Sorry for the two posts but the site told me that I used too many chars 
After that I started WinlogBeat. There I had the next problems:
{"log.level":"info","@timestamp":"2023-08-18T15:11:13.560+0200","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":139},"message":"Connecting to backoff(elasticsearch(https://wxtask2p.idm.lan.local:9200))","service.name":"winlogbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2023-08-18T15:11:14.875+0200","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(https://wxtask2p.idm.lan.local:9200)): 401 Unauthorized: {\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}},\"status\":401}","service.name":"winlogbeat","ecs.version":"1.6.0"}
Again, authentication was apparently missing, the service token from elasticsearch didn´t work. For testing I used the Elastic user.
output.elasticsearch.username: "elastic"
output.elasticsearch.password: "pass"
After that WinlogBeat ran without problems and the messages were visible in Kibana.
The last thing I did was to start Metricbeat. Of course, I received an error message there as well 
{"log.level":"error","@timestamp":"2023-08-18T15:36:00.079+0200","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls.go","file.line":120},"message":"Dropping encrypted pem 'RSA PRIVATE KEY' block read from C:\\_Mon\\m\\certs\\http-wxtask2p.idm.lan.local.key. no passphrase available","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2023-08-18T15:36:00.080+0200","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls.go","file.line":59},"message":"Failed reading key file: no PEM blocks","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-08-18T15:36:00.080+0200","log.origin":{"file.name":"instance/beat.go","file.line":442},"message":"metricbeat stopped.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2023-08-18T15:36:00.081+0200","log.origin":{"file.name":"instance/beat.go","file.line":1071},"message":"Exiting: error initializing publisher: 1 error: no PEM blocks C:\\_Mon\\m\\certs\\http-wxtask2p.idm.lan.local.key accessing 'output.elasticsearch' (source:'metricbeat.yml')","service.name":"metricbeat","ecs.version":"1.6.0"}
Exiting: error initializing publisher: 1 error: no PEM blocks C:\_Mon\m\certs\http-wxtask2p.idm.lan.local.key accessing 'output.elasticsearch' (source:'metricbeat.yml')
I then solved an error in metricbeat.yml and got another message:
{"log.level":"error","@timestamp":"2023-08-18T16:03:10.181+0200","log.origin":{"file.name":"cfgfile/reload.go","file.line":273},"message":"Error loading config from file 'C:\\_Mon\\m\\modules.d\\elasticsearch-xpack.yml', error invalid config: yaml: line 9: did not find expected '-' indicator","service.name":"metricbeat","ecs.version":"1.6.0"}
After updating this file as well, metricbeat worked again.
elasticsearch-xpack.yml
- module: elasticsearch
xpack.enabled: true
period: 10s
hosts: ["https://wxtask2p.idm.lan.local:9200"]
ssl.enabled: true
ssl.certificate_authorities: C:\_Mon\k\config\elasticsearch-ca.pem
ssl.certificate: C:\_Mon\m\certs\wxtask2p-idm-lan-local.crt
ssl.key: C:\_Mon\m\certs\http-wxtask2p.idm.lan.local.key
ssl.key_passphrase: [passphrase]
username: "elastic"
password: "password"
However, I also had to modify the metricbeat.yml files on the devices I wanted to monitor.
And then it was done... 
One problem that exists at the moment is that I had to use the username and password entries very often. This data is currently in plain text in the config files. This isn´t so nice.. 
How can I make this more secure? I get an error in some applications when I try to use the keystore..!?
I would check this again next week and get back to you.
Or should I open a separate thread for this?