[ { "_id": "291192f0-f0f9-11e7-aab5-a3476b7fbc76", "_type": "search", "_source": { "title": "Events", "description": "", "hits": 0, "columns": [ "dest_ip", "dest_port", "src_ip", "src_port", "proto", "iface", "action", "direction", "geoip.country_name" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"00315480-f0b1-11e7-aab5-a3476b7fbc76\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"00315480-f0b1-11e7-aab5-a3476b7fbc76\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"exists\",\"key\":\"dest_ip\",\"value\":\"exists\"},\"exists\":{\"field\":\"dest_ip\"},\"$state\":{\"store\":\"appState\"}}]}" } } }, { "_id": "ebc4f710-f0f4-11e7-aab5-a3476b7fbc76", "_type": "search", "_source": { "title": "Suricata", "description": "", "hits": 0, "columns": [ "ids_dest_ip", "ids_dest_port", "ids_src_ip", "ids_src_port", "ids_desc", "ids_pri", "ids_sig_id" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"00315480-f0b1-11e7-aab5-a3476b7fbc76\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"00315480-f0b1-11e7-aab5-a3476b7fbc76\",\"type\":\"phrase\",\"key\":\"tags\",\"value\":\"SuricataIDPS\",\"params\":{\"query\":\"SuricataIDPS\",\"type\":\"phrase\"},\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"tags\":{\"query\":\"SuricataIDPS\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" } } } ]