AWSELBFlowLogs Schema #

Table description #

TableSection	TableType	TableSectionName	Description
Usx	Regular	Microsoft Sentinel	This connector allows you to ingest AWS Elastic Load Balancer (ALB, NLB and GLB) logs into Microsoft Sentinel. These logs contain detailed records for requests handled by your load balancers, including client IPs, latencies, request paths, and status codes. These logs are useful for monitoring traffic patterns, investigating anomalies, and ensuring security compliance.

HotDays	ColdDays	TotalInteractiveDays
14	16	30

Name	Description	Type
_BilledSize		Double
_IsBillable		String
AccountId	The AWS account ID that owns the network interface.	String
Action	Indicates whether the traffic was accepted or rejected.	String
Bytes	The number of bytes transferred during the flow.	String
DestinationAddress	The destination IP address of the traffic.	String
DestinationPort	The destination port of the traffic.	String
EndTime	The end time of the flow in Unix seconds.	DateTime
InterfaceId	The ID of the network interface for which the traffic is recorded.	String
LogStatus	Indicates the logging status (e.g., OK, NODATA, SKIPDATA).	String
LogType	Type of the log (e.g., VPCFlowLog, TransitGatewayFlowLog).	String
Packets	The number of packets transferred during the flow.	String
Protocol	The IANA protocol number of the traffic (e.g., 6 for TCP, 17 for UDP).	String
SourceAddress	The source IP address of the traffic.	String
SourcePort	The source port of the traffic.	String
SourceSystem		String
SStartTime	The start time of the flow in Unix seconds.	DateTime
TenantId	Unique identifier of the tenant into which the data connector ingests data.	String
TimeGenerated	The timestamp when the log was collected or ingested.	DateTime
Type	The name of the table	String
Version	The version of the flow log format.	String

Date	Action
2026-01-02	Table added to tracking