Databases Reference
In-Depth Information
Building a workflow action to show field
context
Show Source
is available as a workflow action on all events. When chosen, it
runs a query that finds events around the current event for the same
source
and
host
. While this is very useful, sometimes it would be nice to see events that have
something else in common besides
source
, and to see those events in the regular
search interface, complete with the timeline and field picker.
To accomplish this, we will make a workflow action and macro that work in tandem
to build the appropriate query. This example is fairly advanced, so don't be alarmed
if it doesn't make a lot of sense.
Building the context workflow action
First, let's build our workflow action. As before, make a workflow action with
Action
type
set to
search
.
Search WWH ::
Custom Search