Docs

Release notes
Troubleshoot
Reference

Elastic fundamentals
Solutions and use cases
Manage data
Explore and analyze
Deploy and manage
Manage your Cloud account and preferences
Troubleshoot
Release notes
Reference
Extend and contribute
Contribute to the docs

Elasticsearch
Kibana
Cloud
Security
Observability
- Fields and object schemas
- Infrastructure metrics reference
Ingestion tools
Query languages
- QueryDSL
- ES|QL
- SQL
- EQL
- Kibana Query Language
Elastic Common Schema (ECS)
Machine learning
- Kibana anomaly detection job wizards
- ML function reference
Search UI
Glossary

View as Markdown
Report a docs issue
Edit this page
Learn how to contribute

Loading

Elastic Docs /
Reference /
Ingestion tools /
Beats /
Winlogbeat

Exported fields

Stack

This document describes the fields that are exported by Winlogbeat. They are grouped in the following categories:

Beat fields
Cloud provider metadata fields
Docker fields
ECS fields
Legacy Winlogbeat alias fields
Host fields
Jolokia Discovery autodiscover provider fields
Kubernetes fields
PowerShell module fields
Process fields
Security module fields
Sysmon module fields
Winlogbeat fields

Trademarks
Terms of Use
Privacy
Sitemap

© 2025 Elasticsearch B.V. All Rights Reserved.

This content is available in different formats for convenience only. All original licensing terms apply.

Elasticsearch is a trademark of Elasticsearch B.V., registered in the U.S. and in other countries. Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.