Have you see this: https://www.elastic.co/guide/en/beats/winlogbeat/current/configuration-winlogbeat-options.html#configuration-winlogbeat-options-event_logs-name
Winlogbeat can read the logs listed by Get-WinEvent -ListLog *.
Only Analytic and Debug logs are based on ETW and Winlogbeat cannot read those. Analytic and Debug logs are disabled and hidden by default in event viewer.
There has been a request to add a feature in Beats for ETW. https://github.com/elastic/beats/issues/2073