Share via

How to monitor network traffic/IP coming in an azure network which are blocked by NSG through Virtual network Flow Logs

ishan saxena 125 Reputation points
2025-11-22T02:56:31.97+00:00

I want to monitor traffic blocked by NSG rules, I have setup NSG flow logs of Virtual network flow type as Network security Group flow type have been depreciated and greyed out.

I have selected the storage account as well as log anaylutics workspace.

But when i try to query the using the queries provided by MS and get the below error.image

Erro message - 'where' operator: Failed to resolve table or column expression named 'AzureNetworkAnalytics_CL'

I know this virtual network flow type and not previously V2 version types and that's why i am getting error but how can i filter it out for latest NSG flow logs of virtual network flow type?

Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
0 comments
Answer accepted by question author
  1. Thanmayi Godithi 3,015 Reputation points Microsoft External Staff Moderator
    2025-11-24T03:40:11.2166667+00:00

    Hi @ishan saxena,

    Thanks for reaching out on Microsoft Q&A forum.

    I understand you're trying to query blocked NSG traffic using the new Virtual Network Flow Logs, but you're seeing this error:'where' operator: Failed to resolve table or column expression named 'AzureNetworkAnalytics_CL'

    This happens because that table belongs to the retired NSG Flow Logs / Traffic Analytics pipeline. With Virtual network flow logs, the data is stored in different Log Analytics tables.

    As mentioned by @Marcin Policht,The new Virtual Network Flow Logs write to new tables:

    Because of this, Microsoft requires all customers to use Virtual Network Flow Logs + Traffic Analytics going forward.

    So, enable Traffic Analytics on your Virtual Network Flow Log and query these new tables in Log Analytics and then you will be able to view the logs.

    Kindly let us know if the above helps or you need further assistance on this issue.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 70,700 Reputation points MVP Volunteer Moderator
    2025-11-22T12:07:12.9433333+00:00

    As per https://quic.hkg1.meaqua.org/en-us/azure/network-watcher/traffic-analytics-schema?tabs=vnet

    NTANetAnalytics in virtual network flow logs replaces AzureNetworkAnalytics_CL used in network security group flow logs.

    The easiest way to locate the right table is to open Log Analytics, type just a single letter (e.g., “N”) in the query window, expand the schema list on the left, and look for tables that started being populated right after you enabled the new flow logs. You will see rows filling in every few minutes. Those are your flow-log tables.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.