{"id":5246,"date":"2026-05-18T14:22:40","date_gmt":"2026-05-18T14:22:40","guid":{"rendered":"https:\/\/geekmungus.co.uk\/?p=5246"},"modified":"2026-05-18T14:37:38","modified_gmt":"2026-05-18T14:37:38","slug":"example-event-viewer-xml-filter","status":"publish","type":"post","link":"https:\/\/geekmungus.co.uk\/?p=5246","title":{"rendered":"Example Event Viewer XML Filter"},"content":{"rendered":"\n<p>Here&#8217;s a quick example, which might help you, it filters by specific attributes (which you can&#8217;t get through the GUI) when you&#8217;re attempting to create a Custom View for Event Viewer.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;QueryList>\n  &lt;Query Id=\"0\" Path=\"Security\">\n    &lt;Select Path=\"Security\">\n      *&#91;\n        System&#91;\n          (EventID=4768 or EventID=4769 or EventID=4770 or EventID=4771)\n        ]\n        and\n        EventData&#91;\n          Data&#91;@Name='TargetUserName']='user@DOMAIN.COM'\n        ]\n      ]\n    &lt;\/Select>\n  &lt;\/Query>\n&lt;\/QueryList><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Here&#8217;s a quick example, which might help you, it filters by specific attributes (which you can&#8217;t get through the GUI) when you&#8217;re attempting to create a Custom View for Event Viewer.<\/p>\n","protected":false},"author":4,"featured_media":4415,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27,14],"tags":[],"class_list":["post-5246","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory","category-microsoft-windows"],"_links":{"self":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/5246","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5246"}],"version-history":[{"count":2,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/5246\/revisions"}],"predecessor-version":[{"id":5248,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/5246\/revisions\/5248"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/media\/4415"}],"wp:attachment":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}