Logical (binary) operators
Applies to: ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
The following logical operators can be used to perform comparisons and evaluations:
Operator name | Syntax | Meaning |
---|---|---|
Equality | == |
Returns true if both operands are non-null and equal to each other. Otherwise, returns false . |
Inequality | != |
Returns true if any of the operands are null or if the operands aren't equal to each other. Otherwise, returns false . |
Logical and | and |
Returns true only if both operands are true . |
Logical or | or |
Returns true if either of the operands is true , regardless of the other operand. |
Note
These logical operators are sometimes referred-to as Boolean operators, and sometimes as binary operators. The terms are interchangeable.
How logical operators work with null values
Null values adhere to the following rules:
Operation | Result |
---|---|
bool(null) == bool(null) |
false |
bool(null) != bool(null) |
false |
bool(null) and true |
false |
bool(null) or true |
true |
Examples
Equality
The following query returns a count of all storm events where the event type is "Tornado".
StormEvents
| where EventType == "Tornado"
| count
Output
Count |
---|
1238 |
Inequality
The following query returns a count of all storm events where the event type isn't "Tornado".
StormEvents
| where EventType != "Tornado"
| count
Output
Count |
---|
57828 |
Logical and
The following query returns a count of all storm events where the event type is "Tornado" and the state is "KANSAS".
StormEvents
| where EventType == "Tornado" and State == "KANSAS"
| count
Output
Count |
---|
161 |
Logical or
The following query returns a count of all storm events where the event type is "Tornado" or "Thunderstorm Wind".
StormEvents
| where EventType == "Tornado" or EventType == "Thunderstorm Wind"
| count
Output
Count |
---|
14253 |
Null values
The following query shows that null values are treated as false.
print iff(bool(null) and true, true, false)
Output
print_0 |
---|
false |