Hi, I'm trying to return the LAST set of records - related to Updates
I'm using this, but my problem is, that it only returns the set of records, if the time is 100% the same.
| summarize hint.strategy=partitioned arg_max(TimeGenerated,*) by Computer,UpdateID
I would like to give 1 min of "slack", so it returns all records +1/-1 the last value of TimeGenerated.
How can I accomplish that ?
