pattern in the backend :)

    Sample Policy Def

    {
      "mode": "Indexed",
      "policyRule": {
        "if": {
          "allOf": [
            {
              "anyOf": [
                {
                  "allOf": [
    							{
                    "field": "type",
                    "in": [
                      "Microsoft.Insights/dataCollectionEndpoints",
                      "Microsoft.Insights/dataCollectionRules"
                    ]
                  },
                    {
                      "field": "name",
                      "notContains": "NWTA-"
                    },
                    {
                      "field": "[concat('tags[', parameters('tagName'), ']')]",
                      "exists": "false"
                    }
                  ]
                },
                {
                  "allOf": [
                  {
                    "field": "type",
                    "notIn": [
                      "Microsoft.Insights/dataCollectionEndpoints",
                      "Microsoft.Insights/dataCollectionRules"
                    ]
                  },
                    {
                      "field": "[concat('tags[', parameters('tagName'), ']')]",
                      "exists": "false"
                    }
                  ]
                }
              ]
            }
          ]
        },
        "then": {
          "effect": "deny"
        }
      }
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.