Hi All, I'm pretty new to Splunk so forgive me if this is an easy question. I'm trying to figure out how to a) search for an event and then b) search for different events that happened before/after the event. For example, I want to search failed logins for a certain account, and then try to find other login events for that host 5 mins before and after. I can figure out how to search for the events individually, but don't know how to combine them and then format them into something like a table. So my first search would be: index="wineventlog" EventCode=4768 Result_Code=0x6 And the second search would be based on the first search, but for a different event code: search index="wineventlog" EventCode=4624 | "filter by the results of the first search 5 mins before/after each event" Eventually I'd want to get to a table similar to this: Time                                  Event                                  Supporting Events Jan 18 @ 10:01am    Event 1                               Jan 18 @ 10:03am              Event 1a                                                                                          Jan 18 @ 10:02am              Event 1b Jan 17 @ 7:33am       Event 2                              Jan 17 @ 7:35am                 Event 2a                                                                                         Jan 17 @ 7:32am                 Event 2b ect...etc... Thanks! ... View more