I am implementing windows event log interface to capture filtered events and push those data to Pi Data Archive. For testing purposes, I have captured eventID: 10028 which occurs when doing "getmac /s viper" from command prompt and passed that data successfully to PI Data Archive (see attached). The main goal of this exercise is to capture any kind of expected shutdown or power loss event and pass those data to PI Data Archive.
I am not able to capture the expected shutdown event ID. The only thing setting that I changed for the two tags are the Exdesc where EventID = 6008 in Point Builder since unexpected shutdown id is 6008 in Event Viewer.
Let me know if there is any question.
OS: Windows Server 2012 R2 Standard