Windows fields

edit

Module for Windows

windows fields

edit

service fields

edit

service contains the status for Windows services.

windows.service.id

type: keyword

example: hW3NJFc1Ap

A unique ID for the service. It is a hash of the machine’s GUID and the service name.

windows.service.name

type: keyword

example: Wecsvc

The service name.

windows.service.display_name

type: keyword

example: Windows Event Collector

The display name of the service.

windows.service.start_type

type: keyword

The startup type of the service. The possible values are Automatic, Boot, Disabled, Manual, and System.

windows.service.state

type: keyword

The actual state of the service. The possible values are Continuing, Pausing, Paused, Running, Starting, Stopping, and Stopped.

windows.service.exit_code

type: keyword

For Stopped services this is the error code that service reports when starting to stopping. This will be the generic Windows service error code unless the service provides a service-specific error code.

windows.service.pid

type: long

example: 1092

For Running services this is the associated process PID.

windows.service.uptime.ms

type: long

format: duration

The service’s uptime specified in milliseconds.