Hi Travis,
Normally the log4j2.xml should not to be touched, it’s about the graylog service logging,
not the ingested logging that should go to elacticsearch.
There is a directory where logs are written temporary that cannot be ingested tot elasticsearch.
If everything is on one node, your /etc/elasticsearch/elasticsearch.yml file should be something like this:
cluster.name: graylog
node.name: <yournode name or ip>
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: <your host ip addres>
http.port: 9200
discovery.seed_hosts: ["<your host ip addres>"]
cluster.initial_master_nodes: ["<your host ip addres>"]
action.auto_create_index: false
If you than restart elasicsearch and you have configured graylog
as written in the setup documentation you could be on your way.
Good luck.
Arie