Microsoft.Network networkWatchers/flowLogs

Bicep resource definition

The networkWatchers/flowLogs resource type can be deployed to:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/networkWatchers/flowLogs@2022-05-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  parent: resourceSymbolicName
  properties: {
    enabled: bool
    flowAnalyticsConfiguration: {
      networkWatcherFlowAnalyticsConfiguration: {
        enabled: bool
        trafficAnalyticsInterval: int
        workspaceId: 'string'
        workspaceRegion: 'string'
        workspaceResourceId: 'string'
      }
    }
    format: {
      type: 'JSON'
      version: int
    }
    retentionPolicy: {
      days: int
      enabled: bool
    }
    storageId: 'string'
    targetResourceId: 'string'
  }
}

Property values

networkWatchers/flowLogs

Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.
string (required)
location Resource location. string
tags Resource tags. Dictionary of tag names and values. See Tags in templates
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: networkWatchers
properties Properties of the flow log. FlowLogPropertiesFormat

FlowLogPropertiesFormat

Name Description Value
enabled Flag to enable/disable flow logging. bool
flowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsProperties
format Parameters that define the flow log format. FlowLogFormatParameters
retentionPolicy Parameters that define the retention policy for flow log. RetentionPolicyParameters
storageId ID of the storage account which is used to store the flow log. string (required)
targetResourceId ID of network security group to which flow log will be applied. string (required)

TrafficAnalyticsProperties

Name Description Value
networkWatcherFlowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsConfigurationProperties

TrafficAnalyticsConfigurationProperties

Name Description Value
enabled Flag to enable/disable traffic analytics. bool
trafficAnalyticsInterval The interval in minutes which would decide how frequently TA service should do flow analytics. int
workspaceId The resource guid of the attached workspace. string
workspaceRegion The location of the attached workspace. string
workspaceResourceId Resource Id of the attached workspace. string

FlowLogFormatParameters

Name Description Value
type The file type of flow log. 'JSON'
version The version (revision) of the flow log. int

RetentionPolicyParameters

Name Description Value
days Number of days to retain flow log records. int
enabled Flag to enable/disable retention. bool

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Enable NSG Flow Logs

Deploy to Azure
This template create an NSG Flow Logs resource
NSG Flow Logs with traffic analytics

Deploy to Azure
This template creates a NSG Flow log on an existing NSG with traffic analytics

ARM template resource definition

The networkWatchers/flowLogs resource type can be deployed to:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/networkWatchers/flowLogs",
  "apiVersion": "2022-05-01",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "properties": {
    "enabled": "bool",
    "flowAnalyticsConfiguration": {
      "networkWatcherFlowAnalyticsConfiguration": {
        "enabled": "bool",
        "trafficAnalyticsInterval": "int",
        "workspaceId": "string",
        "workspaceRegion": "string",
        "workspaceResourceId": "string"
      }
    },
    "format": {
      "type": "JSON",
      "version": "int"
    },
    "retentionPolicy": {
      "days": "int",
      "enabled": "bool"
    },
    "storageId": "string",
    "targetResourceId": "string"
  }
}

Property values

networkWatchers/flowLogs

Name Description Value
type The resource type 'Microsoft.Network/networkWatchers/flowLogs'
apiVersion The resource api version '2022-05-01'
name The resource name

See how to set names and types for child resources in JSON ARM templates.
string (required)
location Resource location. string
tags Resource tags. Dictionary of tag names and values. See Tags in templates
properties Properties of the flow log. FlowLogPropertiesFormat

FlowLogPropertiesFormat

Name Description Value
enabled Flag to enable/disable flow logging. bool
flowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsProperties
format Parameters that define the flow log format. FlowLogFormatParameters
retentionPolicy Parameters that define the retention policy for flow log. RetentionPolicyParameters
storageId ID of the storage account which is used to store the flow log. string (required)
targetResourceId ID of network security group to which flow log will be applied. string (required)

TrafficAnalyticsProperties

Name Description Value
networkWatcherFlowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsConfigurationProperties

TrafficAnalyticsConfigurationProperties

Name Description Value
enabled Flag to enable/disable traffic analytics. bool
trafficAnalyticsInterval The interval in minutes which would decide how frequently TA service should do flow analytics. int
workspaceId The resource guid of the attached workspace. string
workspaceRegion The location of the attached workspace. string
workspaceResourceId Resource Id of the attached workspace. string

FlowLogFormatParameters

Name Description Value
type The file type of flow log. 'JSON'
version The version (revision) of the flow log. int

RetentionPolicyParameters

Name Description Value
days Number of days to retain flow log records. int
enabled Flag to enable/disable retention. bool

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Enable NSG Flow Logs

Deploy to Azure
This template create an NSG Flow Logs resource
NSG Flow Logs with traffic analytics

Deploy to Azure
This template creates a NSG Flow log on an existing NSG with traffic analytics

Terraform (AzAPI provider) resource definition

The networkWatchers/flowLogs resource type can be deployed to:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/networkWatchers/flowLogs@2022-05-01"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      enabled = bool
      flowAnalyticsConfiguration = {
        networkWatcherFlowAnalyticsConfiguration = {
          enabled = bool
          trafficAnalyticsInterval = int
          workspaceId = "string"
          workspaceRegion = "string"
          workspaceResourceId = "string"
        }
      }
      format = {
        type = "JSON"
        version = int
      }
      retentionPolicy = {
        days = int
        enabled = bool
      }
      storageId = "string"
      targetResourceId = "string"
    }
  })
}

Property values

networkWatchers/flowLogs

Name Description Value
type The resource type "Microsoft.Network/networkWatchers/flowLogs@2022-05-01"
name The resource name string (required)
location Resource location. string
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: networkWatchers
tags Resource tags. Dictionary of tag names and values.
properties Properties of the flow log. FlowLogPropertiesFormat

FlowLogPropertiesFormat

Name Description Value
enabled Flag to enable/disable flow logging. bool
flowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsProperties
format Parameters that define the flow log format. FlowLogFormatParameters
retentionPolicy Parameters that define the retention policy for flow log. RetentionPolicyParameters
storageId ID of the storage account which is used to store the flow log. string (required)
targetResourceId ID of network security group to which flow log will be applied. string (required)

TrafficAnalyticsProperties

Name Description Value
networkWatcherFlowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsConfigurationProperties

TrafficAnalyticsConfigurationProperties

Name Description Value
enabled Flag to enable/disable traffic analytics. bool
trafficAnalyticsInterval The interval in minutes which would decide how frequently TA service should do flow analytics. int
workspaceId The resource guid of the attached workspace. string
workspaceRegion The location of the attached workspace. string
workspaceResourceId Resource Id of the attached workspace. string

FlowLogFormatParameters

Name Description Value
type The file type of flow log. "JSON"
version The version (revision) of the flow log. int

RetentionPolicyParameters

Name Description Value
days Number of days to retain flow log records. int
enabled Flag to enable/disable retention. bool