I am ingesting documents continually into elastic and one of my main search queries is getting the most recent document in a series. I am currently doing this using a top_hits aggregation and then sorting the results with the same internal document id field (separate from '_id', lets call this 'doc_id'). I would like to move away from using the aggregations as it used quite a bit of RAM so I want to create a field in the document called 'current' and set it to true if it is the most recent and set it to false if not.
I was hoping that there would be a plugin for logstash that could query elastic for the 'doc_id' field and update the 'current' field in that document to false, but I discovered this was not possible. Am I looking at this the wrong way or is there something that will let me do this?