Winlogbeat 1.2 does not provide the event_data field. That was introduced in v5.
Unfortunately, in Windows 2000, XP, and 2003 the message parameters are not named. The message associated with an event is stored as a template in a DLL or EXE file like "File %1 contains %2 which is in error." When an application logs an event it just provides an array of parameters (see NumStrings in EVENTLOGRECORD) and the parameters get substituted into the message template by index number.
Because the parameters are unnamed and there is no guaranteed format to the message template, Winlogbeat cannot provide descriptive names for these fields. You could use Logstash to rename the event_data.paramN fields to a more descriptive name on a per event ID basis.
Windows Vista and newer switched to a new format for the event log records where the parameters are named.