In order to search the Windows Event Log for logins by username you will need to be using Windows Server

The following steps will allow you to search the Windows Event log for logins by username.

1. Open event viewer and select the Security Logs

2. Select filter current log in the Actions pane.

3. Select XML tab

4. Select ‘Edit query manually’

5. Replace the contents with

<QueryList>
<Query Id=”0″>
<Select Path=”Security”>
*[EventData[Data[@Name=’SubjectUserName’] and (Data=’USERNAME’)]]
</Select>
</Query>
</QueryList>

6. Change the USERNAME field to the appropriate username configured in active directory for the user you are searching security events for.

7. The results now show your custom security log XML search.

8. Do not forget to clear filter to revert back to unfiltered view.