Brim does not show fully qualified record headers with higher depth than 1 #933
Description
Consider this Zeek TSV. It is a conn log with https://github.com/brimsec/geoip-conn in use.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents geo.orig.country_code geo.orig.region geo.orig.city geo.orig.latitude geo.orig.longitude geo.resp.country_code geo.resp.region geo.resp.city geo.resp.latitude geo.resp.longitude
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string string double double string string string double double
1582646590.938093 CgCrjd3RoaSaytzzZj 192.168.1.110 55351 18.205.93.211 443 tcp - 0.088679 215 193 OTH - - 0 DadA 2 319 2 297 - - - - - - US VA Ashburn 39.0481 -77.4728
1582646588.807682 CKgAmOGktfdwztqQ6 192.168.1.110 55354 52.37.243.173 443 tcp - 0.761817 114 56 OTH - - 0 DdAa 3 270 2 160 - - - - - - US OR Boardman 45.8491 -119.7143
1582646587.715839 C1IFps471Ml4ZlhY7g 192.168.1.110 55747 13.52.5.22 443 tcp - 0.017643 39 39 OTH - - 0 DdA 2 143 1 91 - - - - - - US CA San Jose 37.3388 -121.8914
Notice that the geo record contains two records: orig and resp.
When Brim shows these, it doesn't show the fully qualified record:
This is important because geo can be operated on, like cut geo or count() by geo, but isn't ever displayed.
It's expected that Brim show these as geo.resp.country_code etc.