Is there a filter/query that can be used to find events occurring within say, 5 minutes of each other? I'm specifically interested in seeing details of event_id X, but only if event_id Y also occurs within a 5 minute timeframe (earlier or later).
As per a suggestion on Reddit, it looks like this can only be achieved through EQL - https://www.elastic.co/guide/en/elasticsearch/reference/master/eql.html