When you query Win32_NTLogEvent Windows Management Instrumentation (WMI) objects on a Windows 10-based computer, you notice the Message variable of the returned data is blank. However, the message in the associated event log entry is not blank when you view it in Event Viewer or by using the Get-EventLog cmdlet.
For example, to find the events objects that are affected by this issue, you run the following cmdlet in Windows PowerShell:
Get-WmiObject Win32_NTLogEvent -Filter "Logfile='Application'" | where {$_.Message -eq $null}
The object that has the issue may be displayed as the following:
Category : 0
CategoryString : None
EventCode : 1
EventIdentifier : 1
TypeEvent :
InsertionStrings : {iBtSiva, Siva worker starting}
LogFile : Application
Message :
RecordNumber : 37386
SourceName : iBtSiva
TimeGenerated : 20180625060719.205100-000
TimeWritten : 20180625060719.205100-000
Type : Information
UserName :
Then, you run the following cmdlet to display the associated event:
Get-EventLog -LogName Application -Index 37386 | fl
This cmdlet shows the following results:
Message Title
Index : 37386
EntryType : Information
InstanceId : 1
Message : The description for Event ID '1' in Source 'iBtSiva' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'iBtSiva', 'Siva worker starting'
Category : (0)
CategoryNumber : 0
ReplacementStrings : {iBtSiva, Siva worker starting}
Source : iBtSiva
TimeGenerated : 25/06/2018 08:07:19
TimeWritten : 25/06/2018 08:07:19
UserName :