Relevance Windows Event Log get last occurrence

Hello,

i would like to get only the last occurrence of this event log question, some say to play with maxima but i don’t know how. Thank you
This give me the oldest not the newest

q: time generated of record whose (source of it as lowercase = “VMware Mirage Client” as lowercase AND event id of it mod 65536 = 0 AND description of it contains “Finished Layer download. Operation will complete when the endpoint is restarted.”) of application event log
A: Mon, 29 Jun 2020 16:25:32 +0200

This give all result, i would be able to catch the last one

q: times generated of records whose (source of it as lowercase = “VMware Mirage Client” as lowercase AND event id of it mod 65536 = 0 AND description of it contains “Finished Layer download. Operation will complete when the endpoint is restarted.”) of application event log
A: Mon, 29 Jun 2020 16:25:32 +0200
A: Wed, 30 Sep 2020 12:00:36 +0200
A: Wed, 30 Sep 2020 15:27:14 +0200
A: Fri, 02 Oct 2020 13:57:19 +0200
A: Fri, 02 Oct 2020 15:19:09 +0200
> A: Fri, 02 Oct 2020 16:32:47 +0200
T: 502.138 ms

Thanks for any help

It seems to be ok by using maxima:

q: maxima of times generated of records whose (source of it as lowercase = “VMware Mirage Client” as lowercase AND event id of it mod 65536 = 0 AND description of it contains “Finished Layer download. Operation will complete when the endpoint is restarted.”) of application event log
A: Wed, 30 Sep 2020 10:58:36 +0200
T: 2462.128 ms

However i cannot use the result as a time, if i try to calculate with now i get an oerror:

q: now-(maxima of times generated of records whose (source of it as lowercase = “VMware Mirage Client” as lowercase AND event id of it mod 65536 = 0 AND description of it contains “Finished Layer download. Operation will complete when the endpoint is restarted.”) of application event log)
E: A singular expression is required.

Does someone could advice on how to use the result as a time value able to be calculated with now?

Thank you

OK, finally found myself, here is the code for those who need the answer:

(now - it) of maxima of times generated of records whose (source of it as lowercase = “VMware Mirage Client” as lowercase AND event id of it mod 65536 = 0 AND description of it contains “Finished Layer download. Operation will complete when the endpoint is restarted.”) of application event log

3 Likes