Given there is a time delay between a message being logged at source and the message being submitted into elasticsearch, is there a mechanism for identifying the time that the log was stored in elasticsearch. ie, is there a way to store the timestamp upon index?
I read that this feature used to exist but has been removed.
I'd like to be able to build xpack watchers that only query records that have 'appeared' in the last X minutes, to ensure no messages are missed off.
Thanks