Do you mean that Elasticsearch is running on your linux server, and that you are pointing the topbeat instance on your windows machine to it?
Yes, elasticsearch 5.1 is running on my linux server and topbeat1.2 instance on my windows machine is pointing to elasticsearch 5.1 on linux machine.
Are you using Logstash to index the data from topbeat, or did you configure it to dump directly into Elasticsearch?
No, I am not using logstash to index the data from topbeat, I configured it to dump directly into elasticsearch 5.1 on linux machine
If you are dumping directly into elasticsearch, I don't think that you need to manually load the index template.
If you don't manually load the index template, how would you ensure the datatypes?
Related to my earlier question. Are you sure that there are actual documents indexed with data for these fields?
Yes
@Stacey_Gammon
Thanks, I tried your link and it worked.
I read the documentation and it says like that
Going by the documentation,
You can reload the index fields list to pick up any newly-added fields.
I manually loaded the index template for topbeat-* index.
I found that in topbeat.template.json all the fields which were non-searchable and non-aggregatable were present in it. So, these fields were not newly-added, they were already present.
So, what happended when I pressed the Reload button, that made kibana to recognise these fields as searchable and aggregatable??