Ok now you are providing some context... You are trying to design a whole system.
After reading that, I would recommend using Fleet and Elastic Agent, which is for the now and the future, not individual beats.
They support OOTB data stream, datasets and name spaces, ingestion pipelines ILM etc...... which allow a better approach to segmentation, control, parsing etc. (I would still be carefull as over segmentation can cause issues)
If I was building a system that would be my approach.
For each "System" you need to identify what you will collect ...
Are they "share / common" are the Specific Uncommon etc..
Are there common processing paths
What has common and different Life Cycle Policies
I would first do a spread sheet exercise of your inventory.
I would read up on Elastic Agent, Integrations, Data stream etc
I don't know what that means... extract but ok... and I do not understand the focus on a single index... but OK as well... I think you are making assumptions about elastic data streams and indices which may or may not be correct....
If you are saying that there are different Lifecycles per System of something like that you need to think in terms of that... Top Down (requirement, retention etc) not Bottom up (per index etc)
You can keep trying with your config... it is not going to work..
DO you have a requirement to be on Winlogbeat? or Would Elastic Agent Work...
If you are stuck on winlogbeat
Note you have to run setup -e once BEFORE you start writing data
Take a look at this post it is for metricbeat but winlog beat works the same
What this does is setup all the scafolding...
Its a more complete version of this...
There is another approach as well when you use data streams..
Look at this...
Ok ... out ... think about what you want to do... I will check check back in at some point But we can't design your whole system. We can only provide you direction...