topic Windows Event Log: Why am I getting a FormatMessage error? in Splunk Enterprise https://community.splunk.com/t5/Splunk-Enterprise/Windows-Event-Log-Why-am-I-getting-a-FormatMessage-error/m-p/587900#M11767 <P>Hi,</P> <P>after a Windows system crash of the raid controller, I only get empty reports.&nbsp; I moved the installation to a VM and everything looked good... But: empty dashboard reports!</P> <P>Getting data from the windows eventlogs into splunk still works, but most entries have this problem:</P> <P><FONT face="courier new,courier">Message=Splunk could not get the description for this event. Either the component that raises this event is not installed on your local computer or the installation is corrupt.</FONT></P> <P><FONT face="courier new,courier"><SPAN class="">FormatMessage</SPAN> <SPAN class="">error...</SPAN></FONT></P> <P>I checked&nbsp;wecutil gs and I found, it was set to "rendered text" for both of my subscriptions. I've set it back to "events" but still no luck. Restart of the service: not luck.</P> <P>I'm running SPLUNK Enterprise 8.2.5 on Windows Server 2016.</P> <P>Any hints are highly appreciated!</P> <P>Best, EL</P> Wed, 09 Mar 2022 18:48:08 GMT EL 2022-03-09T18:48:08Z Windows Event Log: Why am I getting a FormatMessage error? https://community.splunk.com/t5/Splunk-Enterprise/Windows-Event-Log-Why-am-I-getting-a-FormatMessage-error/m-p/587900#M11767 <P>Hi,</P> <P>after a Windows system crash of the raid controller, I only get empty reports.&nbsp; I moved the installation to a VM and everything looked good... But: empty dashboard reports!</P> <P>Getting data from the windows eventlogs into splunk still works, but most entries have this problem:</P> <P><FONT face="courier new,courier">Message=Splunk could not get the description for this event. Either the component that raises this event is not installed on your local computer or the installation is corrupt.</FONT></P> <P><FONT face="courier new,courier"><SPAN class="">FormatMessage</SPAN> <SPAN class="">error...</SPAN></FONT></P> <P>I checked&nbsp;wecutil gs and I found, it was set to "rendered text" for both of my subscriptions. I've set it back to "events" but still no luck. Restart of the service: not luck.</P> <P>I'm running SPLUNK Enterprise 8.2.5 on Windows Server 2016.</P> <P>Any hints are highly appreciated!</P> <P>Best, EL</P> Wed, 09 Mar 2022 18:48:08 GMT https://community.splunk.com/t5/Splunk-Enterprise/Windows-Event-Log-Why-am-I-getting-a-FormatMessage-error/m-p/587900#M11767 EL 2022-03-09T18:48:08Z