You need to use a transform to change the data to your needs, in this case merging ip/name together.
Also you may want to do this on index instead of query time to speed things, for example with an ingest pipeline.
1 Like