Query Details
Intunecomputershutdowns
Query
// Computers restarts/shutdowns // List restart and shutdowns events for all monitored computers. Event | where EventLog == "System" and Source == "User32" and EventID == 1074 | search "shutdown" | sort by TimeGenerated desc | project TimeGenerated, Computer
Explanation
This query retrieves a list of restart and shutdown events for all monitored computers. It filters the events based on the EventLog, Source, and EventID, and then searches for events containing the word "shutdown". The results are sorted by the time they were generated and only the TimeGenerated and Computer fields are displayed.
Details
Rod Trent
Released: August 18, 2020
Tables
Event
Keywords
Event,EventLog,Source,EventID,search,sort,project,TimeGenerated,Computer
Operators
whereandsearchsort byproject