WARNING: Version 6.2 of Metricbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Windows fields
editWindows fields
edit[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Module for Windows
windows fields
editservice fields
editservice contains the status for Windows services.
windows.service.id
edittype: keyword
example: hW3NJFc1Ap
A unique ID for the service. It is a hash of the machine’s GUID and the service name.
windows.service.name
edittype: keyword
example: Wecsvc
The service name.
windows.service.display_name
edittype: keyword
example: Windows Event Collector
The display name of the service.
windows.service.start_type
edittype: keyword
The startup type of the service. The possible values are Automatic, Boot, Disabled, Manual, and System.
windows.service.state
edittype: keyword
The actual state of the service. The possible values are Continuing, Pausing, Paused, Running, Starting, Stopping, and Stopped.
windows.service.exit_code
edittype: keyword
For Stopped services this is the error code that service reports when starting to stopping. This will be the generic Windows service error code unless the service provides a service-specific error code.
windows.service.pid
edittype: long
example: 1092
For Running services this is the associated process PID.
windows.service.uptime.ms
edittype: long
format: duration
The service’s uptime specified in milliseconds.