I am trying to use eland with winlogbeat that has 800+ fields. I don't really want to specify which fields I am interested in looking at, since the use case for it is exploratory analysis.
Elasticsearch error: {'index': 'winlogbeat-*', 'size': 5, 'sort': '_doc:desc', 'body': {}, '_source': ['@timestamp', 'agent.ephemeral_id', 'agent.hostname', 'agent.id', 'agent.name', 'agent.type', 'agent.version', 'as.number', 'as.organization.name', 'blocked-user-policy.username', 'blocked-user-policy.username_blocked', 'client.address', 'client.as.number', 'client.as.organization.name', 'client.bytes', 'client.domain', 'client.geo.city_name', 'client.geo.continent_name', 'client.geo.country_iso_code', 'client.geo.country_name', 'client.geo.location', 'client.geo.name', 'client.geo.region_iso_code', 'client.geo.region_name', 'client.ip', 'client.mac', 'client.nat.ip', 'client.nat.port', 'client.packets', 'client.port', 'client.registered_domain', 'client.top_level_domain', 'client.user.domain', 'client.user.email', 'client.user.full_name', 'client.user.group.domain', 'client.user.group.id', 'client.user.group.name', 'client.user.hash', 'client.user.id', 'client.user.name', 'cloud.account.id', 'cloud.availability_zone', 'cloud.image.id', 'cloud.instance.id', 'cloud.instance.name', 'cloud.machine.type', 'cloud.project.id', 'cloud.provider', 'cloud.region', 'container.id', 'container.image.name', 'container.image.tag', 'container.name', 'container.runtime', 'destination.address', 'destination.as.number', 'destination.as.organization.name', 'destination.bytes', 'destination.domain', 'destination.geo.city_name', 'destination.geo.continent_name', 'destination.geo.country_iso_code', 'destination.geo.country_name', 'destination.geo.location', 'destination.geo.name', 'destination.geo.region_iso_code', 'destination.geo.region_name', 'destination.ip', 'destination.mac', 'destination.nat.ip', 'destination.nat.port', 'destination.packets', 'destination.port', 'destination.registered_domain', 'destination.top_level_domain', 'destination.user.domain', 'destination.user.email', 'destination.user.full_name', 'destination.user.group.domain', 'destination.user.group.id', 'destination.user.group.name', 'destination.user.hash', 'destination.user.id', 'destination.user.name', 'dns.answers.class', 'dns.answers.data', 'dns.answers.name', 'dns.answers.ttl', 'dns.answers.type', 'dns.header_flags', 'dns.id', 'dns.op_code', 'dns.question.class', 'dns.question.name', 'dns.question.registered_domain', 'dns.question.subdomain', 'dns.question.top_level_domain', 'dns.question.type', 'dns.resolved_ip', 'dns.response_code', 'dns.type', 'ecs.version', 'error.code', 'error.id', 'error.message', 'error.stack_trace', 'error.type', 'event.action', 'event.category', 'event.code', 'event.created', 'event.dataset', 'event.duration', 'event.end', 'event.hash', 'event.id', 'event.ingested', 'event.kind', 'event.module', 'event.original', 'event.outcome', 'event.provider', 'event.risk_score', 'event.risk_score_norm', 'event.sequence', 'event.severity', 'event.start', 'event.timezone', 'event.type', 'file.accessed', 'file.attributes', 'file.created', 'file.ctime', 'file.device', 'file.directory', 'file.drive_letter', 'file.extension', 'file.gid', 'file.group', 'file.hash.md5', 'file.hash.sha1', 'file.hash.sha256', 'file.hash.sha512', 'file.inode', 'file.mode', 'file.mtime', 'file.name', 'file.owner', 'file.path', 'file.size', 'file.target_path', 'file.type', 'file.uid', 'geo.city_name', 'geo.continent_name', 'geo.country_iso_code', 'geo.country_name', 'geo.location', 'geo.name', 'geo.region_iso_code', 'geo.region_name', 'group.domain', 'group.id', 'group.name', 'hash.imphash', 'hash.md5', 'hash.sha1', 'hash.sha256', 'hash.sha512', 'host.architecture', 'host.containerized', 'host.domain', 'host.geo.city_name', 'host.geo.continent_name', 'host.geo.country_iso_code', 'host.geo.country_name', 'host.geo.location', 'host.geo.name', 'host.geo.region_iso_code', 'host.geo.region_name', 'host.hostname', 'host.id', 'host.ip', 'host.mac', 'host.name', 'host.os.build', 'host.os.codename', 'host.os.family', 'host.os.full', 'host.os.kernel', 'host.os.name', 'host.os.platform', 'host.os.version', 'host.type', 'host.uptime', 'host.user.domain', 'host.user.email', 'host.user.full_name', 'host.user.group.domain', 'host.user.group.id', 'host.user.group.name', 'host.user.hash', 'host.user.id', 'host.user.name', 'http.request.body.bytes', 'http.request.body.content', 'http.request.bytes', 'http.request.method', 'http.request.referrer', 'http.response.body.bytes', 'http.response.body.content', 'http.response.bytes', 'http.response.status_code', 'http.version', 'jolokia.agent.id', 'jolokia.agent.version', 'jolokia.secured', 'jolokia.server.product', 'jolokia.server.vendor', 'jolokia.server.version', 'jolokia.url', 'kubernetes.container.image', 'kubernetes.container.name', 'kubernetes.deployment.name', 'kubernetes.namespace', 'kubernetes.node.name', 'kubernetes.pod.name', 'kubernetes.pod.uid', 'kubernetes.replicaset.name', 'kubernetes.statefulset.name', 'log.file.path', 'log.level', 'log.logger', 'log.origin.file.line', 'log.origin.file.name', 'log.origin.function', 'log.original', 'log.syslog.facility.code', 'log.syslog.facility.name', 'log.syslog.priority', 'log.syslog.severity.code', 'log.syslog.severity.name', 'message', 'mitre.technique.id', 'mitre.technique.name', 'network.application', 'network.bytes', 'network.community_id', 'network.direction', 'network.forwarded_ip', 'network.iana_number', 'network.name', 'network.packets', 'network.protocol', 'network.transport', 'network.type', 'observer.geo.city_name', 'observer.geo.continent_name', 'observer.geo.country_iso_code', 'observer.geo.country_name', 'observer.geo.location', 'observer.geo.name', 'observer.geo.region_iso_code', 'observer.geo.region_name', 'observer.hostname', 'observer.ip', 'observer.mac', 'observer.name', 'observer.os.family', 'observer.os.full', 'observer.os.kernel', 'observer.os.name', 'observer.os.platform', 'observer.os.version', 'observer.product', 'observer.serial_number', 'observer.type', 'observer.vendor', 'observer.version', 'organization.id', 'organization.name', 'os.family', 'os.full', 'os.kernel', 'os.name', 'os.platform', 'os.version', 'package.architecture', 'package.build_version', 'package.checksum', 'package.description', 'package.install_scope', 'package.installed', 'package.license', 'package.name', 'package.path', 'package.reference', 'package.size', 'package.type', 'package.version', 'policy.username', 'policy.username_blocked', 'process.args', 'process.args_count', 'process.command_line', 'process.entity_id', 'process.executable', 'process.exit_code', 'process.hash.md5', 'process.hash.sha1', 'process.hash.sha256', 'process.hash.sha512', 'process.name', 'process.parent.args', 'process.parent.args_count', 'process.parent.command_line', 'process.parent.entity_id', 'process.parent.executable', 'process.parent.exit_code', 'process.parent.name', 'process.parent.pgid', 'process.parent.pid', 'process.parent.ppid', 'process.parent.start', 'process.parent.thread.id', 'process.parent.thread.name', 'process.parent.title', 'process.parent.uptime', 'process.parent.working_directory', 'process.pgid', 'process.pid', 'process.ppid', 'process.start', 'process.thread.id', 'process.thread.name', 'process.title', 'process.uptime', 'process.working_directory', 'registry.data.bytes', 'registry.data.strings', 'registry.data.type', 'registry.hive', 'registry.key', 'registry.path', 'registry.value', 'related.ip', 'related.user', 'rule.category', 'rule.description', 'rule.id', 'rule.name', 'rule.reference', 'rule.ruleset', 'rule.uuid', 'rule.version', 'server.address', 'server.as.number', 'server.as.organization.name', 'server.bytes', 'server.domain', 'server.geo.city_name', 'server.geo.continent_name', 'server.geo.country_iso_code', 'server.geo.country_name', 'server.geo.location', 'server.geo.name', 'server.geo.region_iso_code', 'server.geo.region_name', 'server.ip', 'server.mac', 'server.nat.ip', 'server.nat.port', 'server.packets', 'server.port', 'server.registered_domain', 'server.top_level_domain', 'server.user.domain', 'server.user.email', 'server.user.full_name', 'server.user.group.domain', 'server.user.group.id', 'server.user.group.name', 'server.user.hash', 'server.user.id', 'server.user.name', 'service.ephemeral_id', 'service.id', 'service.name', 'service.node.name', 'service.state', 'service.type', 'service.version', 'source.address', 'source.as.number', 'source.as.organization.name', 'source.bytes', 'source.domain', 'source.geo.city_name', 'source.geo.continent_name', 'source.geo.country_iso_code', 'source.geo.country_name', 'source.geo.location', 'source.geo.name', 'source.geo.region_iso_code', 'source.geo.region_name', 'source.ip', 'source.mac', 'source.nat.ip', 'source.nat.port', 'source.packets', 'source.port', 'source.registered_domain', 'source.top_level_domain', 'source.user.domain', 'source.user.email', 'source.user.full_name', 'source.user.group.domain', 'source.user.group.id', 'source.user.group.name', 'source.user.hash', 'source.user.id', 'source.user.name', 'sysmon.dns.status', 'tags', 'threat.framework', 'threat.tactic.id', 'threat.tactic.name', 'threat.tactic.reference', 'threat.technique.id', 'threat.technique.name', 'threat.technique.reference', 'timeseries.instance', 'tls.cipher', 'tls.client.certificate', 'tls.client.certificate_chain', 'tls.client.hash.md5', 'tls.client.hash.sha1', 'tls.client.hash.sha256', 'tls.client.issuer', 'tls.client.ja3', 'tls.client.not_after', 'tls.client.not_before', 'tls.client.server_name', 'tls.client.subject', 'tls.client.supported_ciphers', 'tls.curve', 'tls.established', 'tls.next_protocol', 'tls.resumed', 'tls.server.certificate', 'tls.server.certificate_chain', 'tls.server.hash.md5', 'tls.server.hash.sha1', 'tls.server.hash.sha256', 'tls.server.issuer', 'tls.server.ja3s', 'tls.server.not_after', 'tls.server.not_before', 'tls.server.subject', 'tls.version', 'tls.version_protocol', 'tracing.trace.id', 'tracing.transaction.id', 'url.domain', 'url.extension', 'url.fragment', 'url.full', 'url.original', 'url.password', 'url.path', 'url.port', 'url.query', 'url.registered_domain', 'url.scheme', 'url.top_level_domain', 'url.username', 'user.domain', 'user.email', 'user.full_name', 'user.group.domain', 'user.group.id', 'user.group.name', 'user.hash', 'user.id', 'user.name', 'user_agent.device.name', 'user_agent.name', 'user_agent.original', 'user_agent.os.family', 'user_agent.os.full', 'user_agent.os.kernel', 'user_agent.os.name', 'user_agent.os.platform', 'user_agent.os.version', 'user_agent.version', 'vulnerability.category', 'vulnerability.classification', 'vulnerability.description', 'vulnerability.enumeration', 'vulnerability.id', 'vulnerability.reference', 'vulnerability.report_id', 'vulnerability.scanner.vendor', 'vulnerability.score.base', 'vulnerability.score.environmental', 'vulnerability.score.temporal', 'vulnerability.score.version', 'vulnerability.severity', 'winlog.activity_id', 'winlog.api', 'winlog.channel', 'winlog.computer_name', 'winlog.event_data.AccessList', 'winlog.event_data.AccessMask', 'winlog.event_data.AccountExpires', 'winlog.event_data.AccountName', 'winlog.event_data.AdditionalInfo', 'winlog.event_data.Address', 'winlog.event_data.AddressLength', 'winlog.event_data.AdvancedOptions', 'winlog.event_data.AlertDesc', 'winlog.event_data.AlgorithmName', 'winlog.event_data.AllowedToDelegateTo', 'winlog.event_data.AuthenticationPackageName', 'winlog.event_data.Binary', 'winlog.event_data.BitlockerUserInputTime', 'winlog.event_data.BootAppStatus', 'winlog.event_data.BootMenuPolicy', 'winlog.event_data.BootMode', 'winlog.event_data.BootType', 'winlog.event_data.BugcheckCode', 'winlog.event_data.BugcheckParameter1', 'winlog.event_data.BugcheckParameter2', 'winlog.event_data.BugcheckParameter3', 'winlog.event_data.BugcheckParameter4', 'winlog.event_data.BuildVersion', 'winlog.event_data.CallTrace', 'winlog.event_data.CallerProcessId', 'winlog.event_data.CallerProcessName', 'winlog.event_data.Checkpoint', 'winlog.event_data.Company', 'winlog.event_data.ComputerAccountChange', 'winlog.event_data.Config', 'winlog.event_data.ConfigAccessPolicy', 'winlog.event_data.Configuration', 'winlog.event_data.ConfigurationFileHash', 'winlog.event_data.ConnectedStandbyInProgress', 'winlog.event_data.CorruptionActionState', 'winlog.event_data.CreationUtcTime', 'winlog.event_data.CsEntryScenarioInstanceId', 'winlog.event_data.DCName', 'winlog.event_data.Description', 'winlog.event_data.Detail', 'winlog.event_data.Details', 'winlog.event_data.DeviceName', 'winlog.event_data.DeviceNameLength', 'winlog.event_data.DeviceObject', 'winlog.event_data.DeviceTime', 'winlog.event_data.DeviceVersionMajor', 'winlog.event_data.DeviceVersionMinor', 'winlog.event_data.DirtyPages', 'winlog.event_data.DisableIntegrityChecks', 'winlog.event_data.DisplayName', 'winlog.event_data.DnsHostName', 'winlog.event_data.DomainBehaviorVersion', 'winlog.event_data.DomainName', 'winlog.event_data.DomainPolicyChanged', 'winlog.event_data.DomainSid', 'winlog.event_data.DriveName', 'winlog.event_data.DriverName', 'winlog.event_data.DriverNameLength', 'winlog.event_data.Dummy', 'winlog.event_data.DwordVal', 'winlog.event_data.ElevatedToken', 'winlog.event_data.EnableDisableReason', 'winlog.event_data.Endpoint', 'winlog.event_data.EntryCount', 'winlog.event_data.ErrorCode', 'winlog.event_data.ErrorDescription', 'winlog.event_data.ErrorMessage', 'winlog.event_data.ErrorState', 'winlog.event_data.EventType', 'winlog.event_data.ExtensionId', 'winlog.event_data.ExtensionName', 'winlog.event_data.ExtraInfo', 'winlog.event_data.ExtraInfoLength', 'winlog.event_data.ExtraInfoString', 'winlog.event_data.FailureName', 'winlog.event_data.FailureNameLength', 'winlog.event_data.FailureReason', 'winlog.event_data.FilePath', 'winlog.event_data.FileVersion', 'winlog.event_data.FilterID', 'winlog.event_data.FinalStatus', 'winlog.event_data.FlightSigning', 'winlog.event_data.GPOCNName', 'winlog.event_data.GrantedAccess', 'winlog.event_data.Group', 'winlog.event_data.HandleId', 'winlog.event_data.HiveName', 'winlog.event_data.HiveNameLength', 'winlog.event_data.HomeDirectory', 'winlog.event_data.HomePath', 'winlog.event_data.HypervisorDebug', 'winlog.event_data.HypervisorLaunchType', 'winlog.event_data.HypervisorLoadOptions', 'winlog.event_data.IdleImplementation', 'winlog.event_data.IdleStateCount', 'winlog.event_data.ImagePath', 'winlog.event_data.ImpersonationLevel', 'winlog.event_data.IntegrityLevel', 'winlog.event_data.Interface', 'winlog.event_data.IpAddress', 'winlog.event_data.IpPort', 'winlog.event_data.IsTestConfig', 'winlog.event_data.KernelDebug', 'winlog.event_data.KeyFilePath', 'winlog.event_data.KeyLength', 'winlog.event_data.KeyName', 'winlog.event_data.KeyType', 'winlog.event_data.KeysUpdated', 'winlog.event_data.LastBootGood', 'winlog.event_data.LastShutdownGood', 'winlog.event_data.LmPackageName', 'winlog.event_data.LoadOptions', 'winlog.event_data.LockoutDuration', 'winlog.event_data.LockoutObservationWindow', 'winlog.event_data.LockoutThreshold', 'winlog.event_data.LogonGuid', 'winlog.event_data.LogonHours', 'winlog.event_data.LogonId', 'winlog.event_data.LogonProcessName', 'winlog.event_data.LogonType', 'winlog.event_data.MachineAccountQuota', 'winlog.event_data.MajorVersion', 'winlog.event_data.MandatoryLabel', 'winlog.event_data.MaximumPerformancePercent', 'winlog.event_data.MemberName', 'winlog.event_data.MemberSid', 'winlog.event_data.MinPasswordLength', 'winlog.event_data.MinimumPerformancePercent', 'winlog.event_data.MinimumThrottlePercent', 'winlog.event_data.MinorVersion', 'winlog.event_data.MixedDomainMode', 'winlog.event_data.NewProcessId', 'winlog.event_data.NewProcessName', 'winlog.event_data.NewSchemeGuid', 'winlog.event_data.NewSd', 'winlog.event_data.NewSize', 'winlog.event_data.NewTargetUserName', 'winlog.event_data.NewTime', 'winlog.event_data.NewUACList', 'winlog.event_data.NewUacValue', 'winlog.event_data.NominalFrequency', 'winlog.event_data.Number', 'winlog.event_data.NumberOfGroupPolicyObjects', 'winlog.event_data.OS EditionID', 'winlog.event_data.OS Name', 'winlog.event_data.OS build version', 'winlog.event_data.OS major version', 'winlog.event_data.OS minor version', 'winlog.event_data.OS service pack major version', 'winlog.event_data.OS service pack minor version', 'winlog.event_data.ObjectName', 'winlog.event_data.ObjectServer', 'winlog.event_data.ObjectType', 'winlog.event_data.OemInformation', 'winlog.event_data.OldSchemeGuid', 'winlog.event_data.OldTargetUserName', 'winlog.event_data.OldTime', 'winlog.event_data.OldUacValue', 'winlog.event_data.Operation', 'winlog.event_data.OperationType', 'winlog.event_data.OriginalFileName', 'winlog.event_data.OriginalSize', 'winlog.event_data.PackageName', 'winlog.event_data.PasswordHistoryLength', 'winlog.event_data.PasswordLastSet', 'winlog.event_data.PasswordProperties', 'winlog.event_data.Path', 'winlog.event_data.PerformanceImplementation', 'winlog.event_data.PowerButtonTimestamp', 'winlog.event_data.PreAuthType', 'winlog.event_data.PreviousCreationUtcTime', 'winlog.event_data.PreviousTime', 'winlog.event_data.PrimaryGroupId', 'winlog.event_data.PrivilegeList', 'winlog.event_data.ProcessId', 'winlog.event_data.ProcessName', 'winlog.event_data.ProcessPath', 'winlog.event_data.ProcessPid', 'winlog.event_data.ProcessingMode', 'winlog.event_data.ProcessingTimeInMilliseconds', 'winlog.event_data.Product', 'winlog.event_data.ProfilePath', 'winlog.event_data.Properties', 'winlog.event_data.ProtocolType', 'winlog.event_data.ProviderName', 'winlog.event_data.PuaCount', 'winlog.event_data.PuaPolicyId', 'winlog.event_data.QfeVersion', 'winlog.event_data.QueryName', 'winlog.event_data.Reason', 'winlog.event_data.RemoteEventLogging', 'winlog.event_data.RestrictedAdminMode', 'winlog.event_data.RetryMinutes', 'winlog.event_data.ReturnCode', 'winlog.event_data.RuleName', 'winlog.event_data.SamAccountName', 'winlog.event_data.SchemaVersion', 'winlog.event_data.ScriptBlockText', 'winlog.event_data.ScriptPath', 'winlog.event_data.ServiceName', 'winlog.event_data.ServicePrincipalNames', 'winlog.event_data.ServiceSid', 'winlog.event_data.ServiceType', 'winlog.event_data.ServiceVersion', 'winlog.event_data.ShutdownActionType', 'winlog.event_data.ShutdownEventCode', 'winlog.event_data.ShutdownReason', 'winlog.event_data.SidHistory', 'winlog.event_data.Signature', 'winlog.event_data.SignatureStatus', 'winlog.event_data.Signed', 'winlog.event_data.SleepInProgress', 'winlog.event_data.StartTime', 'winlog.event_data.StartType', 'winlog.event_data.State', 'winlog.event_data.Status', 'winlog.event_data.StopTime', 'winlog.event_data.SubStatus', 'winlog.event_data.SubjectDomainName', 'winlog.event_data.SubjectLogonId', 'winlog.event_data.SubjectUserName', 'winlog.event_data.SubjectUserSid', 'winlog.event_data.SupportInfo1', 'winlog.event_data.SupportInfo2', 'winlog.event_data.SystemSleepTransitionsToOn', 'winlog.event_data.TSId', 'winlog.event_data.TargetDomainName', 'winlog.event_data.TargetImage', 'winlog.event_data.TargetInfo', 'winlog.event_data.TargetLinkedLogonId', 'winlog.event_data.TargetLogonGuid', 'winlog.event_data.TargetLogonId', 'winlog.event_data.TargetObject', 'winlog.event_data.TargetOutboundDomainName', 'winlog.event_data.TargetOutboundUserName', 'winlog.event_data.TargetProcessGUID', 'winlog.event_data.TargetProcessId', 'winlog.event_data.TargetServerName', 'winlog.event_data.TargetSid', 'winlog.event_data.TargetUserName', 'winlog.event_data.TargetUserSid', 'winlog.event_data.TerminalSessionId', 'winlog.event_data.TestSigning', 'winlog.event_data.TicketEncryptionType', 'winlog.event_data.TicketOptions', 'winlog.event_data.TimeProvider', 'winlog.event_data.TimeSource', 'winlog.event_data.TokenElevationType', 'winlog.event_data.TransmittedServices', 'winlog.event_data.UnsynchronizedTimeSeconds', 'winlog.event_data.UpdateType', 'winlog.event_data.Url', 'winlog.event_data.UserAccountControl', 'winlog.event_data.UserParameters', 'winlog.event_data.UserPrincipalName', 'winlog.event_data.UserSid', 'winlog.event_data.UserWorkstations', 'winlog.event_data.Version', 'winlog.event_data.VirtualAccount', 'winlog.event_data.VsmLaunchType', 'winlog.event_data.VsmPolicy', 'winlog.event_data.Workstation', 'winlog.event_data.error', 'winlog.event_data.param1', 'winlog.event_data.param10', 'winlog.event_data.param11', 'winlog.event_data.param12', 'winlog.event_data.param2', 'winlog.event_data.param3', 'winlog.event_data.param4', 'winlog.event_data.param5', 'winlog.event_data.param6', 'winlog.event_data.param7', 'winlog.event_data.param8', 'winlog.event_data.param9', 'winlog.event_data.restarttime', 'winlog.event_data.serviceGuid', 'winlog.event_data.spn1', 'winlog.event_data.spn2', 'winlog.event_data.updateGuid', 'winlog.event_data.updateRevisionNumber', 'winlog.event_data.updateTitle', 'winlog.event_data.updatelist', 'winlog.event_id', 'winlog.keywords', 'winlog.logon.failure.reason', 'winlog.logon.failure.status', 'winlog.logon.failure.sub_status', 'winlog.logon.id', 'winlog.logon.type', 'winlog.opcode', 'winlog.process.pid', 'winlog.process.thread.id', 'winlog.provider_guid', 'winlog.provider_name', 'winlog.record_id', 'winlog.related_activity_id', 'winlog.task', 'winlog.user.domain', 'winlog.user.identifier', 'winlog.user.name', 'winlog.user.type', 'winlog.user_data.AddServiceStatus', 'winlog.user_data.Channel', 'winlog.user_data.DeviceInstanceID', 'winlog.user_data.DriverDescription', 'winlog.user_data.DriverFileName', 'winlog.user_data.DriverName', 'winlog.user_data.DriverProvider', 'winlog.user_data.DriverVersion', 'winlog.user_data.InstallStatus', 'winlog.user_data.IsDriverOEM', 'winlog.user_data.PrimaryService', 'winlog.user_data.Reason', 'winlog.user_data.RebootOption', 'winlog.user_data.RmSessionId', 'winlog.user_data.ServiceName', 'winlog.user_data.SetupClass', 'winlog.user_data.SubjectDomainName', 'winlog.user_data.SubjectLogonId', 'winlog.user_data.SubjectUserName', 'winlog.user_data.SubjectUserSid', 'winlog.user_data.UTCStartTime', 'winlog.user_data.UpdateService', 'winlog.user_data.UpgradeDevice', 'winlog.user_data.binaryData', 'winlog.user_data.binaryDataSize', 'winlog.user_data.param1', 'winlog.user_data.param2', 'winlog.user_data.xml_name', 'winlog.version']}
---------------------------------------------------------------------------
RequestError Traceback (most recent call last)
/usr/local/lib/python3.6/dist-packages/IPython/core/formatters.py in __call__(self, obj)
697 type_pprinters=self.type_printers,
698 deferred_pprinters=self.deferred_printers)
--> 699 printer.pretty(obj)
700 printer.flush()
701 return stream.getvalue()
15 frames
/usr/local/lib/python3.6/dist-packages/elasticsearch/connection/base.py in _raise_error(self, status_code, raw_data)
242
243 raise HTTP_EXCEPTIONS.get(status_code, TransportError)(
--> 244 status_code, error_message, additional_info
245 )
246
RequestError: RequestError(400, 'too_long_frame_exception', 'An HTTP line is larger than 4096 bytes.')