I'd like to highlight errors when looking at a windows event log, but the string "Error" also appears in many non-Error level messages.

I haven't found any help documentation on what the regular expression syntax is for highlighting, but if columns' strings were each compared separately to the regex, then using "^Error$" would work for me in most cases. Since that doesn't work I assume you concatenate the record into a single string before comparing? It looks like you are concatenating using space as the delimiter. If you changed to concatenate with some (carefully chosen) special character then we could use a regex with that special character to select by field like "\|Error\|".

That doesn't work for me. It looks like that concept works in general, but that the Date is not in the record stringification so it cannot be matched against.

Here is a slightly redacted line from right-clicking a line of the log in LogViewer and selecting "Copy Selected Rows":
6/29/2017 11:51:46 AM Warning Foo Controller rb1\Ryan 0 The redacted message.

None of the rules "AM Warning", "AM", "2017" nor "46" select this line in LogViewer.
The rules "Warning", "Controller", and "rb1" do select this line.
I have only one rule enabled to avoid any conflicts.

Adding my vote here. I'd like to highlight Warnings and not every log entry that has the word Warning 'somewhere' in it.