I have below two events for a host which shows eventcode=6005 meaning PC ON and evencode=6006 meaning PC OFF. I want to create an alert for sending an alert if the host or computer is Off for more than two hours. So basically, it should take the latest event by host and check if eventcode=6006 for off and then subtract that time from now and if greater than 2 hours should send an alert for this host or computer being OFF. How can I do that.
6/25/18
6:09:23.000 AM
06/25/2018 05:09:23 AM
LogName=System
SourceName=EventLog
EventCode=6005
EventType=4
Type=Information
ComputerName=USOLPWDW7361HNK.NAO.global.gmacfs.com
TaskCategory=None
OpCode=None
RecordNumber=358246
Keywords=Classic
Message=The Event log service was started.
6/25/18
6:08:14.000 AM
06/25/2018 05:08:14 AM
LogName=System
SourceName=EventLog
EventCode=6006
EventType=4
Type=Information
ComputerName=USOLPWDW7361HNK.NAO.global.gmacfs.com
TaskCategory=None
OpCode=None
RecordNumber=358233
Keywords=Classic
Message=The Event log service was stopped.
↧