I have not personally used splunk, but I'm told that it has a feature where if one performs a log search and gets a hit, splunk will show N logs before and N logs after the query result. Can I do the same in Kibana? If so how? I have the ELK stack. Thanks!
We've built a "raw log viewer" type of plugin that is planned on doing similar.
If you are feeling ambitious you could build out the plugin to do this pretty quickly. Lots of copy/paste from the Discover plugin then when a user clicks a result (or a button near the result) just focus the results to a time period based on that item. Of course this assumes time based logs, not just documents.
Some exciting progress has been made on this, if either of you are interested in tracking the progress on GitHub, here's the work-in-progress pull request https://github.com/elastic/kibana/pull/9198
Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.