Hi @Dzious
I pretty much explain exactly how do do this here
This means using logstash as an aggregation point ... I also discussed that in this thread
Example Architecture
Many Filebeat(s) -> Logstash -> Elasticsearch or Elastic Cloud
Just substitute winlogbeat with filebeat in the steps.
Also here is the reference in the docs