We just added winlogbeat data to our elasticsearch setup. But now kibana will not show any results for the winlogbeat-* index pattern. Dury the query elasticsearch reports:
[2019-02-27T07:56:51,417][DEBUG][o.e.a.s.TransportSearchAction] [riXPT11] [24219] Failed to execute fetch phase
org.elasticsearch.transport.RemoteTransportException: [riXPT11][127.0.0.1:9300][indices:data/read/search[phase/fetch/id]]
Caused by: java.lang.IllegalArgumentException: Field [event_data.DeviceTime] of type [keyword] does not support custom formats
at org.elasticsearch.index.mapper.MappedFieldType.docValueFormat(MappedFieldType.java:471) ~[elasticsearch-6.6.1.jar:6.6.1]
I checked the index template for winlogbeat-6.6.1-* and there is no entry for event_data.DeviceTime. Is that an oversight?