Logic apps - condition not working

Georgi Palazov 241 Reputation points


What i'm trying to do is when an incident is triggered->check with query if its related to OracleDBAudit table. If not - don't send email. If yes - send email.
Below you can find the logic app flow i'm trying to implement:


Run query and list results contains:

| where AlertName contains "OracleDBAudit"
| where IsIncident == true

  • In my case this is returning no results when inserted in LOGS, thus send no email. However I get an email no matter what.


Below you can find the output from the Run query and list results which returns nothing and still the condition is TRUE?


Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,103 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
704 questions
0 comments No comments
{count} votes

0 additional answers

Sort by: Most helpful