Within Kibana, I had configured the logstash_writer role with the logstash-* index, which if I am not mistaken should be winlogbeat-* with write, delete and create_index privileges. Once I made this change it seemed like my cluster came screaching to a halt, so from devtools I ran DELETE _all to clear everything out. Now I'm at the point of creating a new index, which when I enter "winlogbeat-*" to create the index Kibana doesn't find anything, so winlogbeat logs do not look like they are making it there.
Below is from the ES log...
[2017-04-24T10:52:57,034][INFO ][o.e.l.LicenseService ] [TbK7VUK] license [b3033b96-6eae-4a0f-b5c2-d679c132dc16] mode [gold] - valid
[2017-04-24T10:52:57,050][INFO ][o.e.g.GatewayService ] [TbK7VUK] recovered [949] indices into cluster_state
[2017-04-24T10:53:29,269][DEBUG][o.e.a.a.i.m.p.TransportPutMappingAction] [TbK7VUK] failed to put mappings on indices [[[.security_audit_log-2017.04.24/hPBp6lvaQyOOGdUZHrtwpQ]]], type [event]
org.elasticsearch.cluster.metadata.ProcessClusterEventTimeoutException: failed to process cluster event (put-mapping) within 30s
at org.elasticsearch.cluster.service.ClusterService.lambda$onTimeout$4(ClusterService.java:497) ~[elasticsearch-5.3.0.jar:5.3.0]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:544) [elasticsearch-5.3.0.jar:5.3.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
[2017-04-24T10:53:41,519][DEBUG][o.e.a.a.i.m.p.TransportPutMappingAction] [TbK7VUK] failed to put mappings on indices [[[winlogbeat-2017.04.24/whgl8QHXQO6_bnFKLWJH5Q]]], type [wineventlog]
org.elasticsearch.cluster.metadata.ProcessClusterEventTimeoutException: failed to process cluster event (put-mapping) within 30s
at org.elasticsearch.cluster.service.ClusterService.lambda$onTimeout$4(ClusterService.java:497) ~[elasticsearch-5.3.0.jar:5.3.0]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:544) [elasticsearch-5.3.0.jar:5.3.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
[2017-04-24T10:54:12,864][DEBUG][o.e.a.a.i.m.p.TransportPutMappingAction] [TbK7VUK] failed to put mappings on indices [[[winlogbeat-2017.04.24/whgl8QHXQO6_bnFKLWJH5Q]]], type [wineventlog]
org.elasticsearch.cluster.metadata.ProcessClusterEventTimeoutException: failed to process cluster event (put-mapping) within 30s
at org.elasticsearch.cluster.service.ClusterService.lambda$onTimeout$4(ClusterService.java:497) ~[elasticsearch-5.3.0.jar:5.3.0]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:544) [elasticsearch-5.3.0.jar:5.3.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
[2017-04-24T10:55:15,552][DEBUG][o.e.a.a.i.m.p.TransportPutMappingAction] [TbK7VUK] failed to put mappings on indices [[[winlogbeat-2017.04.24/whgl8QHXQO6_bnFKLWJH5Q]]], type [wineventlog]
org.elasticsearch.cluster.metadata.ProcessClusterEventTimeoutException: failed to process cluster event (put-mapping) within 30s
at org.elasticsearch.cluster.service.ClusterService.lambda$onTimeout$4(ClusterService.java:497) ~[elasticsearch-5.3.0.jar:5.3.0]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:544) [elasticsearch-5.3.0.jar:5.3.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
[2017-04-24T10:55:46,881][DEBUG][o.e.a.a.i.m.p.TransportPutMappingAction] [TbK7VUK] failed to put mappings on indices [[[winlogbeat-2017.04.24/whgl8QHXQO6_bnFKLWJH5Q]]], type [wineventlog]