Perhaps use a split filter, so that instead of an event with an array you have three events in which [categories] is a string. It is really not clear what you want to do.
If there is a limit to the number of categories then you might also be able to do
if [categories][0] { elasticsearch { query => "someField: %{[categories][0]}" ... } }
if [categories][1] { elasticsearch { query => "someField: %{[categories][1]}" ... } }
if [categories][2] { elasticsearch { query => "someField: %{[categories][2]}" ... } }
if [categories][3] { elasticsearch { query => "someField: %{[categories][3]}" ... } }