You can convert the time from utc to any timezone you desire viadatetime_utc_to_local()function. $startTime = "08:30:00" $endTime = "11:30:00" $queryChangeAn = @" resourcechanges | extend changeTime = datetime_utc_to_local(todatetime(properties.changeAttributes.timestamp),'...
input { file { path => "/usr/local/servers/logstash/data/movies/movies.csv" start_position => "beginning" } } filter { csv { separator => "," columns => ["id","content","genre"] } mutate { split => { "genre" => "|" } remove_field => ["path", "host","@timestamp",...
| project StartTimeUtc = TimeGenerated, encodedCommand = tostring(split(encodedCommand, ' ')[0]), CommandLine // Note: currently the base64_decode_tostring function is limited to supporting UTF8 | extend decodedCommand = translate('\0','', base64_decode_tostring(substring(encodedCommand, 0, ...