NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.

« Cloud provider metadata fields Docker fields »
Elastic Docs Winlogbeat Reference [6.8] Exported fields

Common Winlogbeat fields

edit

Common Winlogbeat fields

edit

Contains common fields available in all event types.

type

required: True

The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. The Event Logging API was designed for Windows Server 2003 or Windows 2000 operating systems. In Windows Vista, the event logging infrastructure was redesigned. On Windows Vista or later operating systems, the Windows Event Log API is used. Winlogbeat automatically detects which API to use for reading event logs.

« Cloud provider metadata fields Docker fields »