Forum Discussion
Logic app returns empty array trying list alarms related to Sentinel incident
Hi, All Got an issue. We use automation playbook to enrich our Sentinel incidents. Brief idea is when Sentinel triggers incident we do query using Azure Monitor logs connector alarms from incident, ...
Puzzle solved. The issue was ingestion delay in log analytics workspace. So then you query immediately after triggers rises - zero result. so we have to insert 3 minutes delay between Sentinel incident connector and Azure Monitor Log query. All works fine after that
