Hi...
Winlogbeats is not able to read event from a win 2012 64 bit server. It was working fine and suddenly stopped.
2020-03-05T06:39:47.573-0500 WARN beater/eventlogger.go:108 EventLog[Microsoft-Windows-Sysmon/Operational] Open() error. No events will be read from this source. The specified channel could not be found. Check channel configuration.
2020-03-05T06:39:47.573-0500 DEBUG [publisher] pipeline/client.go:149 client: closing acker
2020-03-05T06:39:47.573-0500 DEBUG [publisher] pipeline/client.go:151 client: done closing acker
2020-03-05T06:39:47.573-0500 DEBUG [publisher] pipeline/client.go:155 client: cancelled 0 events
2020-03-05T06:39:47.575-0500 DEBUG [eventlog_detail] eventlog/wineventlog.go:346 WinEventLog[System] XML=<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7036</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2020-03-05T11:39:42.639012100Z'/><EventRecordID>281307</EventRecordID><Correlation/><Execution ProcessID='736' ThreadID='10016'/><Channel>System</Channel><Computer>hostname</Computer><Security/></System><EventData><Data Name='param1'>winlogbeat</Data><Data Name='param2'>stopped</Data><Binary>770069006E006C006F00670062006500610074002F0031000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>The winlogbeat service entered the stopped state.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event> Event={Provider:{Name:Service Control Manager GUID:{555908d1-a6d7-4695-8e1e-26931d2012f4} EventSourceName:Service Control Manager} EventIdentifier:{Qualifiers:16384 ID:7036} Version:0 LevelRaw:4 TaskRaw:0 OpcodeRaw:0 TimeCreated:{SystemTime:2020-03-05 11:39:42.6390121 +0000 UTC} RecordID:281307 Correlation:{ActivityID: RelatedActivityID:} Execution:{ProcessID:736 ThreadID:10016 ProcessorID:0 SessionID:0 KernelTime:0 UserTime:0 ProcessorTime:0} Channel:System Computer:hostname User:SID Identifier[] Name[] Domain[] Type[] EventData:{Pairs:[{Key:param1 Value:winlogbeat} {Key:param2 Value:stopped} {Key:Binary Value:770069006E006C006F00670062006500610074002F0031000000}]} UserData:{Name:{Space: Local:} Pairs:[]} Message:The winlogbeat service entered the stopped state. Level:Information Task: Opcode: Keywords:[Classic] RenderErrorCode:0 RenderErrorDataItemName: RenderErr:[]}
Sample error message
R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.