docs/reference/metricbeat/exported-fields-windows.md
% This file is generated! See dev-tools/mage/generate_fields_docs.go
Module for Windows
perfmon
windows.perfmon.instance
: Instance value.
type: keyword
windows.perfmon.metrics.*.*
: Metric values returned.
type: object
service contains the status for Windows services.
windows.service.id
: A unique ID for the service. It is a hash of the machine's GUID and the service name.
type: keyword
example: hW3NJFc1Ap
windows.service.name
: The service name.
type: keyword
example: Wecsvc
windows.service.display_name
: The display name of the service.
type: keyword
example: Windows Event Collector
windows.service.start_type
: The startup type of the service. The possible values are Automatic, Boot, Disabled, Manual, and System.
type: keyword
windows.service.start_name
: Account name under which a service runs.
type: keyword
example: NT AUTHORITY\LocalService
windows.service.path_name
: Fully qualified path to the file that implements the service, including arguments.
type: keyword
example: C:\WINDOWS\system32\svchost.exe -k LocalService -p
windows.service.state
: The actual state of the service. The possible values are Continuing, Pausing, Paused, Running, Starting, Stopping, and Stopped.
type: keyword
windows.service.exit_code
: For Stopped services this is the error code that service reports when starting to stopping. This will be the generic Windows service error code unless the service provides a service-specific error code.
type: keyword
windows.service.pid
: For Running services this is the associated process PID.
type: long
example: 1092
windows.service.uptime.ms
: The service's uptime specified in milliseconds.
type: long
format: duration
stack: beta 9.1.0
wmi