Query Logs between over night hours.

Copper Contributor

I am trying to query logs for file changes that occur over night.
So working with this query

where Computer == "MyComputer"
where FileSystemPath contains "MyFolder"
where ConfigChangeType in("Files")
Then I am wanting to just have reports for the time between 22:00:00 - 10:00:00
I tried this query
where TimeGenerated between(datetime("22:00:00") .. datetime("10:00:00"))
But no logs are returned, even though logs are returned, if I run the query with out that TimeGenerated portion
And of course those times are UTC

How do I write it so that only the results between that 12 hour period are returned?
1 Reply



This any use ?


| where datetime_part("hour",TimeGenerated) !between (10 .. 22)