Windows fieldsedit

[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Module for Windows

windows fieldsedit

service fieldsedit

service contains the status for Windows services.

windows.service.idedit

type: keyword

example: hW3NJFc1Ap

A unique ID for the service. It is a hash of the machine’s GUID and the service name.

windows.service.nameedit

type: keyword

example: Wecsvc

The service name.

windows.service.display_nameedit

type: keyword

example: Windows Event Collector

The display name of the service.

windows.service.start_typeedit

type: keyword

The startup type of the service. The possible values are Automatic, Boot, Disabled, Manual, and System.

windows.service.stateedit

type: keyword

The actual state of the service. The possible values are Continuing, Pausing, Paused, Running, Starting, Stopping, and Stopped.

windows.service.exit_codeedit

type: keyword

For Stopped services this is the error code that service reports when starting to stopping. This will be the generic Windows service error code unless the service provides a service-specific error code.

windows.service.pidedit

type: long

example: 1092

For Running services this is the associated process PID.

windows.service.uptime.msedit

type: long

format: duration

The service’s uptime specified in milliseconds.