I've just started out in KQL and am struggling to find a way to get the most recent status/value for a particular log value. We have a lot of machines and I just want to know the most recent value reported, something like this (pseudo-code). So I end up with a list of distinct computers and their status and when they last reported.
For example:
ProtectionStatus
| project Computer, ProtectionStatus, OSName, TimeGenerated
| where TimeGenerated = MostRecent
Can anyone point me in the right direction please?