How do I keep a count of deduplicated messages from Logstash in ElasticSearch?

I see from this question that document_id can easily be used in Logstash to replace a duplicate record in ElasticSearch. How would I add/increment a count value for e.g. repeating syslog messages? Instead of just replacing the record I want to increment the count so I know how many times it has repeated.

Solution

Depending on what you are using to view the data, it might just be as simple as looking at the _version field of the documents. ES will automatically update that value when something changes for the document. Kibana doesn't show the _version field (https://github.com/elasticsearch/kibana/issues/1234), but it's there.

brew install elasticsearch on M1 macbook results in "Bad CPU type in executable" error
Spring Data Elasticsearch Bulk Index/Delete - Millions of Records
fluentd with OpenSearch - where does the @timestamp field come from?
Storing and managing Forex trading tick data
mongodb fulltext searching strategy
Is it possible to use elasticsearch synonyms dynamically?
Elasticsearch showing received plaintext http traffic on an https channel in console
Wildcard/regexp query with asterix chacter
How to Count Unique Assets with Specific Severity in Elasticsearch?
Am I correct that Elasticsearch simple_query_string does not support wildcards, but only prefix queries?
ElasticSearch text array length
Elasticsearch Nested Aggregations with Spring data elasticsearch 5.2
How to check that all shards are moved from a specific elasticsearch node?
How do to an Elasticsearch ESQL Distinct Query?
How can I add a field to existing mapping with values in other fields?
Elastic Search sort documents with same score using another field value
OpenSearch with Spring Boot - Displaying docuemnts by number of keywors
How to one value come first during sort on that field Elastic Search
Retrieve selected fields from a search
Logstash main class JvmOptionsParser not found / cannot load
What is the difference between standard and language analyzer in Elasticsearch?
How can I count all the occurrences within my date_histogram?
Reliable .NET API for Elastic Search
Not working fuzzy logic when use the fuzzines.auto elasticsearch
Yellow health status on elastic causing kibana to fail at launch?
How to Enable Logging in Rails Application with OpenSearch and Searchkick Integration?
ElasticSearch - Unable To Search Using Fuzzy Match Query For Underscore in value (ES Fuzzy not matching underscore value)
registering a custom analyzer and using it in a template
Elasticsearch implement off-the-shelf language analyser but use custom tokeniser
KQL query Count and Limit Matching Documents in Time Frame