This is an tough one. I have come across similar issues my self.
The only way to write custom parser for windows events is with a CEF agent and using it as a CEF data source.
Now if the description field contains the %6 value you wish to locate, you might be able to use contains or regex value to match against.
Disclaimer not all fields have that option.
PS hows 10.0 treating you?
That's too bad - i would have thought there'd be native parsing of windows events. I'll have to spend some time with it then.
10 is nice overall! No major issues.
So Windows parsing is native, custom parsing is not.
So you can write custom parsers for WMI events? I thought you can only do it for ASP and builtin WMI is not good enough?
No you can't there is only custom parser for syslog