The index template is important because it controls how the data is indexed in Elasticsearch. It must be installed prior to sending any data to Elasticsearch. The index template is configured in your Elasticsearch cluster through a web request.
If you are not using Elasticsearch v5 then you need to get a copy of the index template that came with Winlogbeat 1.X and install that to Elasticsearch.
Do you have any other non-Windows machine that you can use? If so, then it is probably easier to just install the template from another machine using curl.
curl -XPUT http://elasticsearch:9200/_template/winlogbeat -d@/path/to/winlogbeat.template.json
If you had indexed any data prior to the template installation, then you need to delete all that data and reindex it:
curl -XDELETE http://elasticsearch:9200/winlogbeat-*- Stop Winlogbeat.
- Delete the .winlogbeat.yml registry file.
- Start Winlogbeat