I am using Kibana for log analysis. During the analysis i apply filters on loggers, threads etc., but then i can't see the unfiltered elements anymore. Any further investigation is complicated.
Therefore, answering the question "What happend in range of 1min where logger is blabla?" or "What happend before 1min where thread is blabla?" is very, very difficult.
Example Scenario
- An error occoured at 2016-02-25 10:00am, loggername is "org.a.common.logger", thread "worker-10"
- Doing the filtering Kibana shows only a this single log entry
- "What the heck is going on"?, "I've to look what happend before 10:00am, same thread"
- Entering complex search expression...
- "Damn i can't find my error anymore"...
Featurerequest: advanced filtering for log-context
- Provide simple way to get further logentries based on the selected log entry
- Filtering should be timebased and contextbased using the visible fields
- The filter should answer the question "What happend [before|after|in range of] ...[intverval] where [field] is [current value]"
What do you think?
Best wishes,
Philipp