Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): OpenSearch 2.3.0 AWS managed, Brave v1.48.158
Describe the issue:
I have two date fields (indexed_at and timestamp) is it possible to select which one will be used by the plugin? At the moment it uses indexed_at when sending requests from UI to backend, it suits me, but I don’t know if it may change later if I don’t specify the field explicitly.
My idea is to use indexed_at to query the backend and timestamp for sorting, because otherwise I can miss some documents if document become searchable even 1 second later than timestamp due to the nature of plugin queries to backend. But it doesn’t work out, because live tail request appends sorting by indexed_at.
Configuration:
My query: source = nonprod-dev5-log-2023-02-23 | sort - timestamp
When I click refresh button UI sends this:
source=nonprod-dev5-log-2023-02-23 | where indexed_at >= '2023-02-23 10:24:24' and indexed_at <= '2023-02-23 10:39:24' | sort - timestamp
When I click live with 10s interval UI sends this (appended sort):
source=nonprod-dev5-log-2023-02-23 | where indexed_at >= '2023-02-23 10:40:03' and indexed_at <= '2023-02-23 10:40:13' | sort - timestamp | sort - indexed_at