Windows Power Off Duration

This query will indicate the time it took between a computer shutdown and a computer powering back on. Typically found in restarts and shutdowns. This would not occur during a hard-reset or loss of power. sourcetype=WinEventLog:System (EventCode=6005 OR EventCode=6006) | transaction host startswith=”EventCode=6006″ endswith=”EventCode=6005″ | eval restart_duration=tostring(duration,”duration”) | eval Date=strftime(_time, “%Y/%m/%d”)| where duration > 480 […]

Continue Reading →