To filter Windows Event Logs by specific values (i.e. usernames) within the EventData element, you can use custom XPath expressions. XPath is an expression language that allows the processing of values of an XML document (conforming to the data model defined in the XQuery and Xpath Data Model).
https://learn.microsoft.com/en-us/windows/win32/wes/consuming-events?redirectedfrom=MSDN#limitations
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[EventData[Data[@Name='SubjectUserName'] and (Data='username')]]</Select>
</Query>
</QueryList>