Microsoft.Network networkWatchers/flowLogs
Bicep resource definition
The networkWatchers/flowLogs resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/networkWatchers/flowLogs@2023-11-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
parent: resourceSymbolicName
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
properties: {
enabled: bool
flowAnalyticsConfiguration: {
networkWatcherFlowAnalyticsConfiguration: {
enabled: bool
trafficAnalyticsInterval: int
workspaceId: 'string'
workspaceRegion: 'string'
workspaceResourceId: 'string'
}
}
format: {
type: 'JSON'
version: int
}
retentionPolicy: {
days: int
enabled: bool
}
storageId: 'string'
targetResourceId: 'string'
}
}
Property values
networkWatchers/flowLogs
Name | Description | Value |
---|---|---|
name | The resource name See how to set names and types for child resources in Bicep. |
string (required) |
location | Resource location. | string |
tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: networkWatchers |
identity | FlowLog resource Managed Identity | ManagedServiceIdentity |
properties | Properties of the flow log. | FlowLogPropertiesFormat |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | Components1Jq1T4ISchemasManagedserviceidentityProper... |
Components1Jq1T4ISchemasManagedserviceidentityProper...
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
FlowLogPropertiesFormat
Name | Description | Value |
---|---|---|
enabled | Flag to enable/disable flow logging. | bool |
flowAnalyticsConfiguration | Parameters that define the configuration of traffic analytics. | TrafficAnalyticsProperties |
format | Parameters that define the flow log format. | FlowLogFormatParameters |
retentionPolicy | Parameters that define the retention policy for flow log. | RetentionPolicyParameters |
storageId | ID of the storage account which is used to store the flow log. | string (required) |
targetResourceId | ID of network security group to which flow log will be applied. | string (required) |
TrafficAnalyticsProperties
Name | Description | Value |
---|---|---|
networkWatcherFlowAnalyticsConfiguration | Parameters that define the configuration of traffic analytics. | TrafficAnalyticsConfigurationProperties |
TrafficAnalyticsConfigurationProperties
Name | Description | Value |
---|---|---|
enabled | Flag to enable/disable traffic analytics. | bool |
trafficAnalyticsInterval | The interval in minutes which would decide how frequently TA service should do flow analytics. | int |
workspaceId | The resource guid of the attached workspace. | string |
workspaceRegion | The location of the attached workspace. | string |
workspaceResourceId | Resource Id of the attached workspace. | string |
FlowLogFormatParameters
Name | Description | Value |
---|---|---|
type | The file type of flow log. | 'JSON' |
version | The version (revision) of the flow log. | int |
RetentionPolicyParameters
Name | Description | Value |
---|---|---|
days | Number of days to retain flow log records. | int |
enabled | Flag to enable/disable retention. | bool |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Enable NSG Flow Logs |
This template create an NSG Flow Logs resource |
NSG Flow Logs with traffic analytics |
This template creates a NSG Flow log on an existing NSG with traffic analytics |
ARM template resource definition
The networkWatchers/flowLogs resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following JSON to your template.
{
"type": "Microsoft.Network/networkWatchers/flowLogs",
"apiVersion": "2023-11-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {}
}
},
"properties": {
"enabled": "bool",
"flowAnalyticsConfiguration": {
"networkWatcherFlowAnalyticsConfiguration": {
"enabled": "bool",
"trafficAnalyticsInterval": "int",
"workspaceId": "string",
"workspaceRegion": "string",
"workspaceResourceId": "string"
}
},
"format": {
"type": "JSON",
"version": "int"
},
"retentionPolicy": {
"days": "int",
"enabled": "bool"
},
"storageId": "string",
"targetResourceId": "string"
}
}
Property values
networkWatchers/flowLogs
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Network/networkWatchers/flowLogs' |
apiVersion | The resource api version | '2023-11-01' |
name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) |
location | Resource location. | string |
tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
identity | FlowLog resource Managed Identity | ManagedServiceIdentity |
properties | Properties of the flow log. | FlowLogPropertiesFormat |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | Components1Jq1T4ISchemasManagedserviceidentityProper... |
Components1Jq1T4ISchemasManagedserviceidentityProper...
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
FlowLogPropertiesFormat
Name | Description | Value |
---|---|---|
enabled | Flag to enable/disable flow logging. | bool |
flowAnalyticsConfiguration | Parameters that define the configuration of traffic analytics. | TrafficAnalyticsProperties |
format | Parameters that define the flow log format. | FlowLogFormatParameters |
retentionPolicy | Parameters that define the retention policy for flow log. | RetentionPolicyParameters |
storageId | ID of the storage account which is used to store the flow log. | string (required) |
targetResourceId | ID of network security group to which flow log will be applied. | string (required) |
TrafficAnalyticsProperties
Name | Description | Value |
---|---|---|
networkWatcherFlowAnalyticsConfiguration | Parameters that define the configuration of traffic analytics. | TrafficAnalyticsConfigurationProperties |
TrafficAnalyticsConfigurationProperties
Name | Description | Value |
---|---|---|
enabled | Flag to enable/disable traffic analytics. | bool |
trafficAnalyticsInterval | The interval in minutes which would decide how frequently TA service should do flow analytics. | int |
workspaceId | The resource guid of the attached workspace. | string |
workspaceRegion | The location of the attached workspace. | string |
workspaceResourceId | Resource Id of the attached workspace. | string |
FlowLogFormatParameters
Name | Description | Value |
---|---|---|
type | The file type of flow log. | 'JSON' |
version | The version (revision) of the flow log. | int |
RetentionPolicyParameters
Name | Description | Value |
---|---|---|
days | Number of days to retain flow log records. | int |
enabled | Flag to enable/disable retention. | bool |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Enable NSG Flow Logs |
This template create an NSG Flow Logs resource |
NSG Flow Logs with traffic analytics |
This template creates a NSG Flow log on an existing NSG with traffic analytics |
Terraform (AzAPI provider) resource definition
The networkWatchers/flowLogs resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/networkWatchers/flowLogs@2023-11-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
enabled = bool
flowAnalyticsConfiguration = {
networkWatcherFlowAnalyticsConfiguration = {
enabled = bool
trafficAnalyticsInterval = int
workspaceId = "string"
workspaceRegion = "string"
workspaceResourceId = "string"
}
}
format = {
type = "JSON"
version = int
}
retentionPolicy = {
days = int
enabled = bool
}
storageId = "string"
targetResourceId = "string"
}
})
}
Property values
networkWatchers/flowLogs
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.Network/networkWatchers/flowLogs@2023-11-01" |
name | The resource name | string (required) |
location | Resource location. | string |
parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: networkWatchers |
tags | Resource tags. | Dictionary of tag names and values. |
identity | FlowLog resource Managed Identity | ManagedServiceIdentity |
properties | Properties of the flow log. | FlowLogPropertiesFormat |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | "SystemAssigned" "SystemAssigned, UserAssigned" "UserAssigned" |
identity_ids | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | Array of user identity IDs. |
ManagedServiceIdentityUserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | Components1Jq1T4ISchemasManagedserviceidentityProper... |
Components1Jq1T4ISchemasManagedserviceidentityProper...
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
FlowLogPropertiesFormat
Name | Description | Value |
---|---|---|
enabled | Flag to enable/disable flow logging. | bool |
flowAnalyticsConfiguration | Parameters that define the configuration of traffic analytics. | TrafficAnalyticsProperties |
format | Parameters that define the flow log format. | FlowLogFormatParameters |
retentionPolicy | Parameters that define the retention policy for flow log. | RetentionPolicyParameters |
storageId | ID of the storage account which is used to store the flow log. | string (required) |
targetResourceId | ID of network security group to which flow log will be applied. | string (required) |
TrafficAnalyticsProperties
Name | Description | Value |
---|---|---|
networkWatcherFlowAnalyticsConfiguration | Parameters that define the configuration of traffic analytics. | TrafficAnalyticsConfigurationProperties |
TrafficAnalyticsConfigurationProperties
Name | Description | Value |
---|---|---|
enabled | Flag to enable/disable traffic analytics. | bool |
trafficAnalyticsInterval | The interval in minutes which would decide how frequently TA service should do flow analytics. | int |
workspaceId | The resource guid of the attached workspace. | string |
workspaceRegion | The location of the attached workspace. | string |
workspaceResourceId | Resource Id of the attached workspace. | string |
FlowLogFormatParameters
Name | Description | Value |
---|---|---|
type | The file type of flow log. | "JSON" |
version | The version (revision) of the flow log. | int |
RetentionPolicyParameters
Name | Description | Value |
---|---|---|
days | Number of days to retain flow log records. | int |
enabled | Flag to enable/disable retention. | bool |
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for