Forum Discussion

venu15's avatar
venu15
Copper Contributor
Apr 06, 2023

Kusto Query for Network Security Group

Hi Team,   i need some help on Kusto Query for troubleshooting the Network Security Group connectivity between source IP and Destination IP,   can someone please help in Kusto Query to check the ...
SuryaJ's avatar
SuryaJ
Icon for Microsoft rankMicrosoft
Apr 11, 2023

venu15 Taking the reference of logs format from here - https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#log-format

 

There are 3 parameters in the logs that can help us check if the traffic was allowed or denied

 

So, KQL query for this check will be like below:

nsgLogs

// | where sourceIP== '10.226.16.165' and destinationIP== '159.123.12.3' // If you need IP filter

| extend trafficDecision = iif(TrafficDecision == 'A', 'Allowed', 'Denied')

| project sourceIP, destinationIP, trafficDecision

Resources