I am a bit confused by the documentation on nxlogce.  Below is my sample config.  It collects some of the logs just fine but does not collect the logs that I want.  Security comes through just fine, application not so much, and system is spotty. I would like to explictyly define Microsoft-Windows-TerminalServices-LocalSessionManager/Operational.  If that is not possible I would like to get the forwarded logs from a logcollector and index them.  I have tried the documented query statements
 

    Query   <QueryList>\
        <Query Id="0">\
#            <Select Path="Security">*</Select>\
            <Select Path="System">*</Select>\
            <Select Path="Application">*</Select>\
            <Select Path="Setup">*</Select>\
            <Select Path='Microsoft-Windows-TerminalServices-LocalSessionManager/Operational'>*</Select>\
        </Query>\
    </QueryList>

and this does not seem to work. If I just leave the sataement as below I do get some messages back but not all, Do I need to buffer my messages to get everything flowing through? 

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension gelf>
    Module      xm_gelf
</Extension>

<Input Eventlog>
    # Use 'im_mseventlog' for Windows XP and 2003
    Module      im_msvistalog
</Input>

<Output outevt>
    Module      om_tcp
    Host       myhost.mycomany.local
    Port        1338
    OutputType  GELF
</Output>

<Route Eventlog>
    Path        Eventlog => outevt
</Route>