How can I do aggregation of incoming events on common fields to reduce the incoming EPS? Refer the AGGREGATION OF EVENTS section in "https://socprime.com/en/blog/arcsight-optimizing-eps-aggregation-and-filtration/" for more detail.
I think it could be done at logstash but can't find relevant documentation so it would be helpful if someone could point me in the right direction.