Windows fieldsedit

Module for Windows



service contains the status for Windows services.

A unique ID for the service. It is a hash of the machine’s GUID and the service name.

type: keyword

example: hW3NJFc1Ap

The service name.

type: keyword

example: Wecsvc


The display name of the service.

type: keyword

example: Windows Event Collector


The startup type of the service. The possible values are Automatic, Boot, Disabled, Manual, and System.

type: keyword


Account name under which a service runs.

type: keyword

example: NT AUTHORITY\LocalService


Fully qualified path to the file that implements the service, including arguments.

type: keyword

example: C:\WINDOWS\system32\svchost.exe -k LocalService -p


The actual state of the service. The possible values are Continuing, Pausing, Paused, Running, Starting, Stopping, and Stopped.

type: keyword


For Stopped services this is the error code that service reports when starting to stopping. This will be the generic Windows service error code unless the service provides a service-specific error code.

type: keyword

For Running services this is the associated process PID.

type: long

example: 1092

The service’s uptime specified in milliseconds.

type: long

format: duration