Using time based is best.
Can you elaborate more on your document structure? If this is time based data then usually you'd have an event at $time, and then event at $time+n and they would both have different values. Is that not the case?
That's bad, see Important Configuration Changes | Elasticsearch: The Definitive Guide [2.x] | Elastic