WinEventLog blocks in inputs.conf is limited to Application, Security, System, ForwardedEvents, and Setup. The third code changes every indexes in each block. Have other files in inputs.conf i do not want to change the indexes.

Please see How do I change/delete my post?, in particular "It is uncool to update a node in a way that renders replies confusing or meaningless", and please mark your edits as such.

I looked at a couple of modules for handling INI files, and some of the more common ones don't handle multiple sections having the same name. Good luck with the following - it's a classic one-liner and although it seems to work on your sample data, you'll have to really test it to make sure it works in all your cases. If in doubt, look into a real parser.

perl -00pe 's#^\[WinEventLog://(?:Application|Security|System|Forwarde
+dEvents|Setup)\]\n.*^index\s*=\s*\K.+(?=_(?:np|pr)\s*$)#window#ms' in
+puts.conf
[download]