Sorry for the possible confusing title, but here is what I am trying to do:
in my dashboard for DNS I have name of the domain and number of hits (ex: elastic.co - 100hits).
When I click the (+) on Kibana next to "elastic.co" it adds the filter "domain:elastic.co", however I want the filter to be based on the "answer.IP" filed values in the same document.
Why/what I am trying:
problem: when you apply a filter on a dashboard, if the other visualisations don't have that field, they all return empty.
- lets say we have 2 different types of documents in our Elasticsearch Connections and DNS.
- both these documents have a field called "IP".
- the DNS doc also has a field called domain name, which is more human readable then IP, example: domain elastic.co, IP 123.123.123.123
In my Kibana I want to show the user, Domain name from the DNS docs, but when users filter based on a value on the screen, I want the filter to be the value of the IP and not the domain name.
- otherwise, since the CONNECTION docs/visuals don't have the "domain Name" field those show empty, thus I can't drill down.
real life example:
Zeek Connection logs - have destination IP
zeek DNS logs - have DNS answers.
I want to show DNS QUESTION in kibana, but filter on the value of "DNS answers" as "destination IP".
hope it makes sense 
ps, I was not able to find this on my searches if I missed it please feel free to refer me to a link
thanks in advance.