Regarding filebeat, it definitely is very lightweight, uses minimal resources, and is a single executable binary with no dependencies. You don't have much data manipulation functionality, although if you're just looking to get your data from your servers to your data/cache buffer, this is OK. Yes it does require your applications to log to a file, which is then read by filebeat although this usually isn't a problem unless your apps are very write intensive when it comes to logging (for example, logging all requests to a custom web server with high traffic).
Unfortunately, i'm not really familiar with log4j so I can't really comment on that one. As for Logstash, it is definitely heavier on resource usage and is a more complex application to install than filebeat (requires JVM). On the positive side, it has many different inputs, filters and outputs, so it's rich in terms of functionality. If your looking for logging without any files, you could potentially use a TCP or UDP input with logstash, and then output to either Redis or Kafka. Keep in mind I don't believe those two inputs persist to disk in Logstash so yes there could be potential to loose some data.
If you're really looking to cut down on IO and/or eliminate logging to files, you could always check out udplogbeat which is based on the beats framework and simply allows you to log to a local UDP port and then send the events to one of the supported outputs, in your case probably Kafka or Redis. Just keep in mind again that this does not persist events to disk when you send them to the specified UDP port, so there is potential of losing data.
So the main thing to decide on your part is if you're comfortable with potentially losing some log data (some people are when it comes to basic logs) and what type of performance/resource usage your looking for. If you want best guarantee of not loosing data and a rich feature set to manipulate events, I'd say go with Logstash. If you're looking for minimal data loss (with original log files on disk), but you just want to ship the events to process them later, i'd say go with Filebeat. If you don't mind potentially loosing some data, and you want fast logging without any files (help with system IO) along with the ability to quickly and easily choose your output method, I'd suggest taking a look at udplogbeat.
Personally, I have cases where I use udplogbeat, but on most servers I work with I have filebeat installed, which then ships the data to a custom HTTP ingestion server (using Nginx+Lua) which then buffers the events to Redis.
Hope this helps with your decision.