IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« vSphere fields ZooKeeper fields »
Elastic Docs Metricbeat Reference [7.6] Exported fields

Windows fields

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Windows fields

edit

Module for Windows

windows

edit

service

edit

service contains the status for Windows services.

windows.service.id

A unique ID for the service. It is a hash of the machine’s GUID and the service name.

type: keyword

example: hW3NJFc1Ap

windows.service.name

The service name.

type: keyword

example: Wecsvc

windows.service.display_name

The display name of the service.

type: keyword

example: Windows Event Collector

windows.service.start_type

The startup type of the service. The possible values are Automatic, Boot, Disabled, Manual, and System.

type: keyword

windows.service.start_name

Account name under which a service runs.

type: keyword

example: NT AUTHORITY\LocalService

windows.service.path_name

Fully qualified path to the file that implements the service, including arguments.

type: keyword

example: C:\WINDOWS\system32\svchost.exe -k LocalService -p

windows.service.state

The actual state of the service. The possible values are Continuing, Pausing, Paused, Running, Starting, Stopping, and Stopped.

type: keyword

windows.service.exit_code

For Stopped services this is the error code that service reports when starting to stopping. This will be the generic Windows service error code unless the service provides a service-specific error code.

type: keyword

windows.service.pid

For Running services this is the associated process PID.

type: long

example: 1092

windows.service.uptime.ms

The service’s uptime specified in milliseconds.

type: long

format: duration

« vSphere fields ZooKeeper fields »