Configuration/Definitions/OSStartupShutdownDetailed.json

{
    "SearchDefinition": {
        "OSStartupShutdownDetailed": {
            "Events": {
                "Fields": {
                    "Computer": "Computer",
                    "StartTime": "Date",
                    "MachineName": "ObjectAffected",
                    "UserId": "SubjectUserSid",
                    "NoNameB3":"EventLevel",
                    "NoNameB4":"ShutdownDescription",
                    "NoNameB6": "EventAction",
                    "NoNameB5": "ShutdownCode",
                    "NoNameB7":"ShutdownComment",
                    "ID": "Event ID",
                    "RecordID": "Record ID",
                    "GatheredFrom": "Gathered From",
                    "GatheredLogName": "Gathered LogName"
                },
                "Ignore": {},
                "Events": [
                    1001,
                    1074
                ],
                "IgnoreWords": {},
                "LogName": "System",
                "Enabled": true
            },
            "Enabled": true
        }
    },
    "LogName": "WEC5-Operating-System"
}