Hey Tim,
This is not as straightforward as you probably would like, but you can look at the code performing the conversion for all Beats modules in the Beats repo.
In a given module's directory, you'll have a directory for each log type, and underneath it another directory that contains an Elasticsearch ingest pipeline that performs the renames & such.
Since you mention Zeek, here's a directly link to the pipeline that handles the Zeek "connection" events, as an example: https://github.com/elastic/beats/blob/master/x-pack/filebeat/module/zeek/connection/ingest/pipeline.json. Now Zeek is one of the rare (or only?) module that also performs some renames directly in Beats, not just in ES ingest pipelines, so you'll want to look at this file as well: https://github.com/elastic/beats/blob/master/x-pack/filebeat/module/zeek/connection/config/connection.yml
Under the zeek directory, you'll be able to find all other Zeek event types. Also of note is the [module]/[log type]/tests directory, where you'll see original log files and their converted JSON equivalent (minus some metadata fields that would change between test runs).