When you want a better filter for Windows event logs

The built in filtering in windows event logs is fine for when you want to find a specific event, but if you want to find when a specific service started or stopped, it’s not up to the job. Luckily there is the capability to use XML filters which I use in a custom view

 

<QueryList> 
 <Query Id="0"> 
  <Select Path="System"> 
  *[EventData[Data[@Name='param1'] and (Data='Hyper-V Time Synchronization Service')]] 
  </Select> 
 </Query> 
</QueryList>