It is possible to license more than 1000 but you will need to ping your sales rep and ask to have a quick call with a Sales Engineer. They will discuss your environment and goals with you to validate that the larger node count won't create problems. The big issue is events per second so provided your logs from all sources combined don't significantly exceed 1000 events per second we should be able to help.
Making the aggregate updates every minutes will not significantly help you to reduce your logs. Anyhow security logs will combine all log events within a minute. There is no need for getting another license for adding additional nodes. The best way is to ping your customer care and have a quick discussion with sales team to whom you have contacted during purchase.