Ok. Everything seemed to be working fine yesterday until I went to check out the dashboard. As soon as that tired to load, errors were thrown. Here are 2 entries from yesterday:
[2018-01-16 08:56:07,905][DEBUG][action.admin.indices.mapping.put] [Trader] failed to put mappings on indices [[logstash-corp_windows_events-2018-01-16]], type [corp_windows_events]
MapperParsingException[Field name [ MSSQLSvc/LAPTOP-test.ad.test.com] cannot contain '.']
at org.elasticsearch.index.mapper.object.ObjectMapper$TypeParser.parseProperties(ObjectMapper.java:277)
at org.elasticsearch.index.mapper.object.ObjectMapper$TypeParser.parseObjectOrDocumentTypeProperties(ObjectMapper.java:222)
at org.elasticsearch.index.mapper.object.RootObjectMapper$TypeParser.parse(RootObjectMapper.java:139)
at org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:118)
at org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:99)
at org.elasticsearch.index.mapper.MapperService.parse(MapperService.java:549)
at org.elasticsearch.cluster.metadata.MetaDataMappingService$PutMappingExecutor.applyRequest(MetaDataMappingService.java:257)
at org.elasticsearch.cluster.metadata.MetaDataMappingService$PutMappingExecutor.execute(MetaDataMappingService.java:230)
at org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:480)
at org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:784)
at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231)
at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[2018-01-16 08:56:07,908][DEBUG][action.bulk ] [Trader] [logstash-corp_windows_events-2018-01-16][0] failed to execute bulk item (index) index {[logstash-corp_windows_events-2018-01-16][corp_windows_events][AWD_QXRf6NbdXA05bjPG], source[{"EventTime":"2018-01-16 08:56:08","EventTimeWritten":"2018-01-16 08:56:08","Hostname":"domain","EventType":"AUDIT_SUCCESS","SeverityValue":2,"Severity":"INFO","SourceName":"Security","FileName":"Security","EventID":646,"CategoryNumber":7,"Category":"Account Management ","RecordNumber":1116245164,"Domain":"test","AccountName":"LAPTOP-test$","AccountType":"User","EventReceivedTime":"2018-01-16 08:56:09","SourceModuleName":"in","SourceModuleType":"im_mseventlog","@version":"1","@timestamp":"2018-01-16T13:56:09.265Z","host":"localhost","port":3690,"type":"corp_windows_events","tags":["Low"]," \tTarget Account Name":"LAPTOP-test$"," \tTarget Domain":"test"," \tTarget Account ID":"%{S-1-5-21-26028188-150678075-188441444-172184}"," \tCaller User Name":"LAPTOP-test$"," \tCaller Domain":"test"," \tCaller Logon ID":"(0x6,0xA572D774)"," \tPrivileges":"-"," \tSam Account Name":"-"," \tDisplay Name":"-"," \tUser Principal Name":"-"," \tHome Directory":"-"," \tHome Drive":"-"," \tScript Path":"-"," \tProfile Path":"-"," \tUser Workstations":"-"," \tPassword Last Set":"-"," \tAccount Expires":"-"," \tPrimary Group ID":"-"," \tAllowedToDelegateTo":"-"," \tOld UAC Value":"-"," \tNew UAC Value":"-"," \tUser Account Control":"-"," \tUser Parameters":"-"," \tSid History":"-"," \tLogon Hours":"-"," \tDNS Host Name":"-"," \tService Principal Names":"","\t\tMSSQLSvc/LAPTOzp-test.ad.test.com":"1433"}]}
MapperParsingException[Field name [ MSSQLSvc/LAPTOP-test.ad.test.com] cannot contain '.']
at org.elasticsearch.index.mapper.object.ObjectMapper$TypeParser.parseProperties(ObjectMapper.java:277)
at org.elasticsearch.index.mapper.object.ObjectMapper$TypeParser.parseObjectOrDocumentTypeProperties(ObjectMapper.java:222)
at org.elasticsearch.index.mapper.object.RootObjectMapper$TypeParser.parse(RootObjectMapper.java:139)
at org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:118)
at org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:99)
at org.elasticsearch.index.mapper.MapperService.parse(MapperService.java:549)
at org.elasticsearch.cluster.metadata.MetaDataMappingService$PutMappingExecutor.applyRequest(MetaDataMappingService.java:257)
at org.elasticsearch.cluster.metadata.MetaDataMappingService$PutMappingExecutor.execute(MetaDataMappingService.java:230)
at org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:480)
at org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:784)
at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231)
at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)