![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.999999999999996%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ3%3C/text%3E%3C/svg%3E)
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
599 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Thank you for getting back.
Based on your response above.
If I click on the Logs menu item, I first am presented with this annoying Azure Monitor Log Analytics video that I have to dismiss. Next a Queries screen appears. There are two types of queries listed. Firewall Logs and Firewall Logs (Resour...) I have no idea which is which. I'll assume that Firewall Logs is some original logs queries before the Structured Firewall Logs is turned on. I can't tell though because what is displayed on the screen for queries does not say something like Original Firewall Logs and New Structured Firewall Logs. I don't know who reviews the UI but if you're going to refer to things in your documentation with terms like "Structured Firewall Logs" then the least you can do for customers is use the same terminology on the Queries screen so that it is obvious what we are querying.
I understand the confusion caused. I will share this feedback with the product team, and it will also help if you could log this feedback on our feedback portal here.
So assuming that the Firewall Logs (Resour... list of queries is what you mean to be Structured Firewall Logs queries, it appears that the provided queries are working properly now. I'm not sure why at this point but the sample queries provided under the Firewall Logs queries are also working. I don't know if someone fixed the queries that are generated and auto loaded but I can tell you that when I opened this ticket, these queries were throwing syntax Kusto Syntax errors.
Glad to know you were able to execute the queries now. We have usually observed such issues because sometimes it takes time (Usually few hours) for diagnostic logs populate in the log analytics workspace. This might be a likely cause here.
Please let me know if you have any additional questions. Thank you!