A little bit of backstory.
My logs are all related to transactions (basically requests and responses). I'm trying to find the transactions which have a request, but don't have the corresponding response, a.k.a a dropped transaction.
Since all of them have a unique id (transaction_id), I figured I'd use the elapsed filter and set the start_tag to the request and the end_tag to the response. From there I'd be able to view the transaction id of the dropped transactions as elapsed would generate new events containing the transaction id and the tag, "elapsed_expired_error". However, I'm facing the problem above.
So, if anybody has a different method to solving this or even an idea to point me in the right direction, I'd love to hear it and it'd be greatly appreciated.