diff --git a/plugins/windows_dhcp.yaml b/plugins/windows_dhcp.yaml
new file mode 100644
index 00000000..c990010a
--- /dev/null
+++ b/plugins/windows_dhcp.yaml
@@ -0,0 +1,41 @@
+# Plugin Info
+version: 0.0.1
+title: Windows DHCP
+description: Log parser for Windows DHCP
+parameters:
+  file_path:
+    label: Log Path
+    description: The absolute path to the Microsoft IIS logs. Simple globbing can be used to collect multiple log files
+    type: string
+    default: "C:/Windows/System32/dhcp/DhcpSrvLog-*.log"
+  start_at:
+    label: Start At
+    description: Start reading file from 'beginning' or 'end'
+    type: enum
+    valid_values:
+      - beginning
+      - end
+    default: end
+
+# Set Defaults
+{{$file_path := default "C:/Windows/System32/dhcp/DhcpSrvLog-*.log" .file_path}}
+{{$start_at := default "end" .start_at}}
+
+# Pipeline Template
+pipeline:
+  - id: windows_dhcp_input
+    type: file_input
+    include:
+      - {{ $file_path }}
+    start_at: {{ $start_at }}
+    labels:
+      log_type: windows_dhcp
+    output: windows_dhcp_parser
+
+  - id: windows_dhcp_parser
+    type: regex_parser
+    regex: '^(?P<id>\d+),(?P<timestamp>\d{2}\/\d{2}\/\d{2},\d{2}:\d{2}:\d{2}),(?P<description>[^,]+),(?P<ip_address>[^,]*),(?P<hostname>[^,]*),(?P<mac_address>[^,]*),(?P<username>[^,]*),(?P<transaction_id>[^,]*),(?P<q_result>[^,]*),(?P<probation_time>[^,]*),(?P<correlation_id>[^,]*),(?P<dhc_id>[^,]*),(?P<vendor_class_hex>[^,]*),(?P<vendor_class_ascii>[^,]*),(?P<user_Class_hex>[^,]*),(?P<user_class_ascii>[^,]*),(?P<relay_agent_info>[^,]*),(?P<dns_reg_error>[^,]*)'
+    timestamp:
+      parse_from: timestamp
+      layout: '%m/%d/%y,%H:%M:%S'
+    output: {{.output}}