create incident in sentinel using logic apps after running query in azure data explorer

There are issues with this approach.  A big part of Sentinel is its automated Entity relationship mapping and for this to work properly Incidents need to be created from alerts or Analytic Rules acting on data in Sentinel itself.  The way to resolve this is to not create an Incident directly from data in ADX but send the data from ADX to Sentinel and let Sentinel’s Analytic Rules create the Incident normally.

To get data from ADX into Sentinel it's easier to use a continuously running Function App to run KQL queries over ADX and then submit the retrieved data to Sentinel using a designated Data Collection Rule. 

Doing it this way will preserve your entity relationships when Incidents are created in Sentinel.