Changed descriptions and timespan

queries/AuditKeyValues.yaml

@@ -1,14 +1,15 @@
 name: AuditKeyValues
+description: "Parses the field AuditKeyValues array to key=value fields"
 visualization:
   options:
     columns: '[{"type":"field","fieldName":"@timestamp","width":210},{"type":"field","fieldName":"@rawstring"}]'
-    newestAtBottom: 'true'
-    showOnlyFirstLine: 'false'
+    newestAtBottom: "true"
+    showOnlyFirstLine: "false"
   type: list-view
 $schema: https://schemas.humio.com/query/v0.1.0
 timeInterval:
   isLive: false
-  start: 1y
+  start: 1d
 queryString: |-
   writeJson(AuditKeyValues, as=_json)
   | replace(field=_json, as=_json, regex="(^\\{\"AuditKeyValues\":\\[)|(\\]\\}$)|(\\\"Key\\\":)|(,\\\"ValueString\\\")", with="")

queries/DetectionURL.yaml

@@ -1,14 +1,15 @@
 name: DetectionURL
+description: "Create link to detection based on detection id"
 visualization:
   options:
     columns: '[{"type":"field","fieldName":"@timestamp","width":210},{"type":"field","fieldName":"@rawstring"}]'
-    newestAtBottom: 'true'
-    showOnlyFirstLine: 'false'
+    newestAtBottom: "true"
+    showOnlyFirstLine: "false"
   type: list-view
 $schema: https://schemas.humio.com/query/v0.1.0
 timeInterval:
   isLive: false
-  start: 24h
+  start: 1d
 queryString: |-
   "falcon.detection" := replace("^ldt:([0-9a-f]{32}):(.*)", with="$1/$2", field="detection_id")
   | "falcon.detection_url" := format("%s/activity/detections/detail/%s?_cid=%s", field=[falcon.url, falcon.detection, #cid])