Hi,
We are running on Logstash 8.8.0 and our IT security team has concern about the log4j-core-2.17.1.jar in the logstash-core\lib\jars.
Can we disable log4j totally in Logstash and remove the log4j-core-2.17.1.jar from the system?
What concerns? I don't think there is any active security issues regarding log4j, the RCE issues that affected log4j a couple of months ago where fixed in 2.17.1 as explained here.
You can't disable log4j totally in Logstash as it is needed.