Thanks for confirming @Hamada. I'm not sure if you're using the free basic install versus an enterprise licence.
There is some guidance in the enterprise documentation here, but generally the approach is the same for basic on-prem installs.
But generally logs should be encrypted before storing, using a tool such as dm-crypt. This would impact searching on the fields to which encryption is applied.
I would recommend having a look at these threads for more information:
- How can I encrypt the data stored in indexes? - #2 by leandrojmp
- How should I encrypt data at rest with Elasticsearch?
Hope that helps!