The information in this article only applies to uberAgent versions <= 4.2. Deleting registry keys is not necessary any more with uberAgent 5.0.
uberAgent keeps track of which event log records it has processed by storing the last event's record ID. When you upgrade Windows, e.g. from Windows 8 to Windows 10 or from Windows 10 1607 to Windows 10 1703, record IDs are reset, so that events on the new OS have much smaller record IDs than events on the old OS.
This causes uberAgent to ignore any new incoming events. As a consequence, features that rely on data from the Windows event logs do not work correctly anymore. This primarily affects logon monitoring.
To resolve this issue delete uberAgent's record ID cache.
The cache is located in the following registry key:
After deleting above key restart the uberAgent service.