I suspect Most of this would be done for you with the pipelines if you just sent winlogbeat directly to elasticsearch .... if configured correctly... and you run setup etc.
I always recommend getting the Beats->Elasticsearch architecture working first before introducing Logastash
Once you get that working then you can move towards
Beats->Logstash->Elastcsearch Ingest Architecture
When you put logstash in the middle some important data is not forwarded unless you use the correctly
Here is a post on similar.. its filebeat but the concept is the same