Merge pull request #285801 from halkazwini/nw-nsgflow

prmerger-automator[bot] · web-flow · commit 1d12fff518c2 · 2024-08-29T12:47:55.000Z
SFI (IPs and SystemIDs)
diff --git a/articles/network-watcher/nsg-flow-logs-overview.md b/articles/network-watcher/nsg-flow-logs-overview.md
@@ -6,7 +6,7 @@ author: halkazwini
 ms.author: halkazwini
 ms.service: azure-network-watcher
 ms.topic: concept-article
-ms.date: 02/15/2024
+ms.date: 08/29/2024
 
 #CustomerIntent: As an Azure administrator, I want to learn about NSG flow logs so that I can log my network traffic to analyze and optimize the network performance.
 ---
@@ -121,7 +121,7 @@ Here's an example format of a version 1 NSG flow log:
     "records": [
         {
             "time": "2017-02-16T22:00:32.8950000Z",
-            "systemId": "2c002c16-72f3-4dc5-b391-3444c3527434",
+            "systemId": "55ff55ff-aa66-bb77-cc88-99dd99dd99dd",
             "category": "NetworkSecurityGroupFlowEvent",
             "resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",
             "operationName": "NetworkSecurityGroupFlowEvents",
@@ -134,7 +134,7 @@ Here's an example format of a version 1 NSG flow log:
                             {
                                 "mac": "000D3AF8801A",
                                 "flowTuples": [
-                                    "1487282421,42.119.146.95,10.1.0.4,51529,5358,T,I,D"
+                                    "1487282421,192.0.2.95,10.1.0.4,51529,5358,T,I,D"
                                 ]
                             }
                         ]
@@ -145,10 +145,10 @@ Here's an example format of a version 1 NSG flow log:
                             {
                                 "mac": "000D3AF8801A",
                                 "flowTuples": [
-                                    "1487282370,163.28.66.17,10.1.0.4,61771,3389,T,I,A",
-                                    "1487282393,5.39.218.34,10.1.0.4,58596,3389,T,I,A",
-                                    "1487282393,91.224.160.154,10.1.0.4,61540,3389,T,I,A",
-                                    "1487282423,13.76.89.229,10.1.0.4,53163,3389,T,I,A"
+                                    "1487282370,192.0.2.17,10.1.0.4,61771,3389,T,I,A",
+                                    "1487282393,203.0.113.34,10.1.0.4,58596,3389,T,I,A",
+                                    "1487282393,192.0.2.154,10.1.0.4,61540,3389,T,I,A",
+                                    "1487282423,203.0.113.229,10.1.0.4,53163,3389,T,I,A"
                                 ]
                             }
                         ]
@@ -158,7 +158,7 @@ Here's an example format of a version 1 NSG flow log:
         },
         {
             "time": "2017-02-16T22:01:32.8960000Z",
-            "systemId": "2c002c16-72f3-4dc5-b391-3444c3527434",
+            "systemId": "55ff55ff-aa66-bb77-cc88-99dd99dd99dd",
             "category": "NetworkSecurityGroupFlowEvent",
             "resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",
             "operationName": "NetworkSecurityGroupFlowEvents",
@@ -171,7 +171,7 @@ Here's an example format of a version 1 NSG flow log:
                             {
                                 "mac": "000D3AF8801A",
                                 "flowTuples": [
-                                    "1487282481,195.78.210.194,10.1.0.4,53,1732,U,I,D"
+                                    "1487282481,198.51.100.194,10.1.0.4,53,1732,U,I,D"
                                 ]
                             }
                         ]
@@ -182,9 +182,9 @@ Here's an example format of a version 1 NSG flow log:
                             {
                                 "mac": "000D3AF8801A",
                                 "flowTuples": [
-                                    "1487282435,61.129.251.68,10.1.0.4,57776,3389,T,I,A",
-                                    "1487282454,84.25.174.170,10.1.0.4,59085,3389,T,I,A",
-                                    "1487282477,77.68.9.50,10.1.0.4,65078,3389,T,I,A"
+                                    "1487282435,198.51.100.68,10.1.0.4,57776,3389,T,I,A",
+                                    "1487282454,203.0.113.170,10.1.0.4,59085,3389,T,I,A",
+                                    "1487282477,192.0.2.50,10.1.0.4,65078,3389,T,I,A"
                                 ]
                             }
                         ]
@@ -196,7 +196,7 @@ Here's an example format of a version 1 NSG flow log:
             "records": [
                 {
                     "time": "2017-02-16T22:00:32.8950000Z",
-                    "systemId": "2c002c16-72f3-4dc5-b391-3444c3527434",
+                    "systemId": "55ff55ff-aa66-bb77-cc88-99dd99dd99dd",
                     "category": "NetworkSecurityGroupFlowEvent",
                     "resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",
                     "operationName": "NetworkSecurityGroupFlowEvents",
@@ -209,7 +209,7 @@ Here's an example format of a version 1 NSG flow log:
                                     {
                                         "mac": "000D3AF8801A",
                                         "flowTuples": [
-                                            "1487282421,42.119.146.95,10.1.0.4,51529,5358,T,I,D"
+                                            "1487282421,192.0.2.95,10.1.0.4,51529,5358,T,I,D"
                                         ]
                                     }
                                 ]
@@ -220,10 +220,10 @@ Here's an example format of a version 1 NSG flow log:
                                     {
                                         "mac": "000D3AF8801A",
                                         "flowTuples": [
-                                            "1487282370,163.28.66.17,10.1.0.4,61771,3389,T,I,A",
-                                            "1487282393,5.39.218.34,10.1.0.4,58596,3389,T,I,A",
-                                            "1487282393,91.224.160.154,10.1.0.4,61540,3389,T,I,A",
-                                            "1487282423,13.76.89.229,10.1.0.4,53163,3389,T,I,A"
+                                            "1487282370,192.0.2.17,10.1.0.4,61771,3389,T,I,A",
+                                            "1487282393,203.0.113.34,10.1.0.4,58596,3389,T,I,A",
+                                            "1487282393,192.0.2.154,10.1.0.4,61540,3389,T,I,A",
+                                            "1487282423,203.0.113.229,10.1.0.4,53163,3389,T,I,A"
                                         ]
                                     }
                                 ]
@@ -233,7 +233,7 @@ Here's an example format of a version 1 NSG flow log:
                 },
                 {
                     "time": "2017-02-16T22:01:32.8960000Z",
-                    "systemId": "2c002c16-72f3-4dc5-b391-3444c3527434",
+                    "systemId": "55ff55ff-aa66-bb77-cc88-99dd99dd99dd",
                     "category": "NetworkSecurityGroupFlowEvent",
                     "resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",
                     "operationName": "NetworkSecurityGroupFlowEvents",
@@ -246,7 +246,7 @@ Here's an example format of a version 1 NSG flow log:
                                     {
                                         "mac": "000D3AF8801A",
                                         "flowTuples": [
-                                            "1487282481,195.78.210.194,10.1.0.4,53,1732,U,I,D"
+                                            "1487282481,198.51.100.194,10.1.0.4,53,1732,U,I,D"
                                         ]
                                     }
                                 ]
@@ -257,9 +257,9 @@ Here's an example format of a version 1 NSG flow log:
                                     {
                                         "mac": "000D3AF8801A",
                                         "flowTuples": [
-                                            "1487282435,61.129.251.68,10.1.0.4,57776,3389,T,I,A",
-                                            "1487282454,84.25.174.170,10.1.0.4,59085,3389,T,I,A",
-                                            "1487282477,77.68.9.50,10.1.0.4,65078,3389,T,I,A"
+                                            "1487282435,198.51.100.68,10.1.0.4,57776,3389,T,I,A",
+                                            "1487282454,203.0.113.170,10.1.0.4,59085,3389,T,I,A",
+                                            "1487282477,192.0.2.50,10.1.0.4,65078,3389,T,I,A"
                                         ]
                                     }
                                 ]
@@ -269,7 +269,7 @@ Here's an example format of a version 1 NSG flow log:
                 },
                 {
                     "time": "2017-02-16T22:02:32.9040000Z",
-                    "systemId": "2c002c16-72f3-4dc5-b391-3444c3527434",
+                    "systemId": "55ff55ff-aa66-bb77-cc88-99dd99dd99dd",
                     "category": "NetworkSecurityGroupFlowEvent",
                     "resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",
                     "operationName": "NetworkSecurityGroupFlowEvents",
@@ -282,8 +282,8 @@ Here's an example format of a version 1 NSG flow log:
                                     {
                                         "mac": "000D3AF8801A",
                                         "flowTuples": [
-                                            "1487282492,175.182.69.29,10.1.0.4,28918,5358,T,I,D",
-                                            "1487282505,71.6.216.55,10.1.0.4,8080,8080,T,I,D"
+                                            "1487282492,203.0.113.29,10.1.0.4,28918,5358,T,I,D",
+                                            "1487282505,192.0.2.55,10.1.0.4,8080,8080,T,I,D"
                                         ]
                                     }
                                 ]
@@ -294,7 +294,7 @@ Here's an example format of a version 1 NSG flow log:
                                     {
                                         "mac": "000D3AF8801A",
                                         "flowTuples": [
-                                            "1487282512,91.224.160.154,10.1.0.4,59046,3389,T,I,A"
+                                            "1487282512,192.0.2.154,10.1.0.4,59046,3389,T,I,A"
                                         ]
                                     }
                                 ]
@@ -319,7 +319,7 @@ Here's an example format of a version 2 NSG flow log:
     "records": [
         {
             "time": "2018-11-13T12:00:35.3899262Z",
-            "systemId": "a0fca5ce-022c-47b1-9735-89943b42f2fa",
+            "systemId": "66aa66aa-bb77-cc88-dd99-00ee00ee00ee",
             "category": "NetworkSecurityGroupFlowEvent",
             "resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",
             "operationName": "NetworkSecurityGroupFlowEvents",
@@ -332,9 +332,9 @@ Here's an example format of a version 2 NSG flow log:
                             {
                                 "mac": "000D3AF87856",
                                 "flowTuples": [
-                                    "1542110402,94.102.49.190,10.5.16.4,28746,443,U,I,D,B,,,,",
-                                    "1542110424,176.119.4.10,10.5.16.4,56509,59336,T,I,D,B,,,,",
-                                    "1542110432,167.99.86.8,10.5.16.4,48495,8088,T,I,D,B,,,,"
+                                    "1542110402,192.0.2.190,10.5.16.4,28746,443,U,I,D,B,,,,",
+                                    "1542110424,203.0.113.10,10.5.16.4,56509,59336,T,I,D,B,,,,",
+                                    "1542110432,198.51.100.8,10.5.16.4,48495,8088,T,I,D,B,,,,"
                                 ]
                             }
                         ]
@@ -345,10 +345,10 @@ Here's an example format of a version 2 NSG flow log:
                             {
                                 "mac": "000D3AF87856",
                                 "flowTuples": [
-                                    "1542110377,10.5.16.4,13.67.143.118,59831,443,T,O,A,B,,,,",
-                                    "1542110379,10.5.16.4,13.67.143.117,59932,443,T,O,A,E,1,66,1,66",
-                                    "1542110379,10.5.16.4,13.67.143.115,44931,443,T,O,A,C,30,16978,24,14008",
-                                    "1542110406,10.5.16.4,40.71.12.225,59929,443,T,O,A,E,15,8489,12,7054"
+                                    "1542110377,10.5.16.4,203.0.113.118,59831,443,T,O,A,B,,,,",
+                                    "1542110379,10.5.16.4,203.0.113.117,59932,443,T,O,A,E,1,66,1,66",
+                                    "1542110379,10.5.16.4,203.0.113.115,44931,443,T,O,A,C,30,16978,24,14008",
+                                    "1542110406,10.5.16.4,198.51.100.225,59929,443,T,O,A,E,15,8489,12,7054"
                                 ]
                             }
                         ]
@@ -358,7 +358,7 @@ Here's an example format of a version 2 NSG flow log:
         },
         {
             "time": "2018-11-13T12:01:35.3918317Z",
-            "systemId": "a0fca5ce-022c-47b1-9735-89943b42f2fa",
+            "systemId": "66aa66aa-bb77-cc88-dd99-00ee00ee00ee",
             "category": "NetworkSecurityGroupFlowEvent",
             "resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",
             "operationName": "NetworkSecurityGroupFlowEvents",

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ author: halkazwini`
`6`	`6`	`ms.author: halkazwini`
`7`	`7`	`ms.service: azure-network-watcher`
`8`	`8`	`ms.topic: concept-article`
`9`		`-ms.date: 02/15/2024`
	`9`	`+ms.date: 08/29/2024`
`10`	`10`
`11`	`11`	`#CustomerIntent: As an Azure administrator, I want to learn about NSG flow logs so that I can log my network traffic to analyze and optimize the network performance.`
`12`	`12`	`---`
`@@ -121,7 +121,7 @@ Here's an example format of a version 1 NSG flow log:`
`121`	`121`	`"records": [`
`122`	`122`	`{`
`123`	`123`	`"time": "2017-02-16T22:00:32.8950000Z",`
`124`		`- "systemId": "2c002c16-72f3-4dc5-b391-3444c3527434",`
	`124`	`+ "systemId": "55ff55ff-aa66-bb77-cc88-99dd99dd99dd",`
`125`	`125`	`"category": "NetworkSecurityGroupFlowEvent",`
`126`	`126`	`"resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",`
`127`	`127`	`"operationName": "NetworkSecurityGroupFlowEvents",`
`@@ -134,7 +134,7 @@ Here's an example format of a version 1 NSG flow log:`
`134`	`134`	`{`
`135`	`135`	`"mac": "000D3AF8801A",`
`136`	`136`	`"flowTuples": [`
`137`		`- "1487282421,42.119.146.95,10.1.0.4,51529,5358,T,I,D"`
	`137`	`+ "1487282421,192.0.2.95,10.1.0.4,51529,5358,T,I,D"`
`138`	`138`	`]`
`139`	`139`	`}`
`140`	`140`	`]`
`@@ -145,10 +145,10 @@ Here's an example format of a version 1 NSG flow log:`
`145`	`145`	`{`
`146`	`146`	`"mac": "000D3AF8801A",`
`147`	`147`	`"flowTuples": [`
`148`		`- "1487282370,163.28.66.17,10.1.0.4,61771,3389,T,I,A",`
`149`		`- "1487282393,5.39.218.34,10.1.0.4,58596,3389,T,I,A",`
`150`		`- "1487282393,91.224.160.154,10.1.0.4,61540,3389,T,I,A",`
`151`		`- "1487282423,13.76.89.229,10.1.0.4,53163,3389,T,I,A"`
	`148`	`+ "1487282370,192.0.2.17,10.1.0.4,61771,3389,T,I,A",`
	`149`	`+ "1487282393,203.0.113.34,10.1.0.4,58596,3389,T,I,A",`
	`150`	`+ "1487282393,192.0.2.154,10.1.0.4,61540,3389,T,I,A",`
	`151`	`+ "1487282423,203.0.113.229,10.1.0.4,53163,3389,T,I,A"`
`152`	`152`	`]`
`153`	`153`	`}`
`154`	`154`	`]`
`@@ -158,7 +158,7 @@ Here's an example format of a version 1 NSG flow log:`
`158`	`158`	`},`
`159`	`159`	`{`
`160`	`160`	`"time": "2017-02-16T22:01:32.8960000Z",`
`161`		`- "systemId": "2c002c16-72f3-4dc5-b391-3444c3527434",`
	`161`	`+ "systemId": "55ff55ff-aa66-bb77-cc88-99dd99dd99dd",`
`162`	`162`	`"category": "NetworkSecurityGroupFlowEvent",`
`163`	`163`	`"resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",`
`164`	`164`	`"operationName": "NetworkSecurityGroupFlowEvents",`
`@@ -171,7 +171,7 @@ Here's an example format of a version 1 NSG flow log:`
`171`	`171`	`{`
`172`	`172`	`"mac": "000D3AF8801A",`
`173`	`173`	`"flowTuples": [`
`174`		`- "1487282481,195.78.210.194,10.1.0.4,53,1732,U,I,D"`
	`174`	`+ "1487282481,198.51.100.194,10.1.0.4,53,1732,U,I,D"`
`175`	`175`	`]`
`176`	`176`	`}`
`177`	`177`	`]`
`@@ -182,9 +182,9 @@ Here's an example format of a version 1 NSG flow log:`
`182`	`182`	`{`
`183`	`183`	`"mac": "000D3AF8801A",`
`184`	`184`	`"flowTuples": [`
`185`		`- "1487282435,61.129.251.68,10.1.0.4,57776,3389,T,I,A",`
`186`		`- "1487282454,84.25.174.170,10.1.0.4,59085,3389,T,I,A",`
`187`		`- "1487282477,77.68.9.50,10.1.0.4,65078,3389,T,I,A"`
	`185`	`+ "1487282435,198.51.100.68,10.1.0.4,57776,3389,T,I,A",`
	`186`	`+ "1487282454,203.0.113.170,10.1.0.4,59085,3389,T,I,A",`
	`187`	`+ "1487282477,192.0.2.50,10.1.0.4,65078,3389,T,I,A"`
`188`	`188`	`]`
`189`	`189`	`}`
`190`	`190`	`]`
`@@ -196,7 +196,7 @@ Here's an example format of a version 1 NSG flow log:`
`196`	`196`	`"records": [`
`197`	`197`	`{`
`198`	`198`	`"time": "2017-02-16T22:00:32.8950000Z",`
`199`		`- "systemId": "2c002c16-72f3-4dc5-b391-3444c3527434",`
	`199`	`+ "systemId": "55ff55ff-aa66-bb77-cc88-99dd99dd99dd",`
`200`	`200`	`"category": "NetworkSecurityGroupFlowEvent",`
`201`	`201`	`"resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",`
`202`	`202`	`"operationName": "NetworkSecurityGroupFlowEvents",`
`@@ -209,7 +209,7 @@ Here's an example format of a version 1 NSG flow log:`
`209`	`209`	`{`
`210`	`210`	`"mac": "000D3AF8801A",`
`211`	`211`	`"flowTuples": [`
`212`		`- "1487282421,42.119.146.95,10.1.0.4,51529,5358,T,I,D"`
	`212`	`+ "1487282421,192.0.2.95,10.1.0.4,51529,5358,T,I,D"`
`213`	`213`	`]`
`214`	`214`	`}`
`215`	`215`	`]`
`@@ -220,10 +220,10 @@ Here's an example format of a version 1 NSG flow log:`
`220`	`220`	`{`
`221`	`221`	`"mac": "000D3AF8801A",`
`222`	`222`	`"flowTuples": [`
`223`		`- "1487282370,163.28.66.17,10.1.0.4,61771,3389,T,I,A",`
`224`		`- "1487282393,5.39.218.34,10.1.0.4,58596,3389,T,I,A",`
`225`		`- "1487282393,91.224.160.154,10.1.0.4,61540,3389,T,I,A",`
`226`		`- "1487282423,13.76.89.229,10.1.0.4,53163,3389,T,I,A"`
	`223`	`+ "1487282370,192.0.2.17,10.1.0.4,61771,3389,T,I,A",`
	`224`	`+ "1487282393,203.0.113.34,10.1.0.4,58596,3389,T,I,A",`
	`225`	`+ "1487282393,192.0.2.154,10.1.0.4,61540,3389,T,I,A",`
	`226`	`+ "1487282423,203.0.113.229,10.1.0.4,53163,3389,T,I,A"`
`227`	`227`	`]`
`228`	`228`	`}`
`229`	`229`	`]`
`@@ -233,7 +233,7 @@ Here's an example format of a version 1 NSG flow log:`
`233`	`233`	`},`
`234`	`234`	`{`
`235`	`235`	`"time": "2017-02-16T22:01:32.8960000Z",`
`236`		`- "systemId": "2c002c16-72f3-4dc5-b391-3444c3527434",`
	`236`	`+ "systemId": "55ff55ff-aa66-bb77-cc88-99dd99dd99dd",`
`237`	`237`	`"category": "NetworkSecurityGroupFlowEvent",`
`238`	`238`	`"resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",`
`239`	`239`	`"operationName": "NetworkSecurityGroupFlowEvents",`
`@@ -246,7 +246,7 @@ Here's an example format of a version 1 NSG flow log:`
`246`	`246`	`{`
`247`	`247`	`"mac": "000D3AF8801A",`
`248`	`248`	`"flowTuples": [`
`249`		`- "1487282481,195.78.210.194,10.1.0.4,53,1732,U,I,D"`
	`249`	`+ "1487282481,198.51.100.194,10.1.0.4,53,1732,U,I,D"`
`250`	`250`	`]`
`251`	`251`	`}`
`252`	`252`	`]`
`@@ -257,9 +257,9 @@ Here's an example format of a version 1 NSG flow log:`
`257`	`257`	`{`
`258`	`258`	`"mac": "000D3AF8801A",`
`259`	`259`	`"flowTuples": [`
`260`		`- "1487282435,61.129.251.68,10.1.0.4,57776,3389,T,I,A",`
`261`		`- "1487282454,84.25.174.170,10.1.0.4,59085,3389,T,I,A",`
`262`		`- "1487282477,77.68.9.50,10.1.0.4,65078,3389,T,I,A"`
	`260`	`+ "1487282435,198.51.100.68,10.1.0.4,57776,3389,T,I,A",`
	`261`	`+ "1487282454,203.0.113.170,10.1.0.4,59085,3389,T,I,A",`
	`262`	`+ "1487282477,192.0.2.50,10.1.0.4,65078,3389,T,I,A"`
`263`	`263`	`]`
`264`	`264`	`}`
`265`	`265`	`]`
`@@ -269,7 +269,7 @@ Here's an example format of a version 1 NSG flow log:`
`269`	`269`	`},`
`270`	`270`	`{`
`271`	`271`	`"time": "2017-02-16T22:02:32.9040000Z",`
`272`		`- "systemId": "2c002c16-72f3-4dc5-b391-3444c3527434",`
	`272`	`+ "systemId": "55ff55ff-aa66-bb77-cc88-99dd99dd99dd",`
`273`	`273`	`"category": "NetworkSecurityGroupFlowEvent",`
`274`	`274`	`"resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",`
`275`	`275`	`"operationName": "NetworkSecurityGroupFlowEvents",`
`@@ -282,8 +282,8 @@ Here's an example format of a version 1 NSG flow log:`
`282`	`282`	`{`
`283`	`283`	`"mac": "000D3AF8801A",`
`284`	`284`	`"flowTuples": [`
`285`		`- "1487282492,175.182.69.29,10.1.0.4,28918,5358,T,I,D",`
`286`		`- "1487282505,71.6.216.55,10.1.0.4,8080,8080,T,I,D"`
	`285`	`+ "1487282492,203.0.113.29,10.1.0.4,28918,5358,T,I,D",`
	`286`	`+ "1487282505,192.0.2.55,10.1.0.4,8080,8080,T,I,D"`
`287`	`287`	`]`
`288`	`288`	`}`
`289`	`289`	`]`
`@@ -294,7 +294,7 @@ Here's an example format of a version 1 NSG flow log:`
`294`	`294`	`{`
`295`	`295`	`"mac": "000D3AF8801A",`
`296`	`296`	`"flowTuples": [`
`297`		`- "1487282512,91.224.160.154,10.1.0.4,59046,3389,T,I,A"`
	`297`	`+ "1487282512,192.0.2.154,10.1.0.4,59046,3389,T,I,A"`
`298`	`298`	`]`
`299`	`299`	`}`
`300`	`300`	`]`
`@@ -319,7 +319,7 @@ Here's an example format of a version 2 NSG flow log:`
`319`	`319`	`"records": [`
`320`	`320`	`{`
`321`	`321`	`"time": "2018-11-13T12:00:35.3899262Z",`
`322`		`- "systemId": "a0fca5ce-022c-47b1-9735-89943b42f2fa",`
	`322`	`+ "systemId": "66aa66aa-bb77-cc88-dd99-00ee00ee00ee",`
`323`	`323`	`"category": "NetworkSecurityGroupFlowEvent",`
`324`	`324`	`"resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",`
`325`	`325`	`"operationName": "NetworkSecurityGroupFlowEvents",`
`@@ -332,9 +332,9 @@ Here's an example format of a version 2 NSG flow log:`
`332`	`332`	`{`
`333`	`333`	`"mac": "000D3AF87856",`
`334`	`334`	`"flowTuples": [`
`335`		`- "1542110402,94.102.49.190,10.5.16.4,28746,443,U,I,D,B,,,,",`
`336`		`- "1542110424,176.119.4.10,10.5.16.4,56509,59336,T,I,D,B,,,,",`
`337`		`- "1542110432,167.99.86.8,10.5.16.4,48495,8088,T,I,D,B,,,,"`
	`335`	`+ "1542110402,192.0.2.190,10.5.16.4,28746,443,U,I,D,B,,,,",`
	`336`	`+ "1542110424,203.0.113.10,10.5.16.4,56509,59336,T,I,D,B,,,,",`
	`337`	`+ "1542110432,198.51.100.8,10.5.16.4,48495,8088,T,I,D,B,,,,"`
`338`	`338`	`]`
`339`	`339`	`}`
`340`	`340`	`]`
`@@ -345,10 +345,10 @@ Here's an example format of a version 2 NSG flow log:`
`345`	`345`	`{`
`346`	`346`	`"mac": "000D3AF87856",`
`347`	`347`	`"flowTuples": [`
`348`		`- "1542110377,10.5.16.4,13.67.143.118,59831,443,T,O,A,B,,,,",`
`349`		`- "1542110379,10.5.16.4,13.67.143.117,59932,443,T,O,A,E,1,66,1,66",`
`350`		`- "1542110379,10.5.16.4,13.67.143.115,44931,443,T,O,A,C,30,16978,24,14008",`
`351`		`- "1542110406,10.5.16.4,40.71.12.225,59929,443,T,O,A,E,15,8489,12,7054"`
	`348`	`+ "1542110377,10.5.16.4,203.0.113.118,59831,443,T,O,A,B,,,,",`
	`349`	`+ "1542110379,10.5.16.4,203.0.113.117,59932,443,T,O,A,E,1,66,1,66",`
	`350`	`+ "1542110379,10.5.16.4,203.0.113.115,44931,443,T,O,A,C,30,16978,24,14008",`
	`351`	`+ "1542110406,10.5.16.4,198.51.100.225,59929,443,T,O,A,E,15,8489,12,7054"`
`352`	`352`	`]`
`353`	`353`	`}`
`354`	`354`	`]`
`@@ -358,7 +358,7 @@ Here's an example format of a version 2 NSG flow log:`
`358`	`358`	`},`
`359`	`359`	`{`
`360`	`360`	`"time": "2018-11-13T12:01:35.3918317Z",`
`361`		`- "systemId": "a0fca5ce-022c-47b1-9735-89943b42f2fa",`
	`361`	`+ "systemId": "66aa66aa-bb77-cc88-dd99-00ee00ee00ee",`
`362`	`362`	`"category": "NetworkSecurityGroupFlowEvent",`
`363`	`363`	`"resourceId": "/SUBSCRIPTIONS/00000000-0000-0000-0000-000000000000/RESOURCEGROUPS/FABRIKAMRG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/FABRIAKMVM1-NSG",`
`364`	`364`	`"operationName": "NetworkSecurityGroupFlowEvents",`