根据文档
here,支持星号通配符,因此它应该在例如.
* [EventData [Data [@ Name =’TargetUserName’] =’User1 *’]]
但我不能让任何通配符过滤器工作 – 有没有人能够这样做?
XPath选择器必须以*开头,但是您不能使用*来过滤字段,因为Xpath 1.0没有包含运算符.
XPath 1.0 Limitations:
Windows Event Log supports a subset of XPath 1.0. There are limitations to what functions work in the query. For instance,you can use theposition,Band,andtimedifffunctions within the query but other functions likestarts-withandcontainsare not currently supported.
