Bicep resource definition
The networkWatchers/flowLogs resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/networkWatchers/flowLogs@2022-09-01' = {
  parent: resourceSymbolicName
  ___location: 'string'
  name: 'string'
  properties: {
    enabled: bool
    flowAnalyticsConfiguration: {
      networkWatcherFlowAnalyticsConfiguration: {
        enabled: bool
        trafficAnalyticsInterval: int
        workspaceId: 'string'
        workspaceRegion: 'string'
        workspaceResourceId: 'string'
      }
    }
    format: {
      type: 'string'
      version: int
    }
    retentionPolicy: {
      days: int
      enabled: bool
    }
    storageId: 'string'
    targetResourceId: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}
Property Values
Microsoft.Network/networkWatchers/flowLogs
| Name | Description | Value | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. 
 For more information, see Child resource outside parent resource.
 | Symbolic name for resource of type: networkWatchers | 
| properties | Properties of the flow log. | FlowLogPropertiesFormat | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
| Name | Description | Value | 
| type | The file type of flow log. | 'JSON' | 
| version | The version (revision) of the flow log. | int | 
| Name | Description | Value | 
| enabled | Flag to enable/disable flow logging. | bool | 
| flowAnalyticsConfiguration | Parameters that define the configuration of traffic analytics. | TrafficAnalyticsProperties | 
| format | Parameters that define the flow log format. | FlowLogFormatParameters | 
| retentionPolicy | Parameters that define the retention policy for flow log. | RetentionPolicyParameters | 
| storageId | ID of the storage account which is used to store the flow log. | string (required) | 
| targetResourceId | ID of network security group to which flow log will be applied. | string (required) | 
RetentionPolicyParameters
| Name | Description | Value | 
| days | Number of days to retain flow log records. | int | 
| enabled | Flag to enable/disable retention. | bool | 
TrafficAnalyticsConfigurationProperties
| Name | Description | Value | 
| enabled | Flag to enable/disable traffic analytics. | bool | 
| trafficAnalyticsInterval | The interval in minutes which would decide how frequently TA service should do flow analytics. | int | 
| workspaceId | The resource guid of the attached workspace. | string | 
| workspaceRegion | The ___location of the attached workspace. | string | 
| workspaceResourceId | Resource Id of the attached workspace. | string | 
TrafficAnalyticsProperties
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
 
ARM template resource definition
The networkWatchers/flowLogs resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following JSON to your template.
{
  "type": "Microsoft.Network/networkWatchers/flowLogs",
  "apiVersion": "2022-09-01",
  "name": "string",
  "___location": "string",
  "properties": {
    "enabled": "bool",
    "flowAnalyticsConfiguration": {
      "networkWatcherFlowAnalyticsConfiguration": {
        "enabled": "bool",
        "trafficAnalyticsInterval": "int",
        "workspaceId": "string",
        "workspaceRegion": "string",
        "workspaceResourceId": "string"
      }
    },
    "format": {
      "type": "string",
      "version": "int"
    },
    "retentionPolicy": {
      "days": "int",
      "enabled": "bool"
    },
    "storageId": "string",
    "targetResourceId": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}
Property Values
Microsoft.Network/networkWatchers/flowLogs
| Name | Description | Value | 
| apiVersion | The api version | '2022-09-01' | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| properties | Properties of the flow log. | FlowLogPropertiesFormat | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
| type | The resource type | 'Microsoft.Network/networkWatchers/flowLogs' | 
| Name | Description | Value | 
| type | The file type of flow log. | 'JSON' | 
| version | The version (revision) of the flow log. | int | 
| Name | Description | Value | 
| enabled | Flag to enable/disable flow logging. | bool | 
| flowAnalyticsConfiguration | Parameters that define the configuration of traffic analytics. | TrafficAnalyticsProperties | 
| format | Parameters that define the flow log format. | FlowLogFormatParameters | 
| retentionPolicy | Parameters that define the retention policy for flow log. | RetentionPolicyParameters | 
| storageId | ID of the storage account which is used to store the flow log. | string (required) | 
| targetResourceId | ID of network security group to which flow log will be applied. | string (required) | 
RetentionPolicyParameters
| Name | Description | Value | 
| days | Number of days to retain flow log records. | int | 
| enabled | Flag to enable/disable retention. | bool | 
TrafficAnalyticsConfigurationProperties
| Name | Description | Value | 
| enabled | Flag to enable/disable traffic analytics. | bool | 
| trafficAnalyticsInterval | The interval in minutes which would decide how frequently TA service should do flow analytics. | int | 
| workspaceId | The resource guid of the attached workspace. | string | 
| workspaceRegion | The ___location of the attached workspace. | string | 
| workspaceResourceId | Resource Id of the attached workspace. | string | 
TrafficAnalyticsProperties
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
 
The networkWatchers/flowLogs resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/networkWatchers/flowLogs resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/networkWatchers/flowLogs@2022-09-01"
  name = "string"
  parent_id = "string"
  ___location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      enabled = bool
      flowAnalyticsConfiguration = {
        networkWatcherFlowAnalyticsConfiguration = {
          enabled = bool
          trafficAnalyticsInterval = int
          workspaceId = "string"
          workspaceRegion = "string"
          workspaceResourceId = "string"
        }
      }
      format = {
        type = "string"
        version = int
      }
      retentionPolicy = {
        days = int
        enabled = bool
      }
      storageId = "string"
      targetResourceId = "string"
    }
  }
}
Property Values
Microsoft.Network/networkWatchers/flowLogs
| Name | Description | Value | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: networkWatchers | 
| properties | Properties of the flow log. | FlowLogPropertiesFormat | 
| tags | Resource tags | Dictionary of tag names and values. | 
| type | The resource type | "Microsoft.Network/networkWatchers/flowLogs@2022-09-01" | 
| Name | Description | Value | 
| type | The file type of flow log. | 'JSON' | 
| version | The version (revision) of the flow log. | int | 
| Name | Description | Value | 
| enabled | Flag to enable/disable flow logging. | bool | 
| flowAnalyticsConfiguration | Parameters that define the configuration of traffic analytics. | TrafficAnalyticsProperties | 
| format | Parameters that define the flow log format. | FlowLogFormatParameters | 
| retentionPolicy | Parameters that define the retention policy for flow log. | RetentionPolicyParameters | 
| storageId | ID of the storage account which is used to store the flow log. | string (required) | 
| targetResourceId | ID of network security group to which flow log will be applied. | string (required) | 
RetentionPolicyParameters
| Name | Description | Value | 
| days | Number of days to retain flow log records. | int | 
| enabled | Flag to enable/disable retention. | bool | 
TrafficAnalyticsConfigurationProperties
| Name | Description | Value | 
| enabled | Flag to enable/disable traffic analytics. | bool | 
| trafficAnalyticsInterval | The interval in minutes which would decide how frequently TA service should do flow analytics. | int | 
| workspaceId | The resource guid of the attached workspace. | string | 
| workspaceRegion | The ___location of the attached workspace. | string | 
| workspaceResourceId | Resource Id of the attached workspace. | string | 
TrafficAnalyticsProperties
Usage Examples
A basic example of deploying Network Watcher Flow Log.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "___location" {
  type    = string
  default = "eastus2"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}
resource "azapi_resource" "virtualNetwork" {
  type      = "Microsoft.Network/virtualNetworks@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = [
          "10.0.0.0/16",
        ]
      }
      dhcpOptions = {
        dnsServers = [
        ]
      }
      subnets = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  lifecycle {
    ignore_changes = [body.properties.subnets]
  }
}
resource "azapi_resource" "networkWatchers" {
  type      = "Microsoft.Network/networkWatchers@2023-11-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_resource" "storageAccount" {
  type      = "Microsoft.Storage/storageAccounts@2021-09-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    kind = "StorageV2"
    properties = {
      accessTier                   = "Hot"
      allowBlobPublicAccess        = true
      allowCrossTenantReplication  = true
      allowSharedKeyAccess         = true
      defaultToOAuthAuthentication = false
      encryption = {
        keySource = "Microsoft.Storage"
        services = {
          queue = {
            keyType = "Service"
          }
          table = {
            keyType = "Service"
          }
        }
      }
      isHnsEnabled      = false
      isNfsV3Enabled    = false
      isSftpEnabled     = false
      minimumTlsVersion = "TLS1_2"
      networkAcls = {
        defaultAction = "Allow"
      }
      publicNetworkAccess      = "Enabled"
      supportsHttpsTrafficOnly = true
    }
    sku = {
      name = "Standard_LRS"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_resource" "flowLog" {
  type      = "Microsoft.Network/networkWatchers/flowLogs@2023-11-01"
  name      = var.resource_name
  ___location  = var.___location
  parent_id = azapi_resource.networkWatchers.id
  body = {
    properties = {
      enabled = true
      flowAnalyticsConfiguration = {
        networkWatcherFlowAnalyticsConfiguration = {
          enabled = false
        }
      }
      format = {
        type    = "JSON"
        version = 2
      }
      retentionPolicy = {
        days    = 7
        enabled = true
      }
      storageId        = azapi_resource.storageAccount.id
      targetResourceId = azapi_resource.virtualNetwork.id
    }
  }
}