Search on your host which version are used by Elasticsearch mine is log4j-api-2.11.1.jar what are locate to : /usr/share/Elasticsearch/lib/log4j-api-2.11.1.jar
You can add this : -Dlog4j2.formatMsgNoLookups=true
At the end of /etc/Elasticsearch/jvm.options file, for waiting update to 2.15.0 of log4j2