diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml
index a70d4d1a2..07bef1889 100644
--- a/tools/config/winlogbeat-modules-enabled.yml
+++ b/tools/config/winlogbeat-modules-enabled.yml
@@ -84,7 +84,7 @@ fieldmappings:
   CallingProcessName: winlog.event_data.CallingProcessName
   CallTrace: winlog.event_data.CallTrace
   Channel: winlog.channel
-  CommandLine: process.args
+  CommandLine: process.command_line
   ComputerName: winlog.ComputerName
   CurrentDirectory: process.working_directory
   Description: winlog.event_data.Description
@@ -125,7 +125,7 @@ fieldmappings:
   ObjectName: winlog.event_data.ObjectName
   ObjectType: winlog.event_data.ObjectType
   ObjectValueName: winlog.event_data.ObjectValueName
-  ParentCommandLine: process.parent.args
+  ParentCommandLine: process.parent.command_line
   ParentProcessName: process.parent.name
   ParentImage: process.parent.executable
   Path: winlog.event_data.Path