I have an index which is comprised of entries like the following.
Is it possible to create Visualization that respects the nested nature of it?
When I tried, with the X-Axis being SiteId and a split on Count and DistinctCountthis data, the result would be
Site1 => Count: 1 / Distinct: 2
Site2 => Count: 2 / Distinct: 3
Site3 => Count: 2 / Distinct: 1
What I would expect is
Site1 => Count: 1 / Distinct: 1
Site2 => Count 2 / Distinct: 2
Site3 => Count: 2 / Distinct: 1
I understand this is because Elastic flattens the object.
I found an article that says we can query nested objects with a specific syntax (that I didn't get to work yet in Discover) but I can't find anything about visualization.
[
{ "_source": {
"UserIds": [
{ "SiteId": 1, "UserId": "abcd" },
{ "SiteId": 2, "UserId": "efgh" }
]}},
{ "_source": {
"UserIds": [
{ "SiteId": 2, "UserId": "ijkl" },
{ "SiteId": 3, "UserId": "abcd" }
]}},
{ "_source": {
"UserIds": [
{ "SiteId": 3, "UserId": "abcd" }
]}}
]