Windows Event viewer uses xpath to create queries. It is retarded...

Some examples for greater good:


search for 4662 (group changed) of objecttype "bf967a9c-0de6-11d0-a285-00aa003049e2" which is group and accesslist = 7684 which is members
