I want to write a relevance to get the last connection time from SEPM client. I got the relevance, but I cant figure out how to convert it to a better format.
The relevance I use:
q: unique value of (it as string) of (values “LastConnectedTime” of keys “Symantec Endpoint Protection\SMC\SYLINK\SyLink” of keys “HKEY_LOCAL_MACHINE\Software\Symantec” of (x32 registries; x64 registries)) as string
A: 2023-06-01T10:24:34.873755Z
T: 0.220 ms
I want to get the answer with a format like this: 2023-06-01 10:24
If all you’re looking for is a reformatting of the string without caring about time zone then something like this ought to be enough:
Q: concatenation " " of substrings separated by “T” of preceding text of last “:” of "2023-06-01T10:24:34.873755Z"
A: 2023-06-01 10:24
T: 0.096 ms
I: singular string
Thank you!
I tried to rewrite it to my relevance but I got this error:
q: (concatenation of " " of substrings separated by “T” of preceding text of last “:” of it as string) of (value “LastConnectedTime” of keys “Symantec Endpoint Protection\SMC\SYLINK\SyLink” of keys “HKEY_LOCAL_MACHINE\Software\Symantec” of (x32 registries; x64 registries)) as string
E: The operator “last” is not defined.
Preceding text isn’t supported by registry values so you have to cast it to a string first. Which you were trying to do, but the parentheses were tripping you up. Try this:
(concatenation " " of substrings separated by "T" of preceding text of last ":" of it) of (values "LastConnectedTime" of keys "Symantec Endpoint Protection\SMC\SYLINK\SyLink" of keys "HKEY_LOCAL_MACHINE\Software\Symantec" of (x32 registries; x64 registries) as string)