az network watcher flow-log delete failed

Silvio 20 Reputation points

I can't delete the flow-log using the azure cli. What to do?
PS C:\Users\User> az network watcher flow-log delete --name 'dev-******-flowlog' --location 'westeurope'

(SubnetNotFoundForFlowLog) Subnet resource /subscriptions/*/resourceGroups//providers/Microsoft.Network/virtualNetworks/********/subnets/dev passed for the flow log does not exist.

Code: SubnetNotFoundForFlowLog

  1. Thanmayi Godithi 10,655 Reputation points Microsoft External Staff Moderator

    Hi @Silvio,

    To delete the az network watcher flow-logs,these are recommended steps from our product group.

    1. Recreate the previously deleted VNET and subnet.
    2. Attempt to delete the flow log again.
    3. Verify whether the flow log deletion is successful.
    4. Once confirmed, you may proceed to delete the VNET and subnet

    Let us know if that worked.

    If you need any further assistance please share the details requested over Private message.

Sign in to comment

1 answer

  1. Serhii-Roman Kikot 90 Reputation points

    Hello @Silvio,

    Thank you for reaching out to Microsoft Q&A! The issue occurs because Azure cannot find the subnet (or the virtual network to which the subnet belongs) associated with the flow log. Please ensure that the virtual network exists and that the subnet is present in the same resource group as the flow log.

    Potential fix:

    1. Verify that the virtual network named VNET_NAME exists in RESOURCE_GROUP_NAME. You can check this either in the Azure Portal or by using the Azure CLI. If the VNet does not exist, please create a virtual network with the name VNET_NAME.
    2. Verify that the subnet named SUBNET_NAME exists within the virtual network VNET_NAME. If it does not exist, please create a subnet with the name SUBNET_NAME in that VNet.
    3. After confirming that both the VNet and subnet exist, try running the following command again: az network watcher flow-log delete --name 'dev-******-flowlog' --location 'westeurope'

    You can find the values for VNET_NAME, SUBNET_NAME, and RESOURCE_GROUP_NAME in the error message itself:

    /subscriptions/SUBNET_ID/resourceGroups/RESOURCE_GROUP_NAME/providers/Microsoft.Network/virtualNetworks/VNET_NAME/subnets/SUBNET_NAME

    If the information is helpful, please click on "Accept Answer" and "Upvote"

    If you have any queries, please do let us know, we will help you.

    1. Silvio 20 Reputation points

      Hello,

      Thanks for the quick reply.

      Also, sorry for the lack of context.
      This error is happening after I deleted the AKS cluster and its networks.
      So, I can't ensure this part:

      *Please ensure that the virtual network exists and that the subnet is present in the same resource group as the flow log.

      *The subnet is gone... I just want the flow-log to be deleted, maybe an issue from microsoft side?? Like why not just force the deletion? Anyway...
      I tried to contact the support ticket, but even paying the monthly plan I always endup with copilot help.

      I have found it: https://github.com/Azure/azure-cli/issues/31506

      Looks like a known bug... I will try it out.

    2. Serhii-Roman Kikot 90 Reputation points

      Thank you for the provided details.

      A flow log is tightly bound to the subnet (and its virtual network) it was created for. When the VNet or subnet is deleted, the flow log resource is not removed automatically and becomes orphaned. During deletion, Azure still attempts to validate the original subnet reference, and if the subnet or VNet no longer exists, the deletion fails.

      For this reason, it is necessary to temporarily re-create the VNet and subnet only to allow Azure to resolve the original reference and successfully delete the flow log. Once the flow log is deleted, the VNet and subnet can be safely removed again.

      If you have any queries, please do let us know, we will help you.

    Sign in to comment
Sign in to answer

Your answer