Filter Event Viewer Logs By Source Name
jselormey
Greetings,
I'm trying to filter event viewer logs by the source name using the following configuration:
<Input EventLog>
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path='System'>*[System[(SourceName="Service Control Manager")]]</Select>\
</Query>\
</QueryList>
</Input>
However it's not working. When I try and filter by Event ID that works no problem. Any assistance would be much appreciated.
