Thanks Mark, this entity-centric indexing technique looks like exactly what I'm aiming for!
I'm still curious if such an index could be created in logstash, rather than introducing an extra set of scripts. It looks like it might be possible to recreate with the following:
1. Group events together and apply a timeout to make sure they are updated at the required interval: [like this example](https://www.elastic.co/guide/en/logstash/current/plugins-filters-aggregate.html#plugins-filters-aggregate-example5
2. Using an update script with the ES Output Plugin [appears to be supported](https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-script
I'll probably run my tests using your `ESEntityCentricIndexing` script and see if it can be rolled into Logstash for production.
For now I'll mark this as solved and create any further questions in the Logstash section