Hi Danielle,
It's all about the trade-offs.
Logstash is a mature product that offers vast variety of plugins, log processing options, delivery strategies, Elasticsearch API integrations and - most of all - elastic.co support and offloading log delivery to other processes. It's just the safest bet.
Alternatives like log4j2-elasticsearch (thanks for mentioning) offer a simple bulk delivery with a few failover options and just a few API integrations: Index template, ILM policy (coming in 1.5) and - most of all - all the work is done within the same process as your business logic, which in some scenarios might put your application at risk.
But it's very easy to extend, customize and work with. Control of the output is much closer to the application/developer/business and you usually need to just refurbish current log4j2.xml configuration. Also, CPU and memory footprint is very small (especially when using log4j2-elasticsearch-hc module) even at very high workload.
If you have any trouble setting it up just raise an issue.
If you have any features you'd like to have implemented just raise an issue.
If you'd like to contribute, send me an email or just raise a PR.