Common Beat Fieldsedit

Contains common fields available in all event types.

beat.nameedit

The name of the Beat sending the log messages. If the shipper name is set in the configuration file, then that value is used. If it is not set, the hostname is used.

beat.hostnameedit

The hostname as returned by the operating system on which the Beat is running.

@timestampedit

type: date

example: 2015-01-24 14:06:05.071000

format: YYYY-MM-DDTHH:MM:SS.milliZ

required: True

The timestamp when the event log record was generated.

typeedit

required: True

The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. The Event Logging API was designed for Windows Server 2003, Windows XP, or Windows 2000 operating systems. In Windows Vista, the event logging infrastructure was redesigned. On Windows Vista or later operating systems, the Windows Event Log API is used. Winlogbeat automatically detects which API to use for reading event logs.

countedit

type: int

required: True

The number of event log records represented in the event. This field is always set to 1.