he @juaromu
the reason is that in the past dots in field names caused problems in elasticsearch. So one elasticsearch version did not work with dots in field names, while the following version allowed that again.
During that time we had implemented a workaround for the dots in field names and had many installations in the wild that might have the elasticsearch version that allowed dots and some that does not allow dots.
That is why Graylog is not allowing dots in field names.
Coming from that time some inconsistent behavior is given. You might want to check the Github issues of the server for an issue regarding this problem or create a bug report about the inconsistent behavior.