It looks like you are using the Winlogbeat 5.0.0-alpha1 with Elasticsearch 1.x or 2.x? There is an incompatibility with the winlogbeat.template.json index template provided in Winlogbeat v5 and earlier versions of Elasticsearch because the template uses the text keyword that was introduced in ES v5.
To continue to use Winlogbeat 5.x with ES 1.x or 2.x you'll need to grab the index template provided in Winlogbeat 1.x and install it to ES.
Cleanup:
- Stop Winlogbeat.
- Delete the .winlogbeat.yml registry file so that it reindexes your data when it restarts.
- Delete any data in your index.
curl -XDELETE http://es:9200/winlogbeat-* - Delete the current mapping.
curl -XDELETE http://es:9200/_template/winlogbeat
Install 1.x index template:
- Replace the file you have at
F:/Winlogbeat/Winlogbeat/winlogbeat.template.jsonwith the file from Winlogbeat 1.X. - Start Winlogbeat and it should install the template to ES for you.
In your config I would set overwrite: false. I think it's better for you to be in control of changes to the index template.