Windows Event Log collection

How do I collect all warning and errors

I've just installed latest Zenoss 4 & ZenPack 2.4.1 & Python.

Created a Windows_Event template, selected Warning level, and molded to a Windows Server. Reconfigured WinRM on server. According to the following site, all i need to do is to put in following query but it's grabbing error, informational, and warning events.

{ $$_.Level -le [System.Diagnostics.Eventing.Reader.StandardEventLevel]::Warning }

https://support.zenoss.com/hc/en-us/articles/203241949-How-to-Capture-Wi...

Not sure if it's grabbing extended Log in the eventlog but it's not being caught. Such as "MSExchange Management"

To remove Information, can we do something with proper syntax like

* AND { $$_.Level -ne [System.Diagnostics.Eventing.Reader.StandardEventLevel]::Information}