Hi, My working nxlog.conf relies on Query directives aimed at explicitly named Channels together with the im_msvistalog Module. <Input blu_eventlog_iis> Module im_msvistalog Query &lt;QueryList&gt;\ &lt;Query Id=&quot;0&quot;&gt;\ &lt;Select Path=&quot;Microsoft-IIS-Configuration/Administrative&quot;&gt;*&lt;/Select&gt;\ &lt;Select Path=&quot;Microsoft-IIS-Configuration/Operational&quot;&gt;*&lt;/Select&gt;\ &lt;Select Path=&quot;Microsoft-IIS-Logging/Logs&quot;&gt;*&lt;/Select&gt;\ &lt;/Query&gt;\ &lt;/QueryList&gt; # Filter noise from IIS schema issues Exec if ($Message =~ /Unable to find schema/) drop(); # Workaround for local time so as to standardize to absolute microseconds since epoch Exec $EventTime = integer($EventTime); # JSON is required because some Windows logs contain new-line characters. Exec $Message = to_json(); </Input> <Output blu_out_eventlog_iis> Module om_tcp Host %SIEM% Port %PORT% Exec to_syslog_bsd(); </Output> <Route route_eventlog_iis> Path blu_eventlog_iis => blu_out_eventlog_iis </Route> I hoped to clean up some 15007 errors in the nxlog.log files included below: 2020-07-06 14:42:55 ERROR failed to subscribe to msvistalog events,the channel was not found [error code: 15007]; The specified channel could not be found. I suspect the 15007 errors are being generated because IIS isn't setup. In other words, the named IIS Channels are queried but not found. Is it possible to add an If/Else statement as part of those Query directives? Looking over the NXlog CE Manual I only see If/Else statement used with Exec. Any guidance would be greatly appreciated!