Module for Windows
perfmon
-
windows.perfmon.instance -
Instance value.
type: keyword
-
windows.perfmon.metrics.*.* -
Metric values returned.
type: object
service contains the status for Windows services.
-
windows.service.id -
A unique ID for the service. It is a hash of the machine’s GUID and the service name.
type: keyword
example: hW3NJFc1Ap
-
windows.service.name -
The service name.
type: keyword
example: Wecsvc
-
windows.service.display_name -
The display name of the service.
type: keyword
example: Windows Event Collector
-
windows.service.start_type -
The startup type of the service. The possible values are
Automatic,Boot,Disabled,Manual, andSystem.type: keyword
-
windows.service.start_name -
Account name under which a service runs.
type: keyword
example: NT AUTHORITY\LocalService
-
windows.service.path_name -
Fully qualified path to the file that implements the service, including arguments.
type: keyword
example: C:\WINDOWS\system32\svchost.exe -k LocalService -p
-
windows.service.state -
The actual state of the service. The possible values are
Continuing,Pausing,Paused,Running,Starting,Stopping, andStopped.type: keyword
-
windows.service.exit_code -
For
Stoppedservices this is the error code that service reports when starting to stopping. This will be the generic Windows service error code unless the service provides a service-specific error code.type: keyword
-
windows.service.pid -
For
Runningservices this is the associated process PID.type: long
example: 1092
-
windows.service.uptime.ms -
The service’s uptime specified in milliseconds.
type: long
format: duration
wmi