Hi all,
I'll describe what I'd like to achieve, and appreciate your views on if it makes sense!
We're using ELK for log aggregation and analysis. We ingest multiple log files in real time from multiple servers. One of the main use cases for our users is to search for (say) a customer id, and then they want to focus in on the surrounding events in the specific log file that originate from.
So, to achieve the above use case currently, what our users do is (in Discover) run their search to find a document they are interested in, then expand that and add filters to match our server name field and our log file name field, to see only events from that particular file. (This is an overly simple example - they generally have to add a few more filters than that, and the types of filters vary for different user groups depending on the data they look at).
I'd like them to be able to achieve the above using the "View Surrounding Documents". The way i envisage this working is that in the definition of an index pattern, there'd be a way of defining the field(s) that provide context for a document. E.g. we'd specify "serverName" as a context field, and then on a click of "View Surrounding Documents", Kibana would switch to the context view as currently, but would also automatically apply a filter on field "serverName" to match the value of the field in the original document.
Does this sound sensible, or is a crazy idea? 
Thanks
- Adrian