Greetings,

I'm trying to filter event viewer logs by the source name using the following configuration:

<Input EventLog>
    Module      im_msvistalog
    Query       <QueryList>\
                    <Query Id="0">\
                        <Select Path="Application">*</Select>\
                        <Select Path='System'>*[System[(SourceName="Service Control Manager")]]</Select>\
                    </Query>\
                </QueryList>
</Input>

However it's not working. When I try and filter by Event ID that works no problem. Any assistance would be much appreciated.