Azure
unable to query some of the schemas (EmailEvents, SecurityEvent) using Advanced Hunting
Describe the Bug with repro steps
I unified the MDE and Microsoft Sentinel Platform.
I can query all the tables in MDE portal.
In Logic apps, I can query tables like DeviceEvents, DeviceNetworkEvents.
However, I am unable to query some of the tables, like EmailEvents, SecurityEvent
"Failed to retrieve dynamic outputs. As a result, this operation's outputs might not be visible in subsequent actions. Error details: 'take' operator: Failed to resolve table or column expression named 'EmailEvents'. Fix semantic errors in your query."
suspect the backend URL are different
What type of Logic App Is this happening in?
Consumption (Portal)
Which operating system are you using?
Windows
Are you using new designer or old designer
tried Both
Did you refer to the TSG before filing this issue? https://aka.ms/lauxtsg
Yes
Workflow JSON
{
"type": "ApiConnection",
"inputs": {
"host": {
"connection": {
"referenceName": "wdatp"
}
},
"method": "post",
"body": {
"Query": "EmailEvents\n| take 10"
},
"path": "/api/advancedqueries/run"
},
"runAfter": {}
}
Screenshots or Videos
Browser
Chrome, Edge
Additional context
suspect the backend URLs are different
I faced similar problem in PowerBI which there are two different APIs
https://api.securitycenter.microsoft.com/api/advancedqueries (For DeviceEvents…)
https://api.security.microsoft.com/api/advancedhunting (For EmailEvents…)
This issue is stale because it has been open for 45 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been inactive for 14 days since being marked as stale.