For what it’s worth, using the de_dot filter in logstash with the following config converts the fields to be nested, and didn’t even require any changes to any of my kibana queries or dashboards. Everything just worked. ElasticSearch is happy and I can upgrade to v2 now and nothing changed from the user’s point of view. All I did was tack this on the end of my filter config file on my logstash servers.
filter {
de_dot {
nested => true
}
}
Of course, I wouldn’t complain about bro just nesting correctly in JSON. 
-Landy