Your assumption is not correct, but is a bit mis-stated.
I believe the where clause isn’t ‘specifically’ supported by the Bigfix inspector directly, but it passes the entire query over to the OS to handle, which is why you will get a windows specific error back if the query isn’t written correctly. Or even if it is written correctly, you may not get any results back.
Your query works fine on my machine - but just comes back with no data. When you try working with WMI queries, you might try being a bit less restrictive with your Where filter parameters to ensure you get at least some data back. Once you do, you can examine the results and fine tune your query.
Alternatively, using the forums Search function and entering “WMI where” (without the quotes) would have provided you with a good number of posts from which you could have figured out that A) the ‘Where’ clause can be used and B) how to use it.
The select statement is correct other than the line break. I tried the same thing in RD, but changing eventcode from 123 (which I don’t have) to 1100 (which is in my security events).
selects “* from Win32_NTLogEvent Where Logfile=‘Security’ and EventCode= ‘1100’” of wmi
I don’t think this has much to do with BigFix if it isn’t working… As far as I know, ‘where’ clause support in WMI was added in XP (or maybe Vista?) so if you have older OSes, wmi where causes won’t work…