Winlogbeat registry file issues

I am new to winlogbeat and just trying to get it rolled out across all of our windows servers.

I just pushed out Winlogbeat to our devtest environment. I had no issues with sandbox environment or any issues when test in my local environment.

Winlogbeat version - 7.9.0

====== Winlogbeat specific options =========

winlogbeat.registry_file: C:/ProgramData/winlogbeat/.winlogbeat.yml
winlogbeat.shutdown_timeout: 60s

winlogbeat.event_logs:

  • name: Application
    ignore_older: 30m

  • name: System
    ignore_older: 30m

  • name: Security
    ignore_older: 30m

  • name: Microsoft-IIS-Logging/Logs
    ignore_older: 30m

== Outputs ===

Registry File:
File Contents - problem server
update_time: 2020-09-04T14:51:42.2454804Z
event_logs:

File Contents - working server
update_time: 2020-09-04T15:18:37.2668994Z
event_logs:

  • name: Application
    record_number: 2317
    timestamp: 2020-09-04T14:31:11.2885802Z
    bookmark: "\r\n \r\n"
  • name: Security
    record_number: 648070
    timestamp: 2020-09-04T15:18:32.962626Z
    bookmark: "\r\n \r\n"
  • name: System
    record_number: 49856
    timestamp: 2020-09-04T15:14:08.9264544Z
    bookmark: "\r\n \r\n"

SaltState is managed in Gitlab. No changes were made to it between the time it was merged from Sandbox to DevTest.

I have compared the winlogbeat.yml file in C:\Program Files\Winlogbeat on both servers and they match.

Any thoughts on what might be causing my issue? I can provide additional info if helpful.