diff --git a/winlogbeat/_meta/fields.yml b/winlogbeat/_meta/fields.yml
index 27499cb4083..cbae8b3a9f8 100644
--- a/winlogbeat/_meta/fields.yml
+++ b/winlogbeat/_meta/fields.yml
@@ -10,6 +10,13 @@
         "wineventlog" for the Windows Event Log API or "eventlogging" for the
         Event Logging API.
 
+        The Event Logging API was designed for Windows Server 2003
+        or Windows 2000 operating systems. In Windows Vista, the event logging
+        infrastructure was redesigned. On Windows Vista or later operating
+        systems, the Windows Event Log API is used. Winlogbeat automatically
+        detects which API to use for reading event logs.
+
+
 - key: eventlog
   title: Event log record
   description: >