No, you can't just replace the jar with a newer version.
Please read the security announcement about the Log4J exploit, there you will find how to mitigate the issue according to your Logstash/Elasticsearch version.
If what you want to do is not mentioned there, then it is not recommended or testes by elastic.