splunk query neighboring events
you should be able to -A or -B (but not both) using the transaction commandequivalent of -B .... | transaction endswith=(<search that matches the event of interest>) maxevents=<number of events in txn>equivalent of -A.... | transaction startswith=(<search that matches the event of interest>) maxevents=<number of events in txn>
see my example, it works very well.
Senior Software Engineer At Actuate
jsdom 