hi all,

not sure if you can help me, but I recently installed the latest (beta) version of nxlog 4-99.4527 to test the multiple evtx files support. my config looks like this:

<Input eventlog>
    Module  im_msvistalog
    File    "C:\Users\test\Desktop\logs\*.evtx"
</Input>

<Output file_from_eventlog>
	Module om_file
	File "C:\logs\evtx_new.log"
	Exec to_json();
</Output>

while it perfectly outputs to the local file in JSON output :), i still get the following error in the nxlog.log

2019-02-01 15:33:01 ERROR failed to query msvistalog events from file (C:\Users\test\Desktop\logs\Microsoft-Windows-SettingSyncOperational.evtx),[error code: 1287]; Zur Bestimmung der Fehlerursache stehen nicht genügend Informationen zur Verfügung.

I'm sorry that the error message is in german but roughly translated it means "Not enough information is available to determine the cause of the error."

any ideas what could cause this error?

many thanks in advance, theresa