Eventmonitoring WinRM (Microsoft Eventviewer Severity)

Hello,

Ive a question about monitoring Windows server based on WinRM in Zenoss 5.0. Ive struggled a couple of hours already and I hope my post is helping others as well so Ill try to explain all my steps I did as detailed as possible.
The problem:

After a fresh install Zenoss I imported Windows 2012R2 Server, configured the WinRM properties (zWinKDC, zWinRMPassword and ZwinRMUser) and I immediately I saw al data coming after a smooth modeling. Really nice graphs, file system, Windows services and Interfaces all working, great!!.

But then the problem, I noticed that I didnt receive any events from the Windows Eventlog. So as I was used to do in earlier versions I went to Infrastructure > Server > Microsoft and pushed Detail to edit the configuration properties. But surprisingly the properties zWinEventlog and zWinEventlogMinSeverity werent there anymore. After research and some help from chat channel I did the following.

1. Download the latest Microsoft Windows ZenPack 2.3.2 http://wiki.zenoss.org/ZenPack:Microsoft_Windows. Default installation came with 2.3.1.

2. Install the zenpack (again after lots of research about dockers and containers and such). This is how I did it, dont know its the best way but worked:
a. Copy Zenpack to a folder on the local Zenoss machine. Give proper rights to this folder, I used chmod 777 /temp/ -R just to be sure.
b. Typed this command after that to install: serviced service run zope zenpack install ZenPacks.zenoss.Microsoft.Windows-2.3.2.egg

3. To get Windows Events I used the Zenoss gui: Select Advanced > Monitoring Templates > Device > Server/Microsoft. On the panel on the left you will see a couple of Windows datasources (MemoryAvailableBytes, ProcessorTotalPrivilegedTime, etc.).
a. Click on add data source (the plus icon)
b. Select type: Windows Eventlog
c. Choose Name: System or Application (Same name as the actual eventviewer name)
d. Click Submit.

After this step I was receiving events, but I receive all event information, warning and critical, but my goal is to only receive events with a severity above warning. When I was looking at the documentation (just 25 lines, way too short for a not-zenoss-guru). And it says the following about filtering.

Quote:
To monitor EventLog events you should add to monitoring template with "Windows EventLog" datasource. For the Event Log field put the name of event log (e.g. "System") that you are interested in, and in the EventQuery you could put the filter for events. Filter is written as PowerShell scriptblock for Where-Object commandlet.
To target all events with a Warning or higher severity:

For Windows 2003:
{ $$_.EntryType -le [System.Diagnostics.EventLogEntryType]::Warning}

For Windows 2008 & Later:
{ $$_.Level -le [System.Diagnostics.Eventing.Reader.StandardEventLevel]::Warning}

Well and there lies my problem: Does anybody know what is an EventQuery is and where to put this
If somebody has a small step by step I would help me (and probably a lot other Windows people my guess).

Thanks,
Larve