I am currently working on a new Beat (maybe called UnifiedBeat) to ship alerts from snort's unified2 files to ElasticSearch ... but I am just beginning and plan to start with FileBeat as a starting point (even though unified2 files are binary and not line delimited like syslogs).
Previously, I open sourced a python app on github called uni2espy. It uses Jason Ish's IdsTools to tail/read/parse snort's unified2 files and index the alerts into ElasticSearch.
Both should also work with Suricata which can create unified2 files.
For my usage I will prefer the Golang Beat version as it's easier to deploy and so on. But we have been using Uni2EsPy for over two years (it was only open sourced for a year now).
Just FYI.