Microsoft.Network networkWatchers/flowLogs

Bicep resource definition

The networkWatchers/flowLogs resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/networkWatchers/flowLogs@2024-05-01' = {
  parent: resourceSymbolicName
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    enabled: bool
    enabledFilteringCriteria: 'string'
    flowAnalyticsConfiguration: {
      networkWatcherFlowAnalyticsConfiguration: {
        enabled: bool
        trafficAnalyticsInterval: int
        workspaceId: 'string'
        workspaceRegion: 'string'
        workspaceResourceId: 'string'
      }
    }
    format: {
      type: 'string'
      version: int
    }
    retentionPolicy: {
      days: int
      enabled: bool
    }
    storageId: 'string'
    targetResourceId: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

FlowLogFormatParameters

Name Description Value
type The file type of flow log. 'JSON'
version The version (revision) of the flow log. int

FlowLogPropertiesFormat

Name Description Value
enabled Flag to enable/disable flow logging. bool
enabledFilteringCriteria Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged. string
flowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsProperties
format Parameters that define the flow log format. FlowLogFormatParameters
retentionPolicy Parameters that define the retention policy for flow log. RetentionPolicyParameters
storageId ID of the storage account which is used to store the flow log. string (required)
targetResourceId ID of network security group to which flow log will be applied. string (required)

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.Network/networkWatchers/flowLogs

Name Description Value
identity FlowLog resource Managed Identity ManagedServiceIdentity
location Resource location. string
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: networkWatchers
properties Properties of the flow log. FlowLogPropertiesFormat
tags Resource tags Dictionary of tag names and values. See Tags in templates

ResourceTags

Name Description Value

RetentionPolicyParameters

Name Description Value
days Number of days to retain flow log records. int
enabled Flag to enable/disable retention. bool

TrafficAnalyticsConfigurationProperties

Name Description Value
enabled Flag to enable/disable traffic analytics. bool
trafficAnalyticsInterval The interval in minutes which would decide how frequently TA service should do flow analytics. int
workspaceId The resource guid of the attached workspace. string
workspaceRegion The location of the attached workspace. string
workspaceResourceId Resource Id of the attached workspace. string

TrafficAnalyticsProperties

Name Description Value
networkWatcherFlowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsConfigurationProperties

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Enable NSG Flow Logs This template create an NSG Flow Logs resource
NSG Flow Logs with traffic analytics This template creates a NSG Flow log on an existing NSG with traffic analytics

ARM template resource definition

The networkWatchers/flowLogs resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/networkWatchers/flowLogs",
  "apiVersion": "2024-05-01",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "enabled": "bool",
    "enabledFilteringCriteria": "string",
    "flowAnalyticsConfiguration": {
      "networkWatcherFlowAnalyticsConfiguration": {
        "enabled": "bool",
        "trafficAnalyticsInterval": "int",
        "workspaceId": "string",
        "workspaceRegion": "string",
        "workspaceResourceId": "string"
      }
    },
    "format": {
      "type": "string",
      "version": "int"
    },
    "retentionPolicy": {
      "days": "int",
      "enabled": "bool"
    },
    "storageId": "string",
    "targetResourceId": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

FlowLogFormatParameters

Name Description Value
type The file type of flow log. 'JSON'
version The version (revision) of the flow log. int

FlowLogPropertiesFormat

Name Description Value
enabled Flag to enable/disable flow logging. bool
enabledFilteringCriteria Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged. string
flowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsProperties
format Parameters that define the flow log format. FlowLogFormatParameters
retentionPolicy Parameters that define the retention policy for flow log. RetentionPolicyParameters
storageId ID of the storage account which is used to store the flow log. string (required)
targetResourceId ID of network security group to which flow log will be applied. string (required)

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.Network/networkWatchers/flowLogs

Name Description Value
apiVersion The api version '2024-05-01'
identity FlowLog resource Managed Identity ManagedServiceIdentity
location Resource location. string
name The resource name string (required)
properties Properties of the flow log. FlowLogPropertiesFormat
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Network/networkWatchers/flowLogs'

ResourceTags

Name Description Value

RetentionPolicyParameters

Name Description Value
days Number of days to retain flow log records. int
enabled Flag to enable/disable retention. bool

TrafficAnalyticsConfigurationProperties

Name Description Value
enabled Flag to enable/disable traffic analytics. bool
trafficAnalyticsInterval The interval in minutes which would decide how frequently TA service should do flow analytics. int
workspaceId The resource guid of the attached workspace. string
workspaceRegion The location of the attached workspace. string
workspaceResourceId Resource Id of the attached workspace. string

TrafficAnalyticsProperties

Name Description Value
networkWatcherFlowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsConfigurationProperties

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Enable NSG Flow Logs

Deploy to Azure
This template create an NSG Flow Logs resource
NSG Flow Logs with traffic analytics

Deploy to Azure
This template creates a NSG Flow log on an existing NSG with traffic analytics

Terraform (AzAPI provider) resource definition

The networkWatchers/flowLogs resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/networkWatchers/flowLogs@2024-05-01"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      enabled = bool
      enabledFilteringCriteria = "string"
      flowAnalyticsConfiguration = {
        networkWatcherFlowAnalyticsConfiguration = {
          enabled = bool
          trafficAnalyticsInterval = int
          workspaceId = "string"
          workspaceRegion = "string"
          workspaceResourceId = "string"
        }
      }
      format = {
        type = "string"
        version = int
      }
      retentionPolicy = {
        days = int
        enabled = bool
      }
      storageId = "string"
      targetResourceId = "string"
    }
  })
}

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

FlowLogFormatParameters

Name Description Value
type The file type of flow log. 'JSON'
version The version (revision) of the flow log. int

FlowLogPropertiesFormat

Name Description Value
enabled Flag to enable/disable flow logging. bool
enabledFilteringCriteria Optional field to filter network traffic logs based on SrcIP, SrcPort, DstIP, DstPort, Protocol, Encryption, Direction and Action. If not specified, all network traffic will be logged. string
flowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsProperties
format Parameters that define the flow log format. FlowLogFormatParameters
retentionPolicy Parameters that define the retention policy for flow log. RetentionPolicyParameters
storageId ID of the storage account which is used to store the flow log. string (required)
targetResourceId ID of network security group to which flow log will be applied. string (required)

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.Network/networkWatchers/flowLogs

Name Description Value
identity FlowLog resource Managed Identity ManagedServiceIdentity
location Resource location. string
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: networkWatchers
properties Properties of the flow log. FlowLogPropertiesFormat
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Network/networkWatchers/flowLogs@2024-05-01"

ResourceTags

Name Description Value

RetentionPolicyParameters

Name Description Value
days Number of days to retain flow log records. int
enabled Flag to enable/disable retention. bool

TrafficAnalyticsConfigurationProperties

Name Description Value
enabled Flag to enable/disable traffic analytics. bool
trafficAnalyticsInterval The interval in minutes which would decide how frequently TA service should do flow analytics. int
workspaceId The resource guid of the attached workspace. string
workspaceRegion The location of the attached workspace. string
workspaceResourceId Resource Id of the attached workspace. string

TrafficAnalyticsProperties

Name Description Value
networkWatcherFlowAnalyticsConfiguration Parameters that define the configuration of traffic analytics. TrafficAnalyticsConfigurationProperties