I was reading through the docs and a question came to my mind.
Does Splunk have different notions of time that exists in stream processing products like Flink or Kafka? Flink has event time, ingestion time and processing time for all the events that arrive and uses complex algorithms for handling event time and processing time differences, like watermarks.
From what I see from the docs, Splunk has a single concept of time in the form of timestamps that are added to the events that arrive at the system and ignores the event time, the actual time when the event has been created.
Am I right or am I missing something?