I plan to keep group of events as a single doc at elastic. Events in a group has a common unique id (e.g, event_group_1), and events of a single group arrive in general within a day to my processing pipeline. I update the created doc at elastic, as new events of that group are received.
I thought of having monthly indices. But at edge cases (when time switches from one month to another), 2 separate docs in 2 indices (new month, previous month) will be created.
Do you know any index creating strategy, which will result in keeping only one doc, even in such edge cases? (I cannot keep a single index for years)