Using XPath starts-with or contains functions to search Windows event logs

Question

By editing the XML filter query manually in Windows event viewer, I can find events where the data matches a string exactly:

Answer 1

Windows Event Log supports a subset of XPath 1.0. It contains only 3 functions: position, Band, timediff.

Reference: https://docs.microsoft.com/en-us/windows/desktop/WES/consuming-events#xpath-10-limitations