Hey guys,
just as @rlkoshak already highlighted I am using the ELK stack to aggregate, search, filter and process logs from multiple servers over long time spans. It’s amazing for server/infrastructure monitoring and alerting. I can definitely recommend it.
Bringing the openHAB logs into elasticsearch was a nice exercise and I was happy when it worked out just fine. A grok filter was easily build and everything was ready to be used.
After a few days I realized, that most of the aggregated log lines where not really important to me. All interesting item value changes are already persisted to InfluxDB and brought into life via Grafana. During the work with openHAB a realtime view at the actual log lines is more useful than the slow Kibana frontend. ELK can still be useful for the above mentioned use case. You can store everything normally logged to openhab.log and filter these log lines for irregularities. My server is still doing that, maybe I’ll find some use for this data at a later point.
If needed I can dig up the logstash side of my configuration and provide it here as well. If one of you guys is interesting to implement opemHAB with ELK, I can open the first posting as a wiki posting so you can add your additions 
Best! Thomas