Filter include only PowerShell events

Add this as a filter in agent.properties file:

*[System[Provider[@Name\=’Microsoft-Windows-PowerShell’ or @Name\=’PowerShell’]]]

Use \ for all = and !, for ex if you want not to include something: @Name\!\=’something’

Use Windows Event Viewer and create a filter and then switch to XML and copy the string in between  <Select> and </Select>.