The peculiar nature of querying time-based data is that, it's mostly time oriented. In most of the queries, there would be a definite time range mostly pointing to the recent data. Let's see how we can take advantage of this in searching.

In the previous section, we saw how to make custom indices for time-based data using templates and how to override the settings and mappings. The most important application, as we saw in the preceding section, is the modeling of indices of our interests for querying. This means that, we can select specific indices from our entire pool of time-based indices and do operations on a selected few.

Suppose that we have a number of logstash indices named after the week that they were created ...