After adding data from Windows event logs (system, security, application, setup), I only got one event for yesterday's date and only from one source "security log". Why is this and how should I troubleshoot the problem?
Have you tried searching all of the indexes:
index=*
By default the Windows TA's log to a wineventlog index. Only the main index is searched by default (unless you change it in the roles).
check on forwarder side there might be duplicate inputs.conf file that is sending data.
we had similar issues so find all inputs.conf on UF side and verify it.