Thanks for clarification. I think you are stretching things a little to claim the logs containing the address a request was sent to is divulging “sensitive information”. The index name was in same warning, and the http method, etc - where would you stop ? But others may take a different view.
I don’t use the Java High Level REST client so maybe someone else might be able to suggest another way / setting.
I still think this is unusual use case, but you can certainly open a feature request. If you are paying customer, you could also reach out to your elastic contacts.