Hello,
if i execute the “invoke-icingacheckeventlog” command on a windows server u always get unknown as a state result.
Example:
Invoke-IcingaCheckEventlog -LogName Application -after 6h -warning 10 -Critical 5
[UNKNOWN] Eventlog Application: 7 Unknown 1 Ok [UNKNOWN] Event source Desktop Window Manager, Event source edgeupdate, Event source Group Policy Scheduled Tasks, Event source Icinga for Windows Service, Event source Microsoft-Windows-Perflib, Event source Microsoft-Windows-Security-SPP, Event source SceCli
_ [UNKNOWN] Event source Desktop Window Manager
_ [UNKNOWN] Found 1 event(s) for event id 9027 in timeframe [01/20/2026 15:32:41] - [01/20/2026 15:32:41]
_ [UNKNOWN] Number of events found for Id 9027: Warning threshold range “10” is greater than Critical threshold range “5”
_ [UNKNOWN] Event source edgeupdate
_ [UNKNOWN] Found 1 event(s) for event id 0 in timeframe [01/20/2026 09:46:07] - [01/20/2026 09:46:07]
_ [UNKNOWN] Number of events found for Id 0: Warning threshold range “10” is greater than Critical threshold range “5”
_ [UNKNOWN] Event source Group Policy Scheduled Tasks
_ [UNKNOWN] Found 144 event(s) for event id 4096 in timeframe [01/20/2026 09:33:33] - [01/20/2026 15:29:39]
_ [UNKNOWN] Number of events found for Id 4096: Warning threshold range “10” is greater than Critical threshold range “5”
_ [UNKNOWN] Event source Icinga for Windows Service
_ [UNKNOWN] Found 4 event(s) for event id 0 in timeframe [01/20/2026 15:20:08] - [01/20/2026 15:20:26]
_ [UNKNOWN] Number of events found for Id 0: Warning threshold range “10” is greater than Critical threshold range “5”
_ [UNKNOWN] Event source Microsoft-Windows-Perflib
_ [UNKNOWN] Found 1440 event(s) for event id 1018 in timeframe [01/20/2026 09:33:00] - [01/20/2026 15:32:31]
_ [UNKNOWN] Number of events found for Id 1018: Warning threshold range “10” is greater than Critical threshold range “5”
_ [UNKNOWN] Found 174 event(s) for event id 1017 in timeframe [01/20/2026 09:32:58] - [01/20/2026 15:27:59]
_ [UNKNOWN] Number of events found for Id 1017: Warning threshold range “10” is greater than Critical threshold range “5”
_ [UNKNOWN] Found 2 event(s) for event id 2003 in timeframe [01/20/2026 09:38:32] - [01/20/2026 09:38:32]
_ [UNKNOWN] Number of events found for Id 2003: Warning threshold range “10” is greater than Critical threshold range “5”
_ [UNKNOWN] Event source Microsoft-Windows-Security-SPP
_ [UNKNOWN] Found 32 event(s) for event id 1003 in timeframe [01/20/2026 14:32:09] - [01/20/2026 14:33:53]
_ [UNKNOWN] Number of events found for Id 1003: Warning threshold range “10” is greater than Critical threshold range “5”
_ [UNKNOWN] Found 4 event(s) for event id 16384 in timeframe [01/20/2026 11:02:11] - [01/20/2026 14:34:24]
_ [UNKNOWN] Number of events found for Id 16384: Warning threshold range “10” is greater than Critical threshold range “5”
_ [UNKNOWN] Found 4 event(s) for event id 16394 in timeframe [01/20/2026 11:01:40] - [01/20/2026 14:33:51]
_ [UNKNOWN] Number of events found for Id 16394: Warning threshold range “10” is greater than Critical threshold range “5”
_ [UNKNOWN] Event source SceCli
_ [UNKNOWN] Found 1 event(s) for event id 1704 in timeframe [01/20/2026 12:04:00] - [01/20/2026 12:04:00]
_ [UNKNOWN] Number of events found for Id 1704: Warning threshold range “10” is greater than Critical threshold range “5”
| 0::ifw_eventlog::count=5c;;;; 1003::ifw_eventlog::count=32c;;;; 1017::ifw_eventlog::count=174c;;;; 1018::ifw_eventlog::count=1440c;;;; 16384::ifw_eventlog::count=4c;;;; 16394::ifw_eventlog::count=4c;;;; 1704::ifw_eventlog::count=1c;;;; 2003::ifw_eventlog::count=2c;;;; 4096::ifw_eventlog::count=144c;;;; 9027::ifw_eventlog::count=1c;;;;
3
Is this issue on my side?
