Showing Events in Context
Click the ⋮ icon next to an event result and select the option to get a detailed view of that single event, or find the selected event and surrounding events in another context.
Figure 59. Show in Context
The option allows you to search for matching values using the checkboxes in the Find event dialog box, and then selecting the time interval at the bottom (see figure below). You can also search for a specific field in case the list of available fields exceeds the size of the dialog.
Figure 60. Find a Selected Event in Context
The Find event dialog box will show the list of fields for the selected event and enable you to search for similar events using the values selected from this box.
To search for similar events:
Search for and select fields to be used as the basis for the new search. The values chosen here will be used to create a new search that searches for these fields and exact values.
Select the interval, either:
Plus or minus 10 minutes around the timestamp of the current event
Use the time interval for the current search that returned this event
Once you have selected the new search options, click
to start a new search that will look for the field/value combinations selected across the selected time range.
The option can be used in cases where you find a specific value and then want to look for that same field/value combination around the same timespan, for example to identify when the same error occurred, or if someone has tried the same security attack in a short period of time.
Similar results can be obtained using the
around
object in queries
to return the events around a reference event. See
Pagination of Results for more information.