Skip to main content
Sumo Logic

Search Surrounding Messages

Surrounding messages allow you to investigate events surrounding a message from the context of the Host, file name, or category identified enabling you to view the activity for the defined time period.

As you browse results in the Messages list, you might come across a message where you would like to see more context. What other events occurred just before and after this event? What else was happening on this host at the same time? When you search surrounding messages, you capture the context of the current message to gain insight into surrounding activity.

After you launch a search on surrounding messages, the target message (the message from where you originated the search on surrounding messages) is highlighted in blue to help you keep your place.

To search surrounding messages:

  1. For any message in the Messages tab, select the down-arrow next to one of the following:
  • _sourceHost. Matches messages based on the same system host.
  • _sourceName. Matches messages from the same file path AND the same host.
  • _sourceCategory. Matches messages based on the same user-created metadata.

  1. Select the time range to search before and after the selected message. Choose one minute, five minutes, or ten minutes. In this example, search will return messages for a ten minute time range (five minutes before, and five minutes after) from the same host and file path as the selected message.

A new search tab opens displaying the surrounding messages. Your position in the log file is highlighted:

If you lose your place, you can always click Show Original Message to return to the highlighted message.

When you modify the results with surrounding messages, the search query is modified with the new time range and the host, path, or category appended to the keyword expression.