[
  {
    "_id": "291192f0-f0f9-11e7-aab5-a3476b7fbc76",
    "_type": "search",
    "_source": {
      "title": "Events",
      "description": "",
      "hits": 0,
      "columns": [
        "dest_ip",
        "dest_port",
        "src_ip",
        "src_port",
        "proto",
        "iface",
        "action",
        "direction",
        "geoip.country_name"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"index\":\"00315480-f0b1-11e7-aab5-a3476b7fbc76\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"00315480-f0b1-11e7-aab5-a3476b7fbc76\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"exists\",\"key\":\"dest_ip\",\"value\":\"exists\"},\"exists\":{\"field\":\"dest_ip\"},\"$state\":{\"store\":\"appState\"}}]}"
      }
    }
  },
  {
    "_id": "ebc4f710-f0f4-11e7-aab5-a3476b7fbc76",
    "_type": "search",
    "_source": {
      "title": "Suricata",
      "description": "",
      "hits": 0,
      "columns": [
        "ids_dest_ip",
        "ids_dest_port",
        "ids_src_ip",
        "ids_src_port",
        "ids_desc",
        "ids_pri",
        "ids_sig_id"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"index\":\"00315480-f0b1-11e7-aab5-a3476b7fbc76\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"00315480-f0b1-11e7-aab5-a3476b7fbc76\",\"type\":\"phrase\",\"key\":\"tags\",\"value\":\"SuricataIDPS\",\"params\":{\"query\":\"SuricataIDPS\",\"type\":\"phrase\"},\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"tags\":{\"query\":\"SuricataIDPS\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
      }
    }
  }
]