Security Event log filtering

We are tracking event id 4771 bad pwd events by forwarding them from all dc’s to a 2012 admin. server. I have figured out how to filter the xml data to find a given user. Now what I’m looking to do is pull data from each of the individual events:

Sample event:

Kerberos pre-authentication failed.

Account Information:
Security ID: *************
Account Name: %username%

Service Information:
Service Name: *******

Network Information:
Client Address: ::ffff:*******8
Client Port: 62980

Additional Information:
Ticket Options: 0x40810010
Failure Code: 0x18
Pre-Authentication Type: 2

I truncated the rest off.

I would like to pull just the Network Information: and specifically the client address, and then export the data via csv.

Any help in pointing me to the right direction would be great.

Checkout these resources found via a Google search for “powershell event 4771 script”: