Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Reference for RetinaNetworkFlowLogs table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Containers |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| AdditionalFlowData | dynamic | Additional flow data. |
| DestinationClusterName | string | The name of the destination cluster (flow.destination.cluster_name). |
| DestinationIdentity | int | Security identity number for the destination (flow.destination.identity). |
| DestinationNamespace | string | The namespace of the destination (flow.destination.namespace). |
| DestinationPodName | string | The name of the destination pod (flow.destination.pod_name). |
| DestinationWorkloads | dynamic | Array of workloads associated with the destination, including name and kind (flow.destination.workloads). |
| DropReason | string | The description of the drop reason if the verdict is DROPPED. (flow.drop_reason_desc). |
| EventType | dynamic | Event type details (flow.event_type). |
| FlowType | string | Type of the flow (e.g., L3_L4, L7 SOCK) (flow.Type). |
| IP | dynamic | The IP values of the flow. Including ip source, ip destination, ip is encrypted and ip version. |
| Layer4 | dynamic | The layer 4 information of the flow such as the protocol, source port, destination port, and TCP flags. |
| Layer7 | dynamic | L7 flow type if Flow_Type is L7 (e.g., DNS, HTTP, Kafka) (flow.l7.type). |
| NodeName | string | Name of the node where the flow was captured (flow.node_name). |
| PacketsReceived | int | Number of packets sent from the destination to the source since the last update. |
| PacketsSent | int | Number of packets sent from the source to the destination since the last update. |
| Policies | dynamic | Combined entry for all policies that allowed or denied ingress/egress (flow.egress_allowed_by, flow.ingress_allowed_by, flow.egress_denied_by, flow.ingress_denied_by). |
| Reply | bool | Indicates if the flow is a reply (flow.is_reply.value). |
| Service | dynamic | Service details of the flow. |
| SourceClusterName | string | The name of the source cluster (flow.source.cluster_name). |
| SourceIdentity | int | The security identity number for the source (flow.source.identity). |
| SourceNamespace | string | The namespace of the source (flow.source.namespace). |
| SourcePodName | string | The name of the source pod (flow.source.pod_name). |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| SourceWorkloads | dynamic | Array of workloads associated with the source, including name and kind (flow.source.workloads). |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The date and time the flow was recorded (flow.time). |
| TraceObservationPoint | string | Point of observation in the trace (e.g., TO_ENDPOINT) (flow.trace_observation_point). |
| TrafficDirection | string | Direction of the traffic (e.g., INGRESS, EGRESS) (flow.traffic_direction). |
| Type | string | The name of the table |
| UUID | string | The UUID of the flow (flow.uuid). |
| Verdict | string | The verdict of the flow (e.g., FORWARDED, DROPPED) (flow.verdict). |
This table collects data from the following Azure resource types:
microsoft.containerservice/managedclustersBrowse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊