[FEATURE] Visual editor 'Group by' dropdown doesn't acknowledge multi-fields

[AWSHurneyt]

Is your feature request related to a problem? Given the example mapping configuration below, only fieldName2 would appear in the list of Group by options when configuring a monitor query using the visual editor.

"fieldName1" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
"fieldName2" : {
          "type" : "keyword"
        },

In order to group by fieldName1, a user would need to configure the aggregations block in the extraction query editor to include "field": "fieldName1.keyword"; such as in the example below.

"aggregations": {
        "terms_agg": {
            "terms": {
                "field": "fieldName1.keyword",
                "size": 10,
                "min_doc_count": 1,
                "shard_min_doc_count": 0,
                "show_term_doc_count_error": false,
                "order": [
                    {
                        "_count": "desc"
                    },
                    {
                        "_key": "asc"
                    }
                ]
            }
        }

What solution would you like? It would be helpful to enhance the feature to support fields that make use of multi-fields (https://www.elastic.co/guide/en/elasticsearch/reference/7.10/multi-fields.html) to give a field the keyword type.

[ghost]

I tried your approach. It works fine and also triggers the alerts. I'm missing, that it won't add the 'group by" paramter to the alerts table, when doing it your way:

[ghost]

@AWSHurneyt when can we expect this? It is utterly needed. The extraction query editor sometimes makes it really hard to create alerts. Also because im a newbie to the query scripting.