Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Network flow logs for Azure Container Networking Services.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | microsoft.containerservice/managedclusters |
| Categories | Containers |
| Solutions | LogManagement |
| Basic log | Yes |
| Ingestion-time transformation | No |
| Sample Queries | Yes |
Columns
| Column | Type | Description |
|---|---|---|
| AdditionalFlowData | dynamic | Additional flow data. |
| _BilledSize | real | The record size in bytes |
| DestinationClusterName | string | The name of the destination cluster (flow.destination.cluster_name) |
| DestinationIdentity | int | Security identity number for the destination (flow.destination.identity) |
| DestinationNamespace | string | The namespace of the destination (flow.destination.namespace) |
| DestinationPodName | string | The name of the destination pod (flow.destination.pod_name) |
| DestinationWorkloads | dynamic | Array of workloads associated with the destination, including name and kind (flow.destination.workloads) |
| DropReason | string | The description of the drop reason if the verdict is DROPPED. (flow.drop_reason_desc) |
| EventType | dynamic | Event type details (flow.event_type). |
| FlowType | string | Type of the flow (e.g., L3_L4, L7 SOCK) (flow.Type) |
| IP | dynamic | The IP values of the flow. Including ip source, ip destination, ip is encrypted and ip version. |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| Layer4 | dynamic | The layer 4 information of the flow such as the protocol, source port, destination port, and TCP flags. |
| Layer7 | dynamic | L7 flow type if Flow_Type is L7 (e.g., DNS, HTTP, Kafka) (flow.l7.type) |
| NodeName | string | Name of the node where the flow was captured (flow.node_name) |
| PacketsReceived | int | Number of packets sent from the destination to the source since the last update. |
| PacketsSent | int | Number of packets sent from the source to the destination since the last update. |
| Policies | dynamic | Combined entry for all policies that allowed or denied ingress/egress (flow.egress_allowed_by, flow.ingress_allowed_by, flow.egress_denied_by, flow.ingress_denied_by) |
| Reply | bool | Indicates if the flow is a reply (flow.is_reply.value) |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| Service | dynamic | Service details of the flow. |
| SourceClusterName | string | The name of the source cluster (flow.source.cluster_name) |
| SourceIdentity | int | The security identity number for the source (flow.source.identity) |
| SourceNamespace | string | The namespace of the source (flow.source.namespace) |
| SourcePodName | string | The name of the source pod (flow.source.pod_name) |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| SourceWorkloads | dynamic | Array of workloads associated with the source, including name and kind (flow.source.workloads) |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The date and time the flow was recorded (flow.time) |
| TraceObservationPoint | string | Point of observation in the trace (e.g., TO_ENDPOINT) (flow.trace_observation_point) |
| TrafficDirection | string | Direction of the traffic (e.g., INGRESS, EGRESS) (flow.traffic_direction) |
| Type | string | The name of the table |
| UUID | string | The UUID of the flow (flow.uuid) |
| Verdict | string | The verdict of the flow (e.g., FORWARDED, DROPPED) (flow.verdict) |