diff --git a/logstash/pipelines/beats/11_beats_logs.conf b/logstash/pipelines/beats/11_beats_logs.conf
index 868c77293..cf91d814c 100644
--- a/logstash/pipelines/beats/11_beats_logs.conf
+++ b/logstash/pipelines/beats/11_beats_logs.conf
@@ -1013,10 +1013,19 @@ filter {
         mutate { id => "mutate_beats_evtx_error_description_to_result"
                  merge => { "[event][result]" => "[evtx][Event][EventData][Error_Description]" } }
       }
-    } else if ([evtx][Event][EventData][Error_Code]) {
+    }
+    if ([evtx][Event][EventData][Result]) {
+      mutate { id => "mutate_beats_evtx_result_to_result"
+               merge => { "[event][result]" => "[evtx][Event][EventData][Result]" } }
+    }
+    if ([evtx][Event][EventData][Error_Code]) {
       mutate { id => "mutate_beats_evtx_error_code_to_result"
                merge => { "[event][result]" => "[evtx][Event][EventData][Error_Code]" } }
     }
+    if ([evtx][Event][EventData][error_Code]) {
+      mutate { id => "mutate_beats_evtx_error_code_lc_to_result"
+               merge => { "[event][result]" => "[evtx][Event][EventData][error_Code]" } }
+    }
 
     # store the original computer name as host.name as it's probably what people will want to search by
     if ([miscbeat][winlog][Computer]) {