diff --git a/decoders/0380-windows_decoders.xml b/decoders/0380-windows_decoders.xml
index 02220f840..096a630f3 100644
--- a/decoders/0380-windows_decoders.xml
+++ b/decoders/0380-windows_decoders.xml
@@ -89,11 +89,12 @@
   <parent>windows-date-format</parent>
   <type>web-log</type>
   <use_own_name>true</use_own_name>
-  <prematch offset="after_parent">^\S+ GET |^\S+ POST </prematch>
-  <regex offset="after_prematch">(\S+ \S*) \.* (\S+) \S*\.* (\d\d\d) \S+ \S+ \S+</regex>
-  <order>url,srcip,id</order>
+  <prematch offset="after_parent">^\S+ GET |^\S+ POST</prematch>
+  <regex offset="after_parent">^\S+ (\w+) (\S+ \S+) (\S+) \S+ (\S+) (\S+) \.*(\d\d\d) </regex>
+  <order>action, url, srcport, srcip, user_agent, id</order>
 </decoder>
 
+
 <!-- IIS 5 W3C FTP log format.
   - Examples:
   - #Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)