I have a string field that is a dot separated name representing a hierarchy in my logging. ex ("top_level.next_level.more"). I would like to do a visualization where I can see the relative size of multiple parts of the hierarchy.
I started by splitting the field in logstash into a an array field (ex: ["top_level","next_level","more"]).
I would like a way to visualize the levels and counts in a pie chart visualization but I can't figure out how to make the Terms aggregations access a specific element in the split_names array. Is this possible? Any other ideas how to do this type of thing?
Thanks.