Hi Hamza,
I found your question interesting so I shipped from windows in Spanish and Korean language, just as an example.
Now I am not sure what you are trying to do, but basically for the moment, the Event ID field event.code is the key to unify these events together. Let me show you a screenshot, maybe that makes it clearer.
And now the the e.g. log levels are still in local language:
Apart from that it doesn't matter for tracking the SIEM itself as it is tracking down by some parameter like host name or the event.code as well, which are generalized by Elastic Common Schema.
https://www.elastic.co/guide/en/ecs/current/index.html
Now we do have a generalized content generalization, but nothing stops you as well already at ingest level to translate certain information at ingest level in winlogbeat using script processors, which are very flexible:
https://www.elastic.co/guide/en/beats/winlogbeat/master/processor-script.html
and migrate the fields into generalized content fields as well.
https://www.elastic.co/guide/en/ecs/current/migrating-to-ecs.html
We already have right now a couple fields generalizing content and work on even doing that better using Common Event Model like ECS event categorization.
See here for documentation.
https://www.elastic.co/guide/en/ecs/current/ecs-category-field-values-reference.html
I hope that makes things a bit more clear.