Hello,
about Elasticsearch 2 you wrote :
Elasticsearch 2 and earlier used a Log4j version that is not vulnerable to the newly discovered flaw. Please note that Elasticsearch 2 is not a supported version, and we always recommend updating to the latest release.
But at Restrict LDAP access via JNDI by rgoers · Pull Request #608 · apache/logging-log4j2 · GitHub
we can read that Log4j 1.x may be impacted if their configuration uses JNDI. However, the risk is much lower.
Can you confirm that Elasticsearch 2 is not impacted ?