SOLVED: How To Filter Windows Security Logs To See Who Logge

There comes a day when you need to find out who logged on to a server or PC.  Fortunately Windows tracks log-ons and log-offs but the log may contain hundreds or thousands of entries you do not want.  So the question is how to filter the log to just a specific person.

1. Launch the Event Viewer
2. Expand WINDOWS LOGS
3. Expand SECURITY
4. Click FILTER CURRENT LOG (in the right side, ACTION pane)
5. Click the XML tab
6. Paste in the query

<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">* [EventData[Data[@Name='subjectUsername']='USERNAME']]</Select>
</Query>
</QueryList>

You need to change the ‘USERNAME’ to the user name you want to search for and then click the OK button.