How can I search for an event x, only when preceded or followed by event y? I.e., I only want x when y is immediately adjacent.
I think you'll want to use the transaction command. You can use the "startswith", "endswith", and "maxevents" options to further customize the query. Here's one example for event X followed by event Y.
... | transaction startswith="event x" endswith="event y" maxevents=2
You could then use an append to get the transactions with event Y before event X if you want to keep the whole process as just one search. However, this will cause a dramatic slowdown since the subsearch requires a second pass; I would recommend avoiding the following if high performance is an important goal.
... | transaction startswith="event x" endswith="event y" maxevents=2 | append [search <your search here> | transaction startswith="event y" endswith="event x" maxevents=2]
Does this help answer your question?