Take for example event 4624, with output as JSON to kafka, there is a JSON field in im_msvistalog:

"Category":"Logon",
...
"Task":12544,

Now, looking at an event 4624 collected via im_wseventing, the JSON looks like this:

"Task":"Logon"

Note: Field Category is missing! As "Task" contains the category, in reality, the Task is missing here..

Please fix that for the WEC collector.

Best regards Theo