It will be great if after you run a search in UI, you could select an event and ( by right clicking for instance) you could open a "show source window" displaying the raw data for the event you selected and some surrounding events.
To implement this feature we only need to manage a sequence for each source and use it as id field in elasticsearch. Then we could use this sequence to ask elasticsearch for surrounding event_id ( event_id-20 TO event_id+20 for instance)
The raw data for the event is already in the page. The event drill-down dialog that pops up when you click on an event is generated from that data.
Probably easy to add in a 'show raw data' feature as well. In the meantime, you can right click -> inspect element to see the raw event embedded in the html as a data attribute.
I agree, the raw data is already there, but i would like to see some surrounding events (from the source).
For example, if i do a search with "OutOfMemoryError", I should see some events matching "outOfMemoryError". if i select one specific event,I would like to see the source data flow where this event has occured to see what happened just after and before that helps me investigate the problem. (like Splunk "view source" feature).
Oh I see, I didn't see your request for 'surrounding events'.
Makes sense, should be easy to add a 'show nearby events' - I think 'nearby' could be defined as "near the same timestamp + some conditions" where the conditions could be specified by the user (with the help from the UI, hopefully). Example conditions:
Show me nearby events from the same log source (file on a host, whatever)
Show me nearby events from the same log type; ie show me all nearby mysql events
Could be exciting and really help travel around in the logs.
No work will be done on the current logstash-web and will be replaced by Kibana ( www.kibana.org )
Currently there are 2 options.
1) Wait until Kibana is runnable from logstash.
2) Run kibana your self.
If this request is still valid please contact the creator of Kibana.