diff --git a/public/components/integrations/components/__tests__/__snapshots__/setup_integration_inputs.test.tsx.snap b/public/components/integrations/components/__tests__/__snapshots__/setup_integration_inputs.test.tsx.snap
index 99e365bf7b..3cf290fc93 100644
--- a/public/components/integrations/components/__tests__/__snapshots__/setup_integration_inputs.test.tsx.snap
+++ b/public/components/integrations/components/__tests__/__snapshots__/setup_integration_inputs.test.tsx.snap
@@ -772,7 +772,7 @@ exports[`Integration Setup Inputs Renders the connection inputs 1`] = `
     hasChildLabel={true}
     hasEmptyLabelSpace={false}
     helpText="Select a data source to pull the data from."
-    label="Data Source"
+    label="Direct query connections"
     labelType="label"
   >
     <div
@@ -792,7 +792,7 @@ exports[`Integration Setup Inputs Renders the connection inputs 1`] = `
             className="euiFormLabel euiFormRow__label"
             htmlFor="random_html_id"
           >
-            Data Source
+            Direct query connections
           </label>
         </EuiFormLabel>
       </div>
@@ -1368,7 +1368,7 @@ exports[`Integration Setup Inputs Renders the connection inputs with a locked co
     hasChildLabel={true}
     hasEmptyLabelSpace={false}
     helpText="Select a data source to pull the data from."
-    label="Data Source"
+    label="Direct query connections"
     labelType="label"
   >
     <div
@@ -1388,7 +1388,7 @@ exports[`Integration Setup Inputs Renders the connection inputs with a locked co
             className="euiFormLabel euiFormRow__label"
             htmlFor="random_html_id"
           >
-            Data Source
+            Direct query connections
           </label>
         </EuiFormLabel>
       </div>
diff --git a/public/components/integrations/components/added_integration.tsx b/public/components/integrations/components/added_integration.tsx
index cefbd8dc21..60e186c976 100644
--- a/public/components/integrations/components/added_integration.tsx
+++ b/public/components/integrations/components/added_integration.tsx
@@ -29,11 +29,11 @@ import { ASSET_FILTER_OPTIONS } from '../../../../common/constants/integrations'
 import { INTEGRATIONS_BASE } from '../../../../common/constants/shared';
 import { dataSourceFilterFn } from '../../../../common/utils/shared';
 import { useToast } from '../../../../public/components/common/toast';
+import { HeaderControlledComponentsWrapper } from '../../../../public/plugin_helpers/plugin_headerControl';
+import { coreRefs } from '../../../framework/core_refs';
 import { DeleteModal } from '../../common/helpers/delete_modal';
 import { PanelTitle } from '../../trace_analytics/components/common/helper_functions';
 import { AddedIntegrationProps } from './integration_types';
-import { HeaderControlledComponentsWrapper } from '../../../../public/plugin_helpers/plugin_headerControl';
-import { coreRefs } from '../../../framework/core_refs';
 
 const newNavigation = coreRefs.chrome?.navGroup.getNavGroupEnabled();
 
@@ -193,8 +193,8 @@ export function AddedIntegration(props: AddedIntegrationProps) {
                     componentConfig={{
                       activeOption: [
                         {
-                          id: data?.references?.[0]?.id,
-                          label: data?.references?.[0]?.name,
+                          id: data?.references?.[0]?.id ?? '',
+                          label: data?.references?.[0]?.name ?? '',
                         },
                       ],
                       fullWidth: true,
diff --git a/public/components/integrations/components/integration.tsx b/public/components/integrations/components/integration.tsx
index f8a299880c..07f831603b 100644
--- a/public/components/integrations/components/integration.tsx
+++ b/public/components/integrations/components/integration.tsx
@@ -18,6 +18,7 @@ import {
   EuiSpacer,
   EuiTab,
   EuiTabs,
+  EuiText,
 } from '@elastic/eui';
 import React, { ComponentType, useEffect, useState } from 'react';
 import { DataSourceSelectorProps } from '../../../../../../src/plugins/data_source_management/public/components/data_source_selector/data_source_selector';
@@ -174,6 +175,7 @@ export function Integration(props: AvailableIntegrationProps) {
         <EuiModalHeader>
           <EuiModalHeaderTitle>
             <h1>Select Data Source</h1>
+            <EuiText color="subdued">Select which data source to install sample data to</EuiText>
           </EuiModalHeaderTitle>
         </EuiModalHeader>
 
diff --git a/public/components/integrations/components/setup_integration_inputs.tsx b/public/components/integrations/components/setup_integration_inputs.tsx
index 2fd2402002..0794fc0383 100644
--- a/public/components/integrations/components/setup_integration_inputs.tsx
+++ b/public/components/integrations/components/setup_integration_inputs.tsx
@@ -34,7 +34,7 @@ const INTEGRATION_CONNECTION_DATA_SOURCE_TYPES: Map<
   [
     's3',
     {
-      title: 'Data Source',
+      title: 'Direct query connections',
       lower: 'data_source',
       help: 'Select a data source to pull the data from.',
     },
@@ -224,7 +224,7 @@ export function IntegrationConnectionInputs({
       {dataSourceEnabled && (
         <>
           <EuiCompressedFormRow
-            label="Data Source"
+            label="Open Source Connections"
             helpText="Select the type of remote data source to query from."
           >
             <DataSourceSelector
diff --git a/server/adaptors/integrations/__data__/repository/amazon_cloudfront/assets/example_queries-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/amazon_cloudfront/assets/example_queries-1.0.0.ndjson
index 8ed7ede7ad..6d405a6b15 100644
--- a/server/adaptors/integrations/__data__/repository/amazon_cloudfront/assets/example_queries-1.0.0.ndjson
+++ b/server/adaptors/integrations/__data__/repository/amazon_cloudfront/assets/example_queries-1.0.0.ndjson
@@ -1,8 +1,8 @@
-{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Top IPs by Request Count","query":"SELECT c_ip, COUNT(*) AS request_count FROM {table_name} GROUP BY c_ip ORDER BY request_count DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Top IPs by Request Count","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="}
-{"attributes":{"createdTimeMs":1713293044079,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Top Status by Count","query":"SELECT sc_status, COUNT(*) AS status_count FROM {table_name} GROUP BY sc_status ORDER BY status_count DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Top Status by Count","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0="}
-{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Number of Requests","query":"SELECT COUNT(*) AS request_count FROM {table_name};","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Number of Requests","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
-{"attributes":{"createdTimeMs":1713293161193,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Total Bytes Served","query":"SELECT SUM(sc_bytes) AS total_bytes_served FROM {table_name};","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Total Bytes Served","version":1},"id":"92398eb0-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:46:01.242Z","version":"WzI4MzEsMV0="}
-{"attributes":{"createdTimeMs":1713293269224,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Average Time Taken","query":"SELECT AVG(time_taken) AS average_time_taken FROM {table_name};","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Average Time Taken","version":1},"id":"d2a038a0-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:47:49.290Z","version":"WzI4MzIsMV0="}
-{"attributes":{"createdTimeMs":1713293425335,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Slow Requests from Average Time threshold","query":"WITH avg_time AS (SELECT AVG(time_to_first_byte) AS avg_time FROM {table_name}) SELECT * FROM {table_name} CROSS JOIN avg_time WHERE time_to_first_byte > 2 * avg_time LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Slow Requests from Average Time threshold","version":1},"id":"2fac4250-fc22-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:59:34.785Z","version":"WzI4MzQsMV0="}
-{"attributes":{"createdTimeMs":1713294061574,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Requests by User Agent","query":"SELECT * FROM {table_name} WHERE cs_user_agent LIKE '%Chrome%' LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Requests by User Agent","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0="}
+{"attributes":{"title":"Top IPs by Request Count","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT c_ip, COUNT(*) AS request_count FROM {table_name} GROUP BY c_ip ORDER BY request_count DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Top IPs by Request Count","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Top Status by Count","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT sc_status, COUNT(*) AS status_count FROM {table_name} GROUP BY sc_status ORDER BY status_count DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Top Status by Count","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Number of Requests","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT COUNT(*) AS request_count FROM {table_name};\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Number of Requests","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Total Bytes Served","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT SUM(sc_bytes) AS total_bytes_served FROM {table_name};\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Total Bytes Served","version":1},"id":"92398eb0-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:46:01.242Z","version":"WzI4MzEsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Average Time Taken","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT AVG(time_taken) AS average_time_taken FROM {table_name};\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Average Time Taken","version":1},"id":"d2a038a0-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:47:49.290Z","version":"WzI4MzIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Slow Requests from Average Time threshold","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"WITH avg_time AS (SELECT AVG(time_to_first_byte) AS avg_time FROM {table_name}) SELECT * FROM {table_name} CROSS JOIN avg_time WHERE time_to_first_byte > 2 * avg_time LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Slow Requests from Average Time threshold","version":1},"id":"2fac4250-fc22-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:59:34.785Z","version":"WzI4MzQsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Requests by User Agent","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT * FROM {table_name} WHERE cs_user_agent LIKE '%Chrome%' LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Requests by User Agent","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0=","workspaces":["C8yixd"]}
 {"exportedCount":7,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file
diff --git a/server/adaptors/integrations/__data__/repository/amazon_elb/assets/example_queries-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/amazon_elb/assets/example_queries-1.0.0.ndjson
index 6fd5889c7c..d63e465259 100644
--- a/server/adaptors/integrations/__data__/repository/amazon_elb/assets/example_queries-1.0.0.ndjson
+++ b/server/adaptors/integrations/__data__/repository/amazon_elb/assets/example_queries-1.0.0.ndjson
@@ -1,7 +1,7 @@
-{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Top IPs by Request Count","query":"SELECT client_ip, COUNT(*) AS request_count FROM {table_name} GROUP BY client_ip ORDER BY request_count DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Top IPs by Request Count","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="}
-{"attributes":{"createdTimeMs":1713293044079,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Top Status by Count","query":"SELECT elb_status_code, COUNT(*) AS status_count FROM {table_name} GROUP BY elb_status_code ORDER BY status_count DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Top Status by Count","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0="}
-{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Number of Requests","query":"SELECT COUNT(*) AS request_count FROM {table_name};","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Number of Requests","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
-{"attributes":{"createdTimeMs":1713293161193,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Total Bytes Served","query":"SELECT SUM(sent_bytes) AS total_bytes_served FROM {table_name};","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Total Bytes Served","version":1},"id":"92398eb0-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:46:01.242Z","version":"WzI4MzEsMV0="}
-{"attributes":{"createdTimeMs":1713293269224,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Average Time Taken","query":"SELECT AVG(request_processing_time) AS average_request_processing_time, AVG(target_processing_time) AS average_target_processing_time, AVG(response_processing_time) AS average_response_processing_time FROM {table_name};","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Average Time Taken","version":1},"id":"d2a038a0-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:47:49.290Z","version":"WzI4MzIsMV0="}
-{"attributes":{"createdTimeMs":1713294061574,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Requests by User Agent","query":"SELECT * FROM {table_name} WHERE user_agent LIKE '%Chrome%' LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Requests by User Agent","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0="}
+{"attributes":{"title":"Top IPs by Request Count","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT client_ip, COUNT(*) AS request_count FROM {table_name} GROUP BY client_ip ORDER BY request_count DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Top IPs by Request Count","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Top Status by Count","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT elb_status_code, COUNT(*) AS status_count FROM {table_name} GROUP BY elb_status_code ORDER BY status_count DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Top Status by Count","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Number of Requests","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT COUNT(*) AS request_count FROM {table_name};\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Number of Requests","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Total Bytes Served","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT SUM(sent_bytes) AS total_bytes_served FROM {table_name};\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Total Bytes Served","version":1},"id":"92398eb0-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:46:01.242Z","version":"WzI4MzEsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Average Time Taken","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT AVG(request_processing_time) AS average_request_processing_time, AVG(target_processing_time) AS average_target_processing_time, AVG(response_processing_time) AS average_response_processing_time FROM {table_name};\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Average Time Taken","version":1},"id":"d2a038a0-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:47:49.290Z","version":"WzI4MzIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Requests by User Agent","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT * FROM {table_name} WHERE user_agent LIKE '%Chrome%' LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Requests by User Agent","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0=","workspaces":["C8yixd"]}
 {"exportedCount":6,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file
diff --git a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/example_queries-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/example_queries-1.0.0.ndjson
index d4fa2ef553..e50075a50b 100644
--- a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/example_queries-1.0.0.ndjson
+++ b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/example_queries-1.0.0.ndjson
@@ -1,4 +1,4 @@
-{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"TopCommonErrorServicesQuery","query":"SELECT pkt_src_aws_service AS source_service, pkt_dst_aws_service AS destination_service, COUNT(*) AS error_count FROM {table_name} where log_status IN ('SKIPDATA', 'RETIREDDATA') GROUP BY pkt_src_aws_service, pkt_dst_aws_service ORDER BY error_count DESC LIMIT 10","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Top 10 pairs of errored source / destination services","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
-{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"HourAggRequestsAndBytes","query":"SELECT date_trunc('hour', FROM_UNIXTIME(CAST(IFNULL(start, 0) AS LONG))) AS interval_start_time, CAST(IFNULL(pkt_srcaddr, 'Unknown') AS STRING) AS `aws.vpc.pkt-src-aws-service`, CAST(IFNULL(srcaddr, '0.0.0.0') AS STRING) AS `aws.vpc.srcaddr`, CAST(IFNULL(pkt_dstaddr, 'Unknown') AS STRING) AS `aws.vpc.pkt-dst-aws-service`, CAST(IFNULL(dstaddr, '0.0.0.0') AS STRING) AS `aws.vpc.dstaddr`, CAST(IFNULL(action, 'Unknown') AS STRING) AS `aws.vpc.action`, CAST(IFNULL(region, 'Unknown') AS STRING) AS `aws.vpc.region`, CAST(IFNULL(account_id, 'Unknown') AS STRING) AS `aws.vpc.account-id`, CAST(IFNULL(log_status, 'Unknown') AS STRING) AS `aws.vpc.status_code`, CAST(IFNULL(flow_direction, 'Unknown') AS STRING) AS `aws.vpc.connection.direction`, COUNT(*) AS total_connections, SUM(CAST(IFNULL(bytes, 0) AS LONG)) AS total_bytes, SUM(CAST(IFNULL(packets, 0) AS LONG)) AS total_packets FROM `zero_etl_walkthrough`.`default`.`amazon_vpc_flow` GROUP BY date_trunc('hour', FROM_UNIXTIME(CAST(IFNULL(start, 0) AS LONG))), pkt_srcaddr, srcaddr, pkt_dstaddr, dstaddr, action, region, account_id, log_status, flow_direction","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Hour aggregation by requests and bytes sum ","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd9992c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
-{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"HourWindowTopIpByCardinality","query":" WITH hourly_buckets AS (SELECT date_trunc('hour', FROM_UNIXTIME(CAST(IFNULL(start, 0) AS LONG))) AS interval_start_time, CAST(IFNULL(dstaddr, '0.0.0.0') AS STRING) AS dstaddr, SUM(CAST(IFNULL(bytes, 0) AS LONG)) AS total_bytes FROM {table_name} GROUP BY interval_start_time, dstaddr), ranked_addresses AS (SELECT CAST(interval_start_time AS TIMESTAMP), dstaddr, total_bytes, RANK() OVER (PARTITION BY interval_start_time ORDER BY total_bytes DESC) AS bytes_rank FROM hourly_buckets) SELECT CAST(interval_start_time AS TIMESTAMP), dstaddr, total_bytes FROM ranked_addresses WHERE bytes_rank <= 50 ORDER BY interval_start_time ASC, bytes_rank ASC","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Hour window of top IP by cardinality ","version":1},"id":"9e6add40-fc1a-11ee-99c9-43e5dbd9992c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
+{"attributes":{"title":"Top 10 pairs of errored source / destination services","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT pkt_src_aws_service AS source_service, pkt_dst_aws_service AS destination_service, COUNT(*) AS error_count FROM {table_name} where log_status IN ('SKIPDATA', 'RETIREDDATA') GROUP BY pkt_src_aws_service, pkt_dst_aws_service ORDER BY error_count DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Top 10 pairs of errored source / destination services","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Hour aggregation by requests and bytes sum","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT date_trunc('hour', FROM_UNIXTIME(CAST(IFNULL(start, 0) AS LONG))) AS interval_start_time, CAST(IFNULL(pkt_srcaddr, 'Unknown') AS STRING) AS `aws.vpc.pkt-src-aws-service`, CAST(IFNULL(srcaddr, '0.0.0.0') AS STRING) AS `aws.vpc.srcaddr`, CAST(IFNULL(pkt_dstaddr, 'Unknown') AS STRING) AS `aws.vpc.pkt-dst-aws-service`, CAST(IFNULL(dstaddr, '0.0.0.0') AS STRING) AS `aws.vpc.dstaddr`, CAST(IFNULL(action, 'Unknown') AS STRING) AS `aws.vpc.action`, CAST(IFNULL(region, 'Unknown') AS STRING) AS `aws.vpc.region`, CAST(IFNULL(account_id, 'Unknown') AS STRING) AS `aws.vpc.account-id`, CAST(IFNULL(log_status, 'Unknown') AS STRING) AS `aws.vpc.status_code`, CAST(IFNULL(flow_direction, 'Unknown') AS STRING) AS `aws.vpc.connection.direction`, COUNT(*) AS total_connections, SUM(CAST(IFNULL(bytes, 0) AS LONG)) AS total_bytes, SUM(CAST(IFNULL(packets, 0) AS LONG)) AS total_packets FROM `zero_etl_walkthrough`.`default`.`amazon_vpc_flow` GROUP BY date_trunc('hour', FROM_UNIXTIME(CAST(IFNULL(start, 0) AS LONG))), pkt_srcaddr, srcaddr, pkt_dstaddr, dstaddr, action, region, account_id, log_status, flow_direction;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Hour aggregation by requests and bytes sum","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd9992c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Hour window of top IP by cardinality","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"WITH hourly_buckets AS (SELECT date_trunc('hour', FROM_UNIXTIME(CAST(IFNULL(start, 0) AS LONG))) AS interval_start_time, CAST(IFNULL(dstaddr, '0.0.0.0') AS STRING) AS dstaddr, SUM(CAST(IFNULL(bytes, 0) AS LONG)) AS total_bytes FROM {table_name} GROUP BY interval_start_time, dstaddr), ranked_addresses AS (SELECT CAST(interval_start_time AS TIMESTAMP), dstaddr, total_bytes, RANK() OVER (PARTITION BY interval_start_time ORDER BY total_bytes DESC) AS bytes_rank FROM hourly_buckets) SELECT CAST(interval_start_time AS TIMESTAMP), dstaddr, total_bytes FROM ranked_addresses WHERE bytes_rank <= 50 ORDER BY interval_start_time ASC, bytes_rank ASC;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Hour window of top IP by cardinality","version":1},"id":"9e6add40-fc1a-11ee-99c9-43e5dbd9992c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
 {"exportedCount":7,"missingRefCount":0,"missingReferences":[]}
diff --git a/server/adaptors/integrations/__data__/repository/apache/assets/example_queries-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/apache/assets/example_queries-1.0.0.ndjson
index 8e6bac9ad8..765ab8c960 100644
--- a/server/adaptors/integrations/__data__/repository/apache/assets/example_queries-1.0.0.ndjson
+++ b/server/adaptors/integrations/__data__/repository/apache/assets/example_queries-1.0.0.ndjson
@@ -1,6 +1,6 @@
-{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Top IPs by Request Count","query":"SELECT remote_addr, COUNT(*) AS request_count FROM {table_name} GROUP BY remote_addr ORDER BY request_count DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Top IPs by Request Count","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="}
-{"attributes":{"createdTimeMs":1713293044079,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Top Status by Count","query":"SELECT status, COUNT(*) AS status_count FROM {table_name} GROUP BY status ORDER BY status_count DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Top Status by Count","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0="}
-{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Number of Requests","query":"SELECT COUNT(*) AS request_count FROM {table_name};","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Number of Requests","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
-{"attributes":{"createdTimeMs":1713293161193,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Total Bytes Served","query":"SELECT SUM(body_bytes_sent) AS total_bytes_served FROM {table_name};","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Total Bytes Served","version":1},"id":"92398eb0-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:46:01.242Z","version":"WzI4MzEsMV0="}
-{"attributes":{"createdTimeMs":1713294061574,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Requests by User Agent","query":"SELECT * FROM {table_name} WHERE http_user_agent LIKE '%Chrome%' LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Requests by User Agent","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0="}
+{"attributes":{"title":"Top IPs by Request Count","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT remote_addr, COUNT(*) AS request_count FROM {table_name} GROUP BY remote_addr ORDER BY request_count DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Top IPs by Request Count","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Top Status by Count","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT status, COUNT(*) AS status_count FROM {table_name} GROUP BY status ORDER BY status_count DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Top Status by Count","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Number of Requests","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT COUNT(*) AS request_count FROM {table_name};\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Number of Requests","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Total Bytes Served","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT SUM(body_bytes_sent) AS total_bytes_served FROM {table_name};\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Total Bytes Served","version":1},"id":"92398eb0-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:46:01.242Z","version":"WzI4MzEsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Requests by User Agent","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT * FROM {table_name} WHERE http_user_agent LIKE '%Chrome%' LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Requests by User Agent","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0=","workspaces":["C8yixd"]}
 {"exportedCount":5,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file
diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-1.0.0.ndjson
index 8a26da4c8e..f7de9f4220 100644
--- a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-1.0.0.ndjson
+++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-1.0.0.ndjson
@@ -1,5 +1,5 @@
-{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"CloudTrail_Error_and_No_MFA_Events","query":"SELECT userIdentity.type, userIdentity.principalId, userIdentity.accountId, userIdentity.userName, eventName, eventType, eventId, awsRegion, sourceIPAddress, errorCode, errorMessage, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} WHERE errorCode IS NOT NULL AND userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"CloudTrail Error & No MFA Events","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="}
-{"attributes":{"createdTimeMs":1713293044079,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Recent_Security_Risk_Events","query":"SELECT userIdentity.userName, eventName, awsRegion, sourceIPAddress, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name}  WHERE sourceIPAddress NOT LIKE '192.168.%.%' ORDER BY event_timestamp DESC LIMIT 50;\n","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Recent Security Risk Events","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0="}
-{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Number_recent_Security_issues","query":"SELECT userIdentity.userName, eventName, awsRegion, sourceIPAddress, errorCode, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} WHERE errorCode IS NOT NULL AND userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 5;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Number of recent Security issues","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
-{"attributes":{"createdTimeMs":1713290175174,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Critical_Resource_Access_Events","query":"SELECT userIdentity.userName, eventName, awsRegion, sourceIPAddress, resources, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} WHERE (eventName LIKE '%Modify%' OR eventName LIKE '%Delete%' OR eventName LIKE '%Put%' OR eventName LIKE '%Post%') ORDER BY event_timestamp DESC LIMIT 10;\n","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Critical Resource Access Events","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692d","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
+{"attributes":{"title":"CloudTrail Error & No MFA Events","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT userIdentity.type, userIdentity.principalId, userIdentity.accountId, userIdentity.userName, eventName, eventType, eventId, awsRegion, sourceIPAddress, errorCode, errorMessage, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} WHERE errorCode IS NOT NULL AND userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"CloudTrail Error & No MFA Events","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Recent Security Risk Events","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT userIdentity.userName, eventName, awsRegion, sourceIPAddress, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name}  WHERE sourceIPAddress NOT LIKE '192.168.%.%' ORDER BY event_timestamp DESC LIMIT 50;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Recent Security Risk Events","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Number of recent Security issues","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT userIdentity.userName, eventName, awsRegion, sourceIPAddress, errorCode, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} WHERE errorCode IS NOT NULL AND userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 5;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Number of recent Security issues","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Critical Resource Access Events","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT userIdentity.userName, eventName, awsRegion, sourceIPAddress, resources, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} WHERE (eventName LIKE '%Modify%' OR eventName LIKE '%Delete%' OR eventName LIKE '%Put%' OR eventName LIKE '%Post%') ORDER BY event_timestamp DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Critical Resource Access Events","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692d","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
 {"exportedCount":7,"missingRefCount":0,"missingReferences":[]}
diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-records-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-records-1.0.0.ndjson
index 42e5338de9..1bd07ec071 100644
--- a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-records-1.0.0.ndjson
+++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-records-1.0.0.ndjson
@@ -1,5 +1,5 @@
-{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"CloudTrail_Error_and_No_MFA_Events","query":"SELECT rec.userIdentity.type, rec.userIdentity.principalId, rec.userIdentity.accountId, rec.userIdentity.userName, rec.eventName, rec.eventType, rec.eventId, rec.awsRegion, rec.sourceIPAddress, rec.errorCode, rec.errorMessage, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.errorCode IS NOT NULL AND rec.userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"CloudTrail Error & No MFA Events","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="}
-{"attributes":{"createdTimeMs":1713293044079,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Recent_Security_Risk_Events","query":"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name}  LATERAL VIEW explode(Records) myTable AS rec WHERE rec.sourceIPAddress NOT LIKE '192.168.%.%' ORDER BY event_timestamp DESC LIMIT 50;\n","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Recent Security Risk Events","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0="}
-{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Number_recent_Security_issues","query":"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, rec.errorCode, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.errorCode IS NOT NULL AND rec.userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 5;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Number of recent Security issues","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
-{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Critical_Resource_Access_Events","query":"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, rec.resources, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE (rec.eventName LIKE '%Modify%' OR rec.eventName LIKE '%Delete%' OR rec.eventName LIKE '%Put%' OR rec.eventName LIKE '%Post%') ORDER BY event_timestamp DESC LIMIT 10;\n","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Critical Resource Access Events","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692d","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
+{"attributes":{"title":"CloudTrail Error & No MFA Events","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT rec.userIdentity.type, rec.userIdentity.principalId, rec.userIdentity.accountId, rec.userIdentity.userName, rec.eventName, rec.eventType, rec.eventId, rec.awsRegion, rec.sourceIPAddress, rec.errorCode, rec.errorMessage, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.errorCode IS NOT NULL AND rec.userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"CloudTrail Error & No MFA Events","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Recent Security Risk Events","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.sourceIPAddress NOT LIKE '192.168.%.%' ORDER BY event_timestamp DESC LIMIT 50;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Recent Security Risk Events","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Number of recent Security issues","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, rec.errorCode, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.errorCode IS NOT NULL AND rec.userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 5;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Number of recent Security issues","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Critical Resource Access Events","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, rec.resources, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE (rec.eventName LIKE '%Modify%' OR rec.eventName LIKE '%Delete%' OR rec.eventName LIKE '%Put%' OR rec.eventName LIKE '%Post%') ORDER BY event_timestamp DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Critical Resource Access Events","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692d","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
 {"exportedCount":7,"missingRefCount":0,"missingReferences":[]}
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/assets/example_queries-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_waf/assets/example_queries-1.0.0.ndjson
index 9cab495ca7..e64e477748 100644
--- a/server/adaptors/integrations/__data__/repository/aws_waf/assets/example_queries-1.0.0.ndjson
+++ b/server/adaptors/integrations/__data__/repository/aws_waf/assets/example_queries-1.0.0.ndjson
@@ -1,3 +1,3 @@
-{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Allowed Web Access Logs","query":"SELECT `timestamp` as event_timestamp, `webaclId`, `action`, `httpSourceName`, `httpRequest`.clientIp, `httpRequest`.country, `httpRequest`.uri, `httpRequest`.httpMethod, `httpRequest`.requestId FROM {table_name} WHERE `action` = 'ALLOW' ORDER BY event_timestamp DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Allowed Web Access Logs","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="}
-{"attributes":{"createdTimeMs":1713293269224,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Regular TerminatingRule WebACLs Limited","query":"SELECT `webaclId` FROM {table_name} WHERE `terminatingRuleType` = 'REGULAR' LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Regular TerminatingRule WebACLs Limited","version":1},"id":"d2a038a0-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:47:49.290Z","version":"WzI4MzIsMV0="}
-{"attributes":{"createdTimeMs":1713294061574,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Allowed Actions WebACLs","query":"SELECT `webaclId`, `action` FROM {table_name} WHERE `action` = 'ALLOW' LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Allowed Actions WebACLs","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0="}
+{"attributes":{"title":"Allowed Web Access Logs","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT `timestamp` as event_timestamp, `webaclId`, `action`, `httpSourceName`, `httpRequest`.clientIp, `httpRequest`.country, `httpRequest`.uri, `httpRequest`.httpMethod, `httpRequest`.requestId FROM {table_name} WHERE `action` = 'ALLOW' ORDER BY event_timestamp DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Allowed Web Access Logs","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Regular TerminatingRule WebACLs Limited","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT `webaclId` FROM {table_name} WHERE `terminatingRuleType` = 'REGULAR' LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Regular TerminatingRule WebACLs Limited","version":1},"id":"d2a038a0-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:47:49.290Z","version":"WzI4MzIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Allowed Actions WebACLs","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT `webaclId`, `action` FROM {table_name} WHERE `action` = 'ALLOW' LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Allowed Actions WebACLs","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0=","workspaces":["C8yixd"]}
\ No newline at end of file
diff --git a/server/adaptors/integrations/__data__/repository/nginx/assets/example_queries-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/nginx/assets/example_queries-1.0.0.ndjson
index 8e6bac9ad8..765ab8c960 100644
--- a/server/adaptors/integrations/__data__/repository/nginx/assets/example_queries-1.0.0.ndjson
+++ b/server/adaptors/integrations/__data__/repository/nginx/assets/example_queries-1.0.0.ndjson
@@ -1,6 +1,6 @@
-{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Top IPs by Request Count","query":"SELECT remote_addr, COUNT(*) AS request_count FROM {table_name} GROUP BY remote_addr ORDER BY request_count DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Top IPs by Request Count","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="}
-{"attributes":{"createdTimeMs":1713293044079,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Top Status by Count","query":"SELECT status, COUNT(*) AS status_count FROM {table_name} GROUP BY status ORDER BY status_count DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Top Status by Count","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0="}
-{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Number of Requests","query":"SELECT COUNT(*) AS request_count FROM {table_name};","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Number of Requests","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="}
-{"attributes":{"createdTimeMs":1713293161193,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Total Bytes Served","query":"SELECT SUM(body_bytes_sent) AS total_bytes_served FROM {table_name};","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Total Bytes Served","version":1},"id":"92398eb0-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:46:01.242Z","version":"WzI4MzEsMV0="}
-{"attributes":{"createdTimeMs":1713294061574,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Requests by User Agent","query":"SELECT * FROM {table_name} WHERE http_user_agent LIKE '%Chrome%' LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Requests by User Agent","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0="}
+{"attributes":{"title":"Top IPs by Request Count","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT remote_addr, COUNT(*) AS request_count FROM {table_name} GROUP BY remote_addr ORDER BY request_count DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Top IPs by Request Count","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Top Status by Count","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT status, COUNT(*) AS status_count FROM {table_name} GROUP BY status ORDER BY status_count DESC LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Top Status by Count","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Number of Requests","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT COUNT(*) AS request_count FROM {table_name};\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Number of Requests","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Total Bytes Served","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT SUM(body_bytes_sent) AS total_bytes_served FROM {table_name};\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Total Bytes Served","version":1},"id":"92398eb0-fc21-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T18:46:01.242Z","version":"WzI4MzEsMV0=","workspaces":["C8yixd"]}
+{"attributes":{"title":"Requests by User Agent","description":"","hits":0,"columns":["_source"],"sort":[],"version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"SELECT * FROM {table_name} WHERE http_user_agent LIKE '%Chrome%' LIMIT 10;\",\"language\":\"SQL\",\"dataset\":{\"id\":\"2e1b1b80-9c4d-11ee-8c90-0242ac120001\",\"title\":\"mys3.default.table1\",\"type\":\"s3glue\",\"dataSource\":{\"id\":\"3f2a1e1c-9c4d-11ee-8c90-0242ac120002\",\"name\":\"mys3\",\"type\":\"EXTERNAL\"}}},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"timestamp\",\"calendar_interval\":\"1w\",\"time_zone\":\"America/Los_Angeles\",\"min_doc_count\":1}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}"},"title":"Requests by User Agent","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","migrationVersion":{"search":"7.9.3"},"type":"search","references":[],"updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0=","workspaces":["C8yixd"]}
 {"exportedCount":5,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file
diff --git a/server/adaptors/integrations/integrations_builder.ts b/server/adaptors/integrations/integrations_builder.ts
index 033acf5805..c908d2e2fe 100644
--- a/server/adaptors/integrations/integrations_builder.ts
+++ b/server/adaptors/integrations/integrations_builder.ts
@@ -46,7 +46,13 @@ export class IntegrationInstanceBuilder {
       return Promise.reject(assets.error);
     }
     const remapped = this.remapIDs(this.getSavedObjectBundles(assets.value, options.workflows));
-    const withDataSource = this.remapDataSource(remapped, options.indexPattern);
+    const assets1 = this.addMDSReference(
+      remapped,
+      options.dataSource,
+      options.dataSourceMDSId,
+      options.dataSourceMDSLabel
+    );
+    const withDataSource = this.remapDataSource(assets1, options.indexPattern);
     const withSubstitutedQueries = this.substituteQueries(
       withDataSource,
       options.dataSource,
@@ -57,6 +63,44 @@ export class IntegrationInstanceBuilder {
     return builtInstance;
   }
 
+  substituteSavedSearch(
+    assets: SavedObject[],
+    dataSource?: string,
+    tableName?: string
+  ): SavedObject[] {
+    if (!dataSource || !tableName) {
+      return assets;
+    }
+
+    assets = assets.map((asset) => {
+      if (asset.type === 'search') {
+        const searchSourceMeta = asset.attributes.kibanaSavedObjectMeta.searchSourceJSON;
+        let searchSource;
+
+        try {
+          searchSource = JSON.parse(searchSourceMeta);
+        } catch (error) {
+          console.error('Invalid JSON in searchSourceJSON:', error);
+          return asset;
+        }
+
+        if (searchSource.query?.query && searchSource.query.language === 'SQL') {
+          searchSource.query.query = searchSource.query.query.replaceAll('{table_name}', tableName);
+        }
+
+        if (searchSourceMeta.dataset.type === 's3glue') {
+          asset.attributes.title = `${dataSource}.default.${tableName}`;
+        }
+
+        asset.attributes.kibanaSavedObjectMeta.searchSourceJSON = JSON.stringify(searchSource);
+      }
+
+      return asset;
+    });
+
+    return assets;
+  }
+
   // If we have a data source or table specified, hunt for saved queries and update them with the
   // new DS/table.
   substituteQueries(assets: SavedObject[], dataSource?: string, tableName?: string): SavedObject[] {
@@ -157,6 +201,62 @@ export class IntegrationInstanceBuilder {
     });
   }
 
+  addMDSReference(
+    assets: SavedObject[],
+    dataSource?: string,
+    dataSourceMDSId?: string,
+    dataSourceMDSLabel?: string
+  ): SavedObject[] {
+    if (!dataSource) {
+      return assets;
+    }
+    return assets.map((asset) => {
+      // Check if the asset type is 'index-pattern' or if the title contains 'Timeline' visualization
+      if (
+        asset?.type &&
+        (asset.type === 'index-pattern' ||
+          (asset.type === 'visualization' && asset.attributes.visState.type === 'timelion'))
+      ) {
+        const dataSourceIndex = asset.references.findIndex((ref) => ref.type === 'data-source');
+
+        if (dataSourceIndex !== -1) {
+          // If a data-source reference exists, update it
+          asset.references[dataSourceIndex] = {
+            id: dataSourceMDSId ?? '',
+            name: dataSourceMDSLabel ?? 'Local cluster',
+            type: 'data-source',
+          };
+        } else {
+          // If no data-source reference exists, add a new one
+          asset.references.push({
+            id: dataSourceMDSId ?? '',
+            name: dataSourceMDSLabel ?? 'Local cluster',
+            type: 'data-source',
+          });
+        }
+      }
+
+      if (asset.type === 'search') {
+        if (asset?.attributes?.kibanaSavedObjectMeta?.searchSourceJSON) {
+          const searchSourceJSON = JSON.parse(
+            asset.attributes.kibanaSavedObjectMeta.searchSourceJSON
+          );
+
+          if (searchSourceJSON?.query?.dataset?.dataSource) {
+            searchSourceJSON.query.dataset.dataSource.id = dataSourceMDSId ?? '';
+            searchSourceJSON.query.dataset.dataSource.name = dataSourceMDSLabel ?? 'Local cluster';
+            searchSourceJSON.query.dataset.dataSource.type = 'data-source';
+          }
+
+          asset.attributes.kibanaSavedObjectMeta.searchSourceJSON = JSON.stringify(
+            searchSourceJSON
+          );
+        }
+      }
+
+      return asset;
+    });
+  }
   async postAssets(assets: SavedObjectsBulkCreateObject[]): Promise<AssetReference[]> {
     try {
       const response = await this.client.bulkCreate(assets);
@@ -198,8 +298,8 @@ export class IntegrationInstanceBuilder {
     if (options.dataSourceMDSId) {
       instance.references = [
         {
-          id: options.dataSourceMDSId,
-          name: options.dataSourceMDSLabel,
+          id: options.dataSourceMDSId || '',
+          name: options.dataSourceMDSLabel || 'Local cluster',
           type: 'data-source',
         },
       ];