When you use the relevance query uptime of operating system in Windows 10, it doesn’t include hybrid shutdown.
We found a way to determine the most recent system wake/start determined by following relevance query that reads out the system event log:
times generated of records whose ((source of it as lowercase = “Microsoft-Windows-Power-Troubleshooter” as lowercase) OR (source of it as lowercase = “EventLog” as lowercase AND event id of it = 2147489653)) of system event log
Problem is that I get the 20 most recent records. How do I only read out the newest one and how do I translate this to determine whether the uptime is bigger than 4 days?
To get the latest result you could use something like:
tuple string items (integers in (number of tuple string items of it - 1, number of tuple string items of it)) of concatenation ", " of (times generated of records whose ((source of it as lowercase = "Microsoft-Windows-Power-Troubleshooter" as lowercase) OR (source of it as lowercase = "EventLog" as lowercase AND event id of it = 2147489653)) of system event log as string)
For the second request, you could use:
now - ((tuple string item (integers in (number of tuple string items of it - 1, number of tuple string items of it)) of concatenation ", " of (times generated of records whose ((source of it as lowercase = "Microsoft-Windows-Power-Troubleshooter" as lowercase) OR (source of it as lowercase = "EventLog" as lowercase AND event id of it = 2147489653)) of system event log as string)) as time) > 1*day