Comment 1 for bug 1503080

The solution to this is a 'reverse nested' aggregation: https://www.elastic.co/guide/en/elasticsearch/guide/current/nested-aggregation.html. For instance, in the example above (I have two servers with the current code, I get two networks.name buckets even though it's just one document:

    {
      "type": "string",
      "name": "networks.OS-EXT-IPS:type",
      "options": [
        {
          "key": "fixed",
          "doc_count": 4
        }
      ]
    }

Adding a reverse_nested aggregation (notice the extra _unique_docs) :

         {
            "name": "networks.OS-EXT-IPS:type",
            "options": [
                {
                    "doc_count": 4,
                    "key": "fixed",
                    "networks__OS-EXT-IPS:type_unique_docs": {
                        "doc_count": 2
                    }
                }
            ],
            "type": "string"
        },

We'd need to then transform the results slightly to delete the unique_docs and replace the doc_count. I've not yet found a way to make this the default (i.e. aggregated nested but return the 'reverse' counts by default) which would be better since it avoids meddling with the e-s format overmuch.