You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/traffic-analytics-schema.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: halkazwini
6
6
ms.author: halkazwini
7
7
ms.service: network-watcher
8
8
ms.topic: concept-article
9
-
ms.date: 05/07/2024
9
+
ms.date: 06/07/2024
10
10
11
11
#CustomerIntent: As a administrator, I want learn about traffic analytics schema so I can easily use the queries and understand their output.
12
12
---
@@ -188,7 +188,7 @@ The following table lists the fields in the schema and what they signify for vir
188
188
> |**FlowIntervalStartTime**| Date and time in UTC | Starting time of the flow log processing interval (time from which flow interval is measured). |
189
189
> |**FlowIntervalEndTime**| Date and time in UTC | Ending time of the flow log processing interval. |
190
190
> |**FlowStartTime**| Date and time in UTC | First occurrence of the flow (which gets aggregated) in the flow log processing interval between `FlowIntervalStartTime` and `FlowIntervalEndTime`. This flow gets aggregated based on aggregation logic. |
191
-
> |**FlowEndTime**| Date and time in UTC | Last occurrence of the flow (which gets aggregated) in the flow log processing interval between `FlowIntervalStartTime` and `FlowIntervalEndTime`. In terms of flow log v2, this field contains the time when the last flow with the same four-tuple started (marked as **B** in the raw flow record). |
191
+
> |**FlowEndTime**| Date and time in UTC | Last occurrence of the flow (which gets aggregated) in the flow log processing interval between `FlowIntervalStartTime` and `FlowIntervalEndTime`. |
> |**SrcIP**| Source IP address | Blank in AzurePublic and ExternalPublic flows. |
194
194
> |**DestIP**| Destination IP address | Blank in AzurePublic and ExternalPublic flows. |
@@ -236,7 +236,7 @@ The following table lists the fields in the schema and what they signify for vir
236
236
> |**PacketsSrcToDest**| - | Represents packets sent from the source to the destination of the flow . |
237
237
> |**BytesDestToSrc**| - | Represents bytes sent from the destination to the source of the flow. |
238
238
> |**BytesSrcToDest**| - | Represents bytes sent from the source to the destination of the flow. |
239
-
> |**CompletedFlows**| - |Populated with nonzero value only for the Version 2 of network security group flow log schema. |
239
+
> |**CompletedFlows**| - |Total number of flows completed (populated with non-zero value when a flow gets a completed event). |
240
240
> |**SrcPublicIPs**|\<SOURCE_PUBLIC_IP\>\|\<FLOW_STARTED_COUNT\>\|\<FLOW_ENDED_COUNT\>\|\<OUTBOUND_PACKETS\>\|\<INBOUND_PACKETS\>\|\<OUTBOUND_BYTES\>\|\<INBOUND_BYTES\>| Entries separated by bars. |
241
241
> |**DestPublicIPs**| <DESTINATION_PUBLIC_IP>\|\<FLOW_STARTED_COUNT>\|\<FLOW_ENDED_COUNT>\|\<OUTBOUND_PACKETS>\|\<INBOUND_PACKETS>\|\<OUTBOUND_BYTES>\|\<INBOUND_BYTES> | Entries separated by bars. |
242
242
> |**FlowEncryption**| - Encrypted <br>- Unencrypted <br>- Unsupported hardware <br>- Software not ready <br>- Drop due to no encryption <br>- Discovery not supported <br>- Destination on same host <br>- Fall back to no encryption. | Encryption level of flows. |
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments