In NetWitness UI, Admin > Endpoint Sources, Policies tab Click on the problem policy for the Windows Event Logs collection. Look to the right at the displayed Channel Filter Settings and try determine if there is an error, or if it is not configured.
The below example shows on the right there is no Windows channel included in the configuration of the "Windows" policy name, which will cause the observed error.
Edit the Endpoint policy for Windows Event Logs in NW UI, Admin > Endpoint Sources, Policies tab Make sure the "Channel Filters" option is included in the policy, and that at least one channel has been selected. Publish Policy.
The below example shows on the right the "System" channel has been added to the Windows policy.