In addition to replacing those references, you would also need to replace the vendored log4j jars themselves, and you would be somewhat on your own with a custom hand-rolled mitigation. Bear in mind that Elastic-released artifacts go through somewhat extensive testing and validation, in this case not only for base functionality but also explicit validation for addressing the related CVE.
Out guidance remains to remove the JNDI lookup class, or to upgrade to a patched releases: