I need to calculate the difference between a field in the most recent event with a given account_id and the latest event that is atleast a week before this one.
06/24/2018 02:45:57 PM
AccountId=foo
LogName=Security
COMPARED_FIELD=0
EventCode=4624
EventType=0
Type=Information
host=host1
07/01/2018 03:45:57 PM
AccountId=foo
LogName=Security
COMPARED_FIELD=1
EventCode=4624
EventType=0
Type=Information
host=host1
We want to see if this field changes over the span of a week. What would be the best way of doing this?
... View more