Continue from
NSG Flow logs – e-lo: Ask the AI. (follow-e-lo.com)
So we have our VM, NSG and we are storing flow logs on a storage account as shown from above tutorial.
Now make a log analytics for the traffic analytics.
We have one rg with the logs, lets add it to that.:
done
If you need to edit the retention:
Now go to Network Watcher | Traffic Analytics
Now we can edit all the NSG that we have flow logs for with enable Traffic Analytics.
Press the NSG
Traffic Analytics provides rich analytics and visualization derived from flow logs and other Azure resources’ data. Drill through geo-map, easily figure out traffic hotspots and get insights into optimization possibilities.
Select the new log analytics and set intervall
And save it.
Give it a bit more then 1 h.
If you want to change the interval go to Network Watcher | Flow logs
And select your flow log to change.
It takes time, 20 min, 1 h, give it a day.
But when it is done, you get a lot here:
TRAFFIC DISTRIBUTION
View analytics of traffic flows across host, subnet, VNet and VMSS
units in Flows
APPLICATION PORTS
View analytics for application ports utilized across your environment
units in Flows
Maps and more