We ship events from logstash to elasticsearch.
i'm wondering how i can get the latest indexed documents of an index? A simple "get" and "sort by timestamp" is not possible. We overwrite the timestamp with the original timestamp of an event.
We see that some events are written in the index of the previous day, but that should not be, Now we want to find out what events they are.