- Winlogbeat Reference: other versions:
- Overview
- Contributing to Beats
- Getting Started With Winlogbeat
- Setting up and running Winlogbeat
- Upgrading Winlogbeat
- Configuring Winlogbeat
- Set up Winlogbeat
- Specify general settings
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and Enhance the exported data
- Parse logs by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Set up logging
- Use environment variables in the configuration
- YAML tips and gotchas
- winlogbeat.reference.yml
- Exported fields
- Securing Winlogbeat
- Troubleshooting
WARNING: Version 6.1 of Winlogbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Beat fields
editBeat fields
editContains common beat fields available in all event types.
beat.name
editThe name of the Beat sending the log messages. If the Beat name is set in the configuration file, then that value is used. If it is not set, the hostname is used. To set the Beat name, use the name option in the configuration file.
beat.hostname
editThe hostname as returned by the operating system on which the Beat is running.
beat.timezone
editThe timezone as returned by the operating system on which the Beat is running.
beat.version
editThe version of the beat that generated this event.
@timestamp
edittype: date
example: August 26th 2016, 12:35:53.332
format: date
required: True
The timestamp when the event log record was generated.
tags
editArbitrary tags that can be set per Beat and per transaction type.
fields
edittype: object
Contains user configurable fields.
error fields
editError fields containing additional info in case of errors.
error.message
edittype: text
Error message.
error.code
edittype: long
Error code.
error.type
edittype: keyword
Error type.
On this page