You could also do this with scripted fields:
// I created a scripted field "mykey" that looked like this
doc['transactiondata.keyword'].value.splitOnToken(':')[0]
// And I created a scripted field "myvalue" that looked like this
doc['transactiondata.keyword'].value.splitOnToken(':')[0]
Then, I created a data table with a filter: mykey:key1 and just displayed a terms aggregation on myvalue.