Transform maps a terms aggregation to a flattened field. An alternative to your ingest pipeline is to create a different mapping for this field. flattened has been chosen, because the terms agg potentially produces a field with lots of different sub-fields. If you don't have a lot of different fields (the default limit is 1000) I suggest to create mappings for them, e.g. map them as long. If you do, you can search and aggregate on these fields. For defining those mappings I suggest to use a dynamic template.
Another solution to this problem has been discussed recently in this thread.