Is it possible to operate ELK in way that it pulls data in response to a query and 'drops' it after some period of time? For context, I have an extremely large amount of data in which I'd like to examine specific small slices of time. Feeding the whole data set in is infeasible and unnecessary; I'd just like to load in what's necessary and 'drop it' when it's no longer being used. Are there any features that support this flow natively?
Edit: I should also mention that the data being examined already lives in a persistent store and is partitioned into files based on time.