diff --git a/code/go/ecs/process.go b/code/go/ecs/process.go
index 2b05d0611b..3b7837d83a 100644
--- a/code/go/ecs/process.go
+++ b/code/go/ecs/process.go
@@ -40,7 +40,7 @@ type Process struct {
 
 	// Process arguments.
 	// May be filtered to protect sensitive information.
-	Args string `ecs:"args"`
+	Args []string `ecs:"args"`
 
 	// Absolute path to the process executable.
 	Executable string `ecs:"executable"`
diff --git a/scripts/cmd/gocodegen/gocodegen.go b/scripts/cmd/gocodegen/gocodegen.go
index 3f19acdca0..85638a02a2 100644
--- a/scripts/cmd/gocodegen/gocodegen.go
+++ b/scripts/cmd/gocodegen/gocodegen.go
@@ -269,6 +269,8 @@ func goDataType(fieldName, elasticsearchDataType string) string {
 	switch {
 	case fieldName == "duration" && elasticsearchDataType == "long":
 		return "time.Duration"
+	case fieldName == "args" && elasticsearchDataType == "keyword":
+		return "[]string"
 	}
 
 	switch elasticsearchDataType {