I am trying to write a query that shows me on which VM a service is not running.

The basic framework is quite easy to find on the net:

Event
| where TimeGenerated >ago(1d)
| where EventLog == "System" and EventID ==7036 and Source == "Service Control Manager"
| parse kind=relaxed EventData with * '<Data Name="param1">' Windows_Service_Name '</Data><Data Name="param2">' Windows_Service_State '</Data>'*
| where Windows_Service_Name contains "choco".
| sort by TimeGenerated desc
| project Computer, Windows_Service_Name, Windows_Service_State, TimeGenerated

But now I want to display only the last state. (As you can see in the example, the service was stopped at first, but then started again).
In this case I am only interested in the fact that the service is running again.

But I can't do this with the summarize.