Skip to content

Commit 16eb5eb

Browse files
PRMerger19PRMerger19
authored
Merge pull request #112443 from damendo/patch-2
Adding FLow logs v2 support
2 parents 7612bc8 + 89201b8 commit 16eb5eb

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

articles/network-watcher/network-watcher-nsg-grafana.md

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,6 @@ ms.author: damendo
2222

2323
[Network Security Group (NSG) flow logs](network-watcher-nsg-flow-logging-overview.md) provide information that can be used to understand ingress and egress IP traffic on network interfaces. These flow logs show outbound and inbound flows on a per NSG rule basis, the NIC the flow applies to, 5-tuple information about the flow (Source/Destination IP, Source/Destination Port, Protocol), and if the traffic was allowed or denied.
2424

25-
> [!Warning]
26-
> The following steps work with flow logs version 1. For details, see [Introduction to flow logging for network security groups](network-watcher-nsg-flow-logging-overview.md). The following instructions will not work with version 2 of the log files, without modification.
27-
2825
You can have many NSGs in your network with flow logging enabled. This amount of logging data makes it cumbersome to parse and gain insights from your logs. This article provides a solution to centrally manage these NSG flow logs using Grafana, an open source graphing tool, ElasticSearch, a distributed search and analytics engine, and Logstash, which is an open source server-side data processing pipeline.
2926

3027
## Scenario
@@ -104,6 +101,11 @@ You use Logstash to flatten the JSON formatted flow logs to a flow tuple level.
104101
"protocol" => "%{[records][properties][flows][flows][flowTuples][5]}"
105102
"trafficflow" => "%{[records][properties][flows][flows][flowTuples][6]}"
106103
"traffic" => "%{[records][properties][flows][flows][flowTuples][7]}"
104+
"flowstate" => "%{[records][properties][flows][flows][flowTuples][8]}"
105+
"packetsSourceToDest" => "%{[records][properties][flows][flows][flowTuples][9]}"
106+
"bytesSentSourceToDest" => "%{[records][properties][flows][flows][flowTuples][10]}"
107+
"packetsDestToSource" => "%{[records][properties][flows][flows][flowTuples][11]}"
108+
"bytesSentDestToSource" => "%{[records][properties][flows][flows][flowTuples][12]}"
107109
}
108110
add_field => {
109111
"time" => "%{[records][time]}"

0 commit comments

Comments
 (0)