I am looking at nesting aggregations for a document which contains a list for a column type which in turn contains a list. Consider the scenario provided on the aggregate filter page
https://www.elastic.co/guide/en/logstash/current/plugins-filters-aggregate.html
A typical case is aggregating results from jdbc input plugin.
Given that you have this SQL query : SELECT country_name, town_name FROM town
Using jdbc input plugin, you get these 3 events from :
{ "country_name": "France", "town_name": "Paris" }
{ "country_name": "France", "town_name": "Marseille" }
{ "country_name": "USA", "town_name": "New-York" }
In the above case, if I were to introduce a "state_name", how can I aggregate first by country_name followed by state_name and then all town_names into an ElasticSearch document?