Forum Discussion

SethDunn's avatar
SethDunn
Copper Contributor
Jul 15, 2020

Query Logs between over night hours.

Hello,
I am trying to query logs for file changes that occur over night.
So working with this query

ConfigurationChange
where Computer == "MyComputer"
where FileSystemPath contains "MyFolder"
where ConfigChangeType in("Files")
 
Then I am wanting to just have reports for the time between 22:00:00 - 10:00:00
I tried this query
 
where TimeGenerated between(datetime("22:00:00") .. datetime("10:00:00"))
 
But no logs are returned, even though logs are returned, if I run the query with out that TimeGenerated portion
And of course those times are UTC

How do I write it so that only the results between that 12 hour period are returned?
  • JK_UK's avatar
    JK_UK
    Brass Contributor

    SethDunn 

     

    This any use ?

     

    | where datetime_part("hour",TimeGenerated) !between (10 .. 22)

Resources