Assuming that "SpecialClients" is a User Defined Group with a list of hostnames (complete with the necessary wildcards), and that you want an alert when someone tries to log IN to a SpecialClient and not when someone tries to remotely log into another system FROM a SpecialClient, you need to use "UserLogon.DestinationMachine" is contained in "SpecialClients."
This also assumes that "SpecialClients" have the LEM Agent installed and an Audit Policy that will generate the needed UserLogon events in place.