Hello,
I am trying to query logs for file changes that occur over night.
So working with this query
ConfigurationChange
where Computer == "MyComputer"
where FileSystemPath contains "MyFolder"
where ConfigChangeType in("Files")
Then I am wanting to just have reports for the time between 22:00:00 - 10:00:00
I tried this query
where TimeGenerated between(datetime("22:00:00") .. datetime("10:00:00"))
But no logs are returned, even though logs are returned, if I run the query with out that TimeGenerated portion
And of course those times are UTC
How do I write it so that only the results between that 12 hour period are returned?
