As per this announcement, the support for NSG flow logs creation using ARM template is now released and hence was trying the quick-start ARM template which can do the same, however it appears that there is a pre-requisite that needs to be there before the template is deployed. i.e. Network watcher resource in the region (the region of the target NSG) needs to be enabled.
This could be highly restrictive for replicating deployments across multiple regions where you are not sure if the network watcher is enabled or not. This might end up in resulting deployment failure all-together.
Is there any way to auto-enable the network watcher resource when the NSG flow log gets deployed be it with Powershell or with ARM template?
Azure Network Watcher enabled by default for subscriptions that contain virtual networks. There is no impact to your resources or associated charge for automatically enabling Network Watcher. This will simplify and improve your network troubleshooting experience.
Recommend you enable Network Watcher in each region. Here’s what the ARM template piece to enable Network Watcher:
{
"type": "Microsoft.Network/networkWatchers",
"name": "[concat('net-watcher-',parameters('environmentCode'),'-',variables('regionFullCode'))]",
"apiVersion": "2018-07-01",
"location": "[parameters('vnetLocation')]",
"tags": {
"environmentCode": "[parameters('environmentCode')]",
"serviceCode": "net",
"deploymentARMTemplateVersion": "[parameters('deploymentARMTemplateVersion')]",
"deploymentARMTemplateParameterFileVersion": "[parameters('deploymentARMTemplateParameterFileVersion')]",
"deploymentDateTime": "[parameters('deploymentDateTime')]"
},
"properties": {},
"dependsOn": []
}