How to filter windows event log with wildcard?

Solution 1:

The XPath selector must begin with *, however you cannot use * to filter fields as Xpath 1.0 has no contains operator.

https://blogs.technet.microsoft.com/askds/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer/

XPath 1.0 Limitations: Windows Event Log supports a subset of XPath 1.0. There are limitations to what functions work in the query. For instance, you can use the position, Band, and timediff functions within the query but other functions like starts-with and contains are not currently supported.

Solution 2:

Use Powershell

Get-EventLog -LogName "System" | ?{$_.Message -like "*YourSearchString*"} | Out-GridView