Hello,
Just pulled out the last remaining hairs out of my head.
I'm having some trouble with a SWQL query, specifically on adding a date parameter in the WHERE clause. The query is meant to display any devices that encounter a reboot event ID for the last 24 hours. When I run the query, I receive data, but the query continues to run until I get the time out error. Is there something in the query that I'm missing or should I adjust it, or use something else?
SELECT ComputerName AS [Name],EventCode AS [Event Code],User,Message,ToLocal(TimeGeneratedUtc) AS [ALERT TRIGGER TIME]
FROM Orion.APM.WindowsEvent
WHERE TimeGeneratedUtc > ADDDAY(-1, GETUTCDATE())
AND EventCode IN ('1074','41','1076','6006','6008')
ORDER BY TimeGeneratedUtc desc