Thanks, but after a discussion with my peers I learned that we should be switching to Opensearch, and instead of sending from Logstash directly to Elasticsearch I need to send from Logstash to Graylog using the GELF format. This opened up an entire new family of issues to figure out, so this thread should be considered closed as of now.