Here is a runanywhere example demonstrating a technique for finding events either side of acc 9045

| makeresults count=100 
| streamstats count as row
| eval acc=9045 + random()%10
``` the lines above set up some dummy data ```
| eval flag=if(acc=9045,1,null()) ``` flag the events you are interested in ```
| streamstats count(flag) as after reset_before=acc=9045 ``` count the flags - all this really does is set field to zero until the first flag, and to one from the first flag ```
| streamstats sum(after) as after reset_before=acc=9045 ``` sum the previous ones to give a running count - reset count when the event you are interested in appears ```
| reverse ``` reverse the pipeline to count in the opposite direction ```
| streamstats count(flag) as before reset_before=acc=9045 ``` count the flags - all this really does is set field to zero until the first flag, and to one from the first flag ```
| streamstats sum(before) as before reset_before=acc=9045 ``` sum the previous ones to give a running count - reset count when the event you are interested in appears ```
| where before==1 OR before==2 OR after==2 ``` keep events either side of the events of interest ```

Hi

Maybe not what you are looking for, but one way to try to find events just before and after selected events is just search and select Time field. That opens on pop up where you can set some time values for next search. But remember that if you have some earliest/latest on cmd line then those override this settings.

r. Ismo

Yes I mean events before and after in the event pipeline