Hello,
When I search for some events (i.e index=main *password fail
), I want to get the events with two lines before and after from source. In this way, it will help me to analyze why it happened. I know the way to go to > then Event action > show source option. But I want to get those details in my search result itself?
You can find some approaches here: http://answers.splunk.com/answers/76663/splunk-equivalent-of-grep-a-and-grep-b.html