Showing Events in Context

Select the Show in context option from the three-dot menu next to an event to get a detailed view of that single event, or find the selected event and surrounding events in another context.

Show in Context

Figure 59. Show in Context

The option allows you to search for matching values using the checkboxes, and then selecting the time interval at the bottom (see figure below). You can also search for a specific field if the list of available fields exceeds the size of the dialog:

Find a Selected Event in Context

Figure 60. Find a Selected Event in Context

The dialog box will show the list of fields for the selected event and enable you to search for similar events using the values selected from this box. To search for similar events:

  • Search for and select fields to be used as the basis for the new search. The values chosen here will be used to create a new search that searches for these fields and exact values.

  • Select the interval, either:

    • Plus or minus 10 minutes around the timestamp of the current event

    • Use the time interval for the current search that returned this event

Once you've selected the new search options, click the Search to start a new search that will look for the field/value combinations selected across the selected time range.

Show in context can be used in cases where you find a specific value and then want to look for that same field/value combination around the same timespan, for example to identify when the same error occurred, or if someone has tried the same security attack in a short period of time.

Similar results can be obtained using the around object in queries to return the events around a reference event, see Pagination of Results for more information.