Logstash version 2.2.1 is vulnerable to a man in the middle attack when used with Elasticsearch output. In version 2.2.1, the config which enables SSL/TLS default has been disabled inadvertently, so a malicious user could access payload data sent via HTTP during the initial handshake. This has been fixed in 2.2.2.
User who do not wish to upgrade immediately to 2.2.2 can use https prefix in their hosts configuration. For example, replace value of "hosts" => "found-123.com:9200" to "https://found-123.com:9200". Please restart Logstash after you make this change.