This article describes the mitigation steps for the Apache log4j Vulnerability's effect on ElastiFlow 4 and 5.
ElastiFlow versions 4 and 5
To mitigate the vulnerability, perform the following steps:
Create /etc/elasticsearch/jvm.options.d/log4j2.options file with the content:
systemctl restart elasticsearchto restart Elasticsearch.
If you are using ElastiFlow version 4, run:
zip -q -d /opt/elk/logstash-latest/logstash-core/lib/jars/log4j-core-2.* org/apache/logging/log4j/core/lookup/JndiLookup.class
For more information, see this post from Elastic.