diff --git a/Cargo.toml b/Cargo.toml
index 503132c85f507..5d01e3d2d0414 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -671,6 +671,7 @@ transforms-logs = [
   "transforms-aws_ec2_metadata",
   "transforms-dedupe",
   "transforms-filter",
+  "transforms-window",
   "transforms-log_to_metric",
   "transforms-lua",
   "transforms-metric_to_log",
@@ -696,6 +697,7 @@ transforms-aggregate = []
 transforms-aws_ec2_metadata = ["dep:arc-swap"]
 transforms-dedupe = ["transforms-impl-dedupe"]
 transforms-filter = []
+transforms-window = []
 transforms-log_to_metric = []
 transforms-lua = ["dep:mlua", "vector-lib/lua"]
 transforms-metric_to_log = []
diff --git a/changelog.d/window-transform.feature.md b/changelog.d/window-transform.feature.md
new file mode 100644
index 0000000000000..b3f366108c625
--- /dev/null
+++ b/changelog.d/window-transform.feature.md
@@ -0,0 +1,5 @@
+Add a new `window` transform, a variant of ring buffer or backtrace logging implemented as a sliding window.
+Allows for reduction of log volume by filtering out logs when the system is healthy, but preserving detailed
+logs when they are most relevant.
+
+authors: ilinas
diff --git a/src/internal_events/mod.rs b/src/internal_events/mod.rs
index 47e67943aeb07..52c5cafb7a6e7 100644
--- a/src/internal_events/mod.rs
+++ b/src/internal_events/mod.rs
@@ -129,6 +129,8 @@ mod unix;
 mod websocket;
 #[cfg(feature = "sinks-websocket-server")]
 mod websocket_server;
+#[cfg(feature = "transforms-window")]
+mod window;
 
 #[cfg(any(
     feature = "sources-file",
@@ -265,6 +267,8 @@ pub(crate) use self::unix::*;
 pub(crate) use self::websocket::*;
 #[cfg(feature = "sinks-websocket-server")]
 pub(crate) use self::websocket_server::*;
+#[cfg(feature = "transforms-window")]
+pub(crate) use self::window::*;
 #[cfg(windows)]
 pub(crate) use self::windows::*;
 pub use self::{
diff --git a/src/internal_events/window.rs b/src/internal_events/window.rs
new file mode 100644
index 0000000000000..5b2f666edcb11
--- /dev/null
+++ b/src/internal_events/window.rs
@@ -0,0 +1,14 @@
+use vector_lib::internal_event::{ComponentEventsDropped, Count, Registered, INTENTIONAL};
+
+vector_lib::registered_event!(
+    WindowEventsDropped => {
+        events_dropped: Registered<ComponentEventsDropped<'static, INTENTIONAL>>
+            = register!(ComponentEventsDropped::<INTENTIONAL>::from(
+                "The buffer was full"
+            )),
+    }
+
+    fn emit(&self, data: Count) {
+        self.events_dropped.emit(data);
+    }
+);
diff --git a/src/transforms/mod.rs b/src/transforms/mod.rs
index ea3e9aa163afe..0247897ee295a 100644
--- a/src/transforms/mod.rs
+++ b/src/transforms/mod.rs
@@ -29,6 +29,8 @@ pub mod route;
 pub mod tag_cardinality_limit;
 #[cfg(feature = "transforms-throttle")]
 pub mod throttle;
+#[cfg(feature = "transforms-window")]
+pub mod window;
 
 pub use vector_lib::transform::{
     FunctionTransform, OutputBuffer, SyncTransform, TaskTransform, Transform, TransformOutputs,
diff --git a/src/transforms/window/config.rs b/src/transforms/window/config.rs
new file mode 100644
index 0000000000000..21a2a5d36cafc
--- /dev/null
+++ b/src/transforms/window/config.rs
@@ -0,0 +1,94 @@
+use vector_lib::config::{clone_input_definitions, LogNamespace};
+use vector_lib::configurable::configurable_component;
+
+use crate::{
+    conditions::AnyCondition,
+    config::{
+        DataType, GenerateConfig, Input, OutputId, TransformConfig, TransformContext,
+        TransformOutput,
+    },
+    schema,
+    transforms::Transform,
+};
+
+use super::transform::Window;
+
+/// Configuration for the `window` transform.
+#[configurable_component(transform(
+    "window",
+    "Apply a buffered sliding window over the stream of events and flush it based on supplied criteria"
+))]
+#[derive(Clone, Debug)]
+#[serde(deny_unknown_fields)]
+pub struct WindowConfig {
+    /// A condition used to pass events through the transform without buffering.
+    ///
+    /// If the condition resolves to `true` for an event, the event is immediately forwarded without
+    /// buffering and without preserving the original order of events. Use with caution if the sink
+    /// cannot handle out of order events.
+    pub forward_when: Option<AnyCondition>,
+
+    /// A condition used to flush the events.
+    ///
+    /// If the condition resolves to `true` for an event, the whole window is immediately flushed,
+    /// including the event itself, and any following events if `num_events_after` is more than zero.
+    pub flush_when: AnyCondition,
+
+    /// The maximum number of events to keep before the event matched by the `flush_when` condition.
+    #[serde(default = "default_events_before")]
+    pub num_events_before: usize,
+
+    /// The maximum number of events to keep after the event matched by the `flush_when` condition.
+    #[serde(default = "default_events_after")]
+    pub num_events_after: usize,
+}
+
+impl GenerateConfig for WindowConfig {
+    fn generate_config() -> toml::Value {
+        toml::from_str(r#"flush_when = ".message == \"value\"""#).unwrap()
+    }
+}
+
+const fn default_events_before() -> usize {
+    100
+}
+
+const fn default_events_after() -> usize {
+    0
+}
+
+#[async_trait::async_trait]
+#[typetag::serde(name = "window")]
+impl TransformConfig for WindowConfig {
+    async fn build(&self, context: &TransformContext) -> crate::Result<Transform> {
+        Ok(Transform::function(
+            Window::new(
+                self.forward_when
+                    .as_ref()
+                    .map(|condition| condition.build(&context.enrichment_tables))
+                    .transpose()?,
+                self.flush_when.build(&context.enrichment_tables)?,
+                self.num_events_before,
+                self.num_events_after,
+            )
+            .unwrap(),
+        ))
+    }
+
+    fn input(&self) -> Input {
+        Input::new(DataType::Log)
+    }
+
+    fn outputs(
+        &self,
+        _: vector_lib::enrichment::TableRegistry,
+        input_definitions: &[(OutputId, schema::Definition)],
+        _: LogNamespace,
+    ) -> Vec<TransformOutput> {
+        // The event is not modified, so the definition is passed through as-is
+        vec![TransformOutput::new(
+            DataType::Log,
+            clone_input_definitions(input_definitions),
+        )]
+    }
+}
diff --git a/src/transforms/window/mod.rs b/src/transforms/window/mod.rs
new file mode 100644
index 0000000000000..3068477ea9559
--- /dev/null
+++ b/src/transforms/window/mod.rs
@@ -0,0 +1,2 @@
+pub mod config;
+pub mod transform;
diff --git a/src/transforms/window/transform.rs b/src/transforms/window/transform.rs
new file mode 100644
index 0000000000000..2149fbad61d0b
--- /dev/null
+++ b/src/transforms/window/transform.rs
@@ -0,0 +1,405 @@
+use std::collections::VecDeque;
+
+use vector_lib::internal_event::{Count, InternalEventHandle as _, Registered};
+
+use crate::{
+    conditions::Condition,
+    event::Event,
+    internal_events::WindowEventsDropped,
+    transforms::{FunctionTransform, OutputBuffer},
+};
+
+#[derive(Clone)]
+pub struct Window {
+    // Configuration parameters
+    forward_when: Option<Condition>,
+    flush_when: Condition,
+    num_events_before: usize,
+    num_events_after: usize,
+
+    // Internal variables
+    buffer: VecDeque<Event>,
+    events_counter: usize,
+    events_dropped: Registered<WindowEventsDropped>,
+    is_flushing: bool,
+}
+
+impl Window {
+    pub fn new(
+        forward_when: Option<Condition>,
+        flush_when: Condition,
+        num_events_before: usize,
+        num_events_after: usize,
+    ) -> crate::Result<Self> {
+        let buffer = VecDeque::with_capacity(num_events_before);
+
+        Ok(Window {
+            forward_when,
+            flush_when,
+            num_events_before,
+            num_events_after,
+            events_dropped: register!(WindowEventsDropped),
+            buffer,
+            events_counter: 0,
+            is_flushing: false,
+        })
+    }
+}
+
+impl FunctionTransform for Window {
+    fn transform(&mut self, output: &mut OutputBuffer, event: Event) {
+        let (pass, event) = match self.forward_when.as_ref() {
+            Some(condition) => {
+                let (result, event) = condition.check(event);
+                (result, event)
+            }
+            _ => (false, event),
+        };
+
+        let (flush, event) = self.flush_when.check(event);
+
+        if self.buffer.capacity() < self.num_events_before {
+            self.buffer.reserve(self.num_events_before);
+        }
+
+        if pass {
+            output.push(event);
+        } else if flush {
+            if self.num_events_before > 0 {
+                self.buffer.drain(..).for_each(|evt| output.push(evt));
+            }
+
+            self.events_counter = 0;
+            self.is_flushing = true;
+            output.push(event);
+        } else if self.is_flushing {
+            self.events_counter += 1;
+
+            if self.events_counter > self.num_events_after {
+                self.events_counter = 0;
+                self.is_flushing = false;
+                self.events_dropped.emit(Count(1));
+            } else {
+                output.push(event);
+            }
+        } else if self.buffer.len() >= self.num_events_before {
+            self.buffer.pop_front();
+            self.buffer.push_back(event);
+            self.events_dropped.emit(Count(1));
+        } else if self.num_events_before > 0 {
+            self.buffer.push_back(event);
+        } else {
+            self.events_dropped.emit(Count(1));
+        }
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use std::ops::RangeInclusive;
+    use tokio::sync::mpsc;
+    use tokio::sync::mpsc::{Receiver, Sender};
+    use tokio_stream::wrappers::ReceiverStream;
+    use vrl::core::Value;
+
+    use crate::conditions::{AnyCondition, ConditionConfig, VrlConfig};
+    use crate::transforms::window::config::WindowConfig;
+    use crate::{
+        event::{Event, LogEvent},
+        test_util::components::assert_transform_compliance,
+        transforms::test::create_topology,
+    };
+
+    #[tokio::test]
+    async fn test_flush() {
+        assert_transform_compliance(async {
+            let flush_when = get_condition("flush");
+            let transform_config = get_transform_config(flush_when, None, 1, 0);
+
+            let (tx, rx) = mpsc::channel(1);
+            let (topology, mut out) =
+                create_topology(ReceiverStream::new(rx), transform_config).await;
+
+            send_event(&tx, "flush").await;
+            assert_event("flush", out.recv().await).await;
+
+            drop(tx);
+            topology.stop().await;
+
+            assert_eq!(out.recv().await, None);
+        })
+        .await;
+    }
+
+    #[tokio::test]
+    async fn test_pass() {
+        assert_transform_compliance(async {
+            let flush_when = get_condition("flush");
+            let forward_when = get_condition("forward");
+            let transform_config = get_transform_config(flush_when, Some(forward_when), 1, 0);
+
+            let (tx, rx) = mpsc::channel(1);
+            let (topology, mut out) =
+                create_topology(ReceiverStream::new(rx), transform_config).await;
+
+            send_event(&tx, "forward").await;
+            assert_event("forward", out.recv().await).await;
+
+            drop(tx);
+            topology.stop().await;
+
+            assert_eq!(out.recv().await, None);
+        })
+        .await;
+    }
+
+    #[tokio::test]
+    async fn test_10_in_50() {
+        assert_transform_compliance(async {
+            let flush_when = get_condition("flush");
+            let transform_config = get_transform_config(flush_when, None, 50, 0);
+
+            let (tx, rx) = mpsc::channel(1);
+            let (topology, mut out) =
+                create_topology(ReceiverStream::new(rx), transform_config).await;
+
+            send_events(&tx, generate_events(1..=10)).await;
+            send_event(&tx, "flush").await;
+
+            let mut expected: [&str; 11] = [
+                "A01", "A02", "A03", "A04", "A05", "A06", "A07", "A08", "A09", "A10", "flush",
+            ];
+
+            assert_events(&mut expected, &mut out).await;
+
+            drop(tx);
+            topology.stop().await;
+
+            assert_eq!(out.recv().await, None);
+        })
+        .await;
+    }
+
+    #[tokio::test]
+    async fn test_50_in_10() {
+        assert_transform_compliance(async {
+            let flush_when = get_condition("flush");
+            let transform_config = get_transform_config(flush_when, None, 10, 0);
+
+            let (tx, rx) = mpsc::channel(1);
+            let (topology, mut out) =
+                create_topology(ReceiverStream::new(rx), transform_config).await;
+
+            send_events(&tx, generate_events(1..=50)).await;
+            send_event(&tx, "flush").await;
+
+            let mut expected: [&str; 11] = [
+                "A41", "A42", "A43", "A44", "A45", "A46", "A47", "A48", "A49", "A50", "flush",
+            ];
+
+            assert_events(&mut expected, &mut out).await;
+
+            drop(tx);
+            topology.stop().await;
+
+            assert_eq!(out.recv().await, None);
+        })
+        .await;
+    }
+
+    #[tokio::test]
+    async fn test_before_and_after() {
+        assert_transform_compliance(async {
+            let flush_when = get_condition("flush");
+            let transform_config = get_transform_config(flush_when, None, 10, 5);
+
+            let (tx, rx) = mpsc::channel(1);
+            let (topology, mut out) =
+                create_topology(ReceiverStream::new(rx), transform_config).await;
+
+            send_events(&tx, generate_events(1..=50)).await;
+            send_event(&tx, "flush").await;
+            send_events(&tx, generate_events(51..=70)).await;
+
+            let mut expected: [&str; 16] = [
+                "A41", "A42", "A43", "A44", "A45", "A46", "A47", "A48", "A49", "A50", "flush",
+                "A51", "A52", "A53", "A54", "A55",
+            ];
+
+            assert_events(&mut expected, &mut out).await;
+
+            drop(tx);
+            topology.stop().await;
+
+            assert_eq!(out.recv().await, None);
+        })
+        .await;
+    }
+
+    #[tokio::test]
+    async fn test_flush_and_pass() {
+        assert_transform_compliance(async {
+            let flush_when = get_condition("flush");
+            let forward_when = get_condition("forward");
+            let transform_config = get_transform_config(flush_when, Some(forward_when), 50, 5);
+
+            let (tx, rx) = mpsc::channel(1);
+            let (topology, mut out) =
+                create_topology(ReceiverStream::new(rx), transform_config).await;
+
+            send_events(&tx, generate_events(1..=5)).await;
+            send_event(&tx, "forward").await;
+            send_events(&tx, generate_events(6..=10)).await;
+            send_event(&tx, "forward").await;
+            send_event(&tx, "flush").await;
+            send_event(&tx, "forward").await;
+            send_events(&tx, generate_events(11..=15)).await;
+            send_event(&tx, "forward").await;
+            send_events(&tx, generate_events(16..=20)).await;
+
+            let mut expected: [&str; 20] = [
+                "forward", "forward", "A01", "A02", "A03", "A04", "A05", "A06", "A07", "A08",
+                "A09", "A10", "flush", "forward", "A11", "A12", "A13", "A14", "A15", "forward",
+            ];
+
+            assert_events(&mut expected, &mut out).await;
+
+            drop(tx);
+            topology.stop().await;
+
+            assert_eq!(out.recv().await, None);
+        })
+        .await;
+    }
+
+    #[tokio::test]
+    async fn test_zero_before() {
+        assert_transform_compliance(async {
+            let flush_when = get_condition("flush");
+            let transform_config = get_transform_config(flush_when, None, 0, 5);
+
+            let (tx, rx) = mpsc::channel(1);
+            let (topology, mut out) =
+                create_topology(ReceiverStream::new(rx), transform_config).await;
+
+            send_events(&tx, generate_events(1..=50)).await;
+            send_event(&tx, "flush").await;
+            send_events(&tx, generate_events(51..=70)).await;
+
+            let mut expected: [&str; 6] = ["flush", "A51", "A52", "A53", "A54", "A55"];
+            assert_events(&mut expected, &mut out).await;
+
+            drop(tx);
+            topology.stop().await;
+
+            assert_eq!(out.recv().await, None);
+        })
+        .await;
+    }
+
+    #[tokio::test]
+    async fn test_zero_flush() {
+        assert_transform_compliance(async {
+            let flush_when = get_condition("flush");
+            let transform_config = get_transform_config(flush_when, None, 0, 0);
+
+            let (tx, rx) = mpsc::channel(1);
+            let (topology, mut out) =
+                create_topology(ReceiverStream::new(rx), transform_config).await;
+
+            send_events(&tx, generate_events(1..=50)).await;
+            send_event(&tx, "flush").await;
+            send_events(&tx, generate_events(51..=70)).await;
+
+            let mut expected: [&str; 1] = ["flush"];
+            assert_events(&mut expected, &mut out).await;
+
+            drop(tx);
+            topology.stop().await;
+
+            assert_eq!(out.recv().await, None);
+        })
+        .await;
+    }
+
+    #[tokio::test]
+    async fn test_zero_pass() {
+        assert_transform_compliance(async {
+            let flush_when = get_condition("flush");
+            let forward_when = get_condition("forward");
+            let transform_config = get_transform_config(flush_when, Some(forward_when), 0, 0);
+
+            let (tx, rx) = mpsc::channel(1);
+            let (topology, mut out) =
+                create_topology(ReceiverStream::new(rx), transform_config).await;
+
+            let events = generate_events(1..=50);
+            let more_events = generate_events(51..=70);
+
+            send_events(&tx, events).await;
+            send_event(&tx, "forward").await;
+            send_event(&tx, "flush").await;
+            send_events(&tx, more_events).await;
+
+            let mut expected: [&str; 2] = ["forward", "flush"];
+            assert_events(&mut expected, &mut out).await;
+
+            drop(tx);
+            topology.stop().await;
+
+            assert_eq!(out.recv().await, None);
+        })
+        .await;
+    }
+
+    const fn get_transform_config(
+        flush_when: AnyCondition,
+        forward_when: Option<AnyCondition>,
+        num_events_before: usize,
+        num_events_after: usize,
+    ) -> WindowConfig {
+        WindowConfig {
+            flush_when,
+            forward_when,
+            num_events_before,
+            num_events_after,
+        }
+    }
+
+    fn get_condition(message: &str) -> AnyCondition {
+        AnyCondition::from(ConditionConfig::Vrl(VrlConfig {
+            source: format!(r#".message == "{message}""#),
+            runtime: Default::default(),
+        }))
+    }
+
+    fn generate_events(range: RangeInclusive<i32>) -> Vec<Event> {
+        range
+            .map(|n| format!("A{n:02}"))
+            .map(|m| Event::from(LogEvent::from(m)))
+            .collect::<Vec<Event>>()
+    }
+
+    async fn send_events(tx: &Sender<Event>, events: Vec<Event>) {
+        for event in events {
+            tx.send(event).await.unwrap();
+        }
+    }
+
+    async fn send_event(tx: &Sender<Event>, message: &str) {
+        tx.send(Event::from(LogEvent::from(message))).await.unwrap();
+    }
+
+    async fn assert_event(message: &str, event: Option<Event>) {
+        assert_eq!(
+            &Value::from(message),
+            event.unwrap().as_log().get("message").unwrap()
+        );
+    }
+
+    async fn assert_events(messages: &mut [&str], out: &mut Receiver<Event>) {
+        for message in messages {
+            assert_event(message, out.recv().await).await;
+        }
+    }
+}
diff --git a/website/content/en/docs/reference/configuration/transforms/window.md b/website/content/en/docs/reference/configuration/transforms/window.md
new file mode 100644
index 0000000000000..ade190195844f
--- /dev/null
+++ b/website/content/en/docs/reference/configuration/transforms/window.md
@@ -0,0 +1,14 @@
+---
+title: Window
+description: A variant of ring buffer or backtrace logging implemented as a sliding window
+component_kind: transform
+layout: component
+tags: ["filter", "component", "transform", "logs"]
+---
+
+{{/*
+This doc is generated using:
+
+1. The template in layouts/docs/component.html
+2. The relevant CUE data in cue/reference/components/...
+*/}}
diff --git a/website/cue/reference/components.cue b/website/cue/reference/components.cue
index ba4879ffad47f..5a350c997a1d3 100644
--- a/website/cue/reference/components.cue
+++ b/website/cue/reference/components.cue
@@ -204,6 +204,7 @@ components: {
 			exclusive_route?: #FeaturesExclusiveRoute
 			sanitize?:        #FeaturesSanitize
 			shape?:           #FeaturesShape
+			window?:          #FeaturesWindow
 		}
 
 		if Args.kind == "sink" {
@@ -335,6 +336,8 @@ components: {
 
 	#FeaturesShape: {}
 
+	#FeaturesWindow: {}
+
 	#FeaturesSend: {
 		_args: {
 			egress_method: string
diff --git a/website/cue/reference/components/transforms/base/window.cue b/website/cue/reference/components/transforms/base/window.cue
new file mode 100644
index 0000000000000..6eeb587c9ece0
--- /dev/null
+++ b/website/cue/reference/components/transforms/base/window.cue
@@ -0,0 +1,35 @@
+package metadata
+
+base: components: transforms: window: configuration: {
+	flush_when: {
+		description: """
+			A condition used to flush the events.
+
+			If the condition resolves to `true` for an event, the whole window is immediately flushed,
+			including the event itself, and any following events if `num_events_after` is more than zero.
+			"""
+		required: true
+		type: condition: {}
+	}
+	forward_when: {
+		description: """
+			A condition used to pass events through the transform without buffering.
+
+			If the condition resolves to `true` for an event, the event is immediately forwarded without
+			buffering and without preserving the original order of events. Use with caution if the sink
+			cannot handle out of order events.
+			"""
+		required: false
+		type: condition: {}
+	}
+	num_events_after: {
+		description: "The maximum number of events to keep after the event matched by the `flush_when` condition."
+		required:    false
+		type: uint: default: 0
+	}
+	num_events_before: {
+		description: "The maximum number of events to keep before the event matched by the `flush_when` condition."
+		required:    false
+		type: uint: default: 100
+	}
+}
diff --git a/website/cue/reference/components/transforms/window.cue b/website/cue/reference/components/transforms/window.cue
new file mode 100644
index 0000000000000..4198d7b1afde5
--- /dev/null
+++ b/website/cue/reference/components/transforms/window.cue
@@ -0,0 +1,144 @@
+package metadata
+
+components: transforms: window: {
+	title: "Window"
+
+	description: """
+		A variant of ring buffer or backtrace logging implemented as a sliding window. Keeps events in a buffer until
+		the `flush_when` condition is matched. When the buffer is full, the oldest events are dropped.
+		"""
+
+	classes: {
+		commonly_used: false
+		development:   "beta"
+		egress_method: "stream"
+		stateful:      true
+	}
+
+	features: {
+		filter: {}
+	}
+
+	support: {
+		requirements: []
+		warnings: []
+		notices: []
+	}
+
+	configuration: base.components.transforms.window.configuration
+
+	input: {
+		logs:    true
+		metrics: null
+		traces:  false
+	}
+
+	examples: [
+		{
+			title: "Flush recent events when an error happens"
+			input: [
+				{log: {message: "A01", level: "info"}},
+				{log: {message: "A02", level: "debug"}},
+				{log: {message: "A03", level: "info"}},
+				{log: {message: "A04", level: "debug"}},
+				{log: {message: "A05", level: "error"}},
+				{log: {message: "A06", level: "debug"}},
+				{log: {message: "A07", level: "warning"}},
+				{log: {message: "A08", level: "info"}},
+				{log: {message: "A09", level: "debug"}},
+				{log: {message: "A10", level: "info"}},
+			]
+
+			configuration: {
+				flush_when:        #".level == "error""#
+				num_events_before: 2
+				num_events_after:  2
+			}
+
+			output: [
+				{log: {message: "A03", level: "info"}},
+				{log: {message: "A04", level: "debug"}},
+				{log: {message: "A05", level: "error"}},
+				{log: {message: "A06", level: "debug"}},
+				{log: {message: "A07", level: "warning"}},
+			]
+		},
+
+		{
+			title: "Pass events through without preserving the order"
+			input: [
+				{log: {message: "A01", level: "info"}},
+				{log: {message: "A02", level: "debug"}},
+				{log: {message: "A03", level: "info"}},
+				{log: {message: "A04", level: "debug"}},
+				{log: {message: "A05", level: "error"}},
+				{log: {message: "A06", level: "debug"}},
+				{log: {message: "A07", level: "warning"}},
+				{log: {message: "A08", level: "info"}},
+				{log: {message: "A09", level: "debug"}},
+				{log: {message: "A10", level: "info"}},
+			]
+
+			configuration: {
+				flush_when:        #".level == "error""#
+				forward_when:      #".level == "info""#
+				num_events_before: 2
+				num_events_after:  2
+			}
+
+			output: [
+				{log: {message: "A01", level: "info"}},
+				{log: {message: "A03", level: "info"}},
+				{log: {message: "A02", level: "debug"}},
+				{log: {message: "A04", level: "debug"}},
+				{log: {message: "A05", level: "error"}},
+				{log: {message: "A06", level: "debug"}},
+				{log: {message: "A07", level: "warning"}},
+				{log: {message: "A08", level: "info"}},
+				{log: {message: "A10", level: "info"}},
+			]
+		},
+	]
+
+	how_it_works: {
+		advantages: {
+			title: "Advantages of Use"
+			body: """
+				A common way to reduce log volume from a verbose system is to filter out less important messages, and only
+				ingest errors and warnings. However, an error message by itself may not be sufficient to determine the
+				cause, as surrounding events often contain important context information leading to the failure.
+
+				The `window` transform allows for reduction of log volume by filtering out logs
+				when the system is healthy, but preserving detailed logs when they are most relevant.
+				"""
+		}
+
+		sliding_window: {
+			title: "Sliding Window"
+			body: """
+				As the stream of events passes through the transform, it is observed though a "window" that spans between
+				`num_events_before` and `num_events_after` relative to an event matched by the `flush_when` condition.  When the
+				condition is matched, the whole window is flushed to the output. This is also known as backtrace logging or
+				ring buffer logging.
+
+				{{< svg "img/sliding-window.svg" >}}
+
+				Past events are stored in a memory buffer with the capacity of `num_events_before`. When the buffer is full,
+				the oldest events are dropped to make space for new ones. The buffer is not persistent, so in case of a hard
+				system crash, all the buffered events will be lost.
+
+				Future events are counted from the event matched by the `flush_when` condition until `num_events_after` number
+				of events is reached.
+
+				If the `flush_when` condition is matched before the buffer fills up, it will be flushed again. If the flush
+				condition is triggered often enough (for example, the system is constantly logging errors), the transform may
+				always be in the flushing state, meaning that no events will be filtered. Therefore it works best for conditions
+				that are relatively uncommon.
+				"""
+		}
+	}
+
+	telemetry: metrics: {
+		stale_events_flushed_total: components.sources.internal_metrics.output.metrics.stale_events_flushed_total
+	}
+}
diff --git a/website/static/img/sliding-window.svg b/website/static/img/sliding-window.svg
new file mode 100644
index 0000000000000..165a060e2048b
--- /dev/null
+++ b/website/static/img/sliding-window.svg
@@ -0,0 +1,418 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+        width="113mm"
+        height="30mm"
+        viewBox="0 0 113.00001 30"
+        version="1.1"
+        id="svg5"
+        inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
+        sodipodi:docname="sliding-window.svg"
+        xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+        xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+        xmlns="http://www.w3.org/2000/svg"
+>
+  <sodipodi:namedview
+     id="namedview7"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     showgrid="false"
+     inkscape:zoom="2.5565191"
+     inkscape:cx="272.63633"
+     inkscape:cy="128.10387"
+     inkscape:window-width="2560"
+     inkscape:window-height="1371"
+     inkscape:window-x="1440"
+     inkscape:window-y="32"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" />
+  <defs
+     id="defs2" />
+  <g
+     inkscape:label="Lag 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-26.586667,-4.5787144)">
+    <g
+       id="g33474"
+       transform="translate(-2.6693879)">
+      <rect
+         style="fill:none;stroke:#c3cfd9;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234"
+         width="7.7983656"
+         height="7.7983651"
+         x="29.456055"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="31.943439"
+         y="21.798332"
+         id="text1100"><tspan
+           sodipodi:role="line"
+           id="tspan1098"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="31.943439"
+           y="21.798332">A</tspan></text>
+    </g>
+    <g
+       id="g33479"
+       transform="translate(-1.757912)">
+      <rect
+         style="fill:none;stroke:#c3cfd9;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-3"
+         width="7.7983656"
+         height="7.7983651"
+         x="37.27264"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="39.717651"
+         y="21.798332"
+         id="text1100-6"><tspan
+           sodipodi:role="line"
+           id="tspan1098-2"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="39.717651"
+           y="21.798332">B</tspan></text>
+    </g>
+    <g
+       id="g33484"
+       transform="translate(-0.83551079)">
+      <rect
+         style="fill:none;stroke:#c3cfd9;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-6"
+         width="7.7983656"
+         height="7.7983651"
+         x="45.0783"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="47.427193"
+         y="21.798332"
+         id="text1100-61"><tspan
+           sodipodi:role="line"
+           id="tspan1098-8"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="47.427193"
+           y="21.798332">C</tspan></text>
+    </g>
+    <g
+       id="g33489"
+       transform="translate(0.07626265)">
+      <rect
+         style="fill:#f44af5;fill-opacity:0.25;stroke:#f44af5;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-7"
+         width="7.7983656"
+         height="7.7983651"
+         x="52.894588"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="55.214542"
+         y="21.798332"
+         id="text1100-7"><tspan
+           sodipodi:role="line"
+           id="tspan1098-9"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="55.214542"
+           y="21.798332">D</tspan></text>
+    </g>
+    <g
+       id="g33494"
+       transform="translate(0.99452107)">
+      <rect
+         style="fill:#f44af5;fill-opacity:0.25;stroke:#f44af5;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-2"
+         width="7.7983656"
+         height="7.7983651"
+         x="60.704391"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="63.138031"
+         y="21.798332"
+         id="text1100-2"><tspan
+           sodipodi:role="line"
+           id="tspan1098-0"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="63.138031"
+           y="21.798332">E</tspan></text>
+    </g>
+    <g
+       id="g33499"
+       transform="translate(1.9087779)">
+      <rect
+         style="fill:#f44af5;fill-opacity:0.25;stroke:#f44af5;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-3-9"
+         width="7.7983656"
+         height="7.7983651"
+         x="68.518196"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="71.047958"
+         y="21.798332"
+         id="text1100-6-2"><tspan
+           sodipodi:role="line"
+           id="tspan1098-2-3"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="71.047958"
+           y="21.798332">F</tspan></text>
+    </g>
+    <g
+       id="g33504"
+       transform="translate(2.824881)">
+      <rect
+         style="fill:#45def3;fill-opacity:0.25;stroke:#28d9f2;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-6-1"
+         width="7.7983656"
+         height="7.7983651"
+         x="76.330154"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="78.602562"
+         y="21.798332"
+         id="text1100-61-7"><tspan
+           sodipodi:role="line"
+           id="tspan1098-8-5"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="78.602562"
+           y="21.798332">G</tspan></text>
+    </g>
+    <g
+       id="g33509"
+       transform="translate(3.7489645)">
+      <rect
+         style="fill:#3084ff;fill-opacity:0.25;stroke:#3084ff;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-7-2"
+         width="7.7983656"
+         height="7.7983651"
+         x="84.134132"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="86.50576"
+         y="21.798332"
+         id="text1100-7-9"><tspan
+           sodipodi:role="line"
+           id="tspan1098-9-2"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="86.50576"
+           y="21.798332">H</tspan></text>
+    </g>
+    <g
+       id="g33514"
+       transform="translate(4.6562633)">
+      <rect
+         style="fill:#3084ff;fill-opacity:0.25;stroke:#3084ff;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-70"
+         width="7.7983656"
+         height="7.7983651"
+         x="91.954895"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="95.258766"
+         y="21.798332"
+         id="text1100-28"><tspan
+           sodipodi:role="line"
+           id="tspan1098-97"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="95.258766"
+           y="21.798332">I</tspan></text>
+    </g>
+    <g
+       id="g33519"
+       transform="translate(5.5803772)">
+      <rect
+         style="fill:#3084ff;fill-opacity:0.25;stroke:#3084ff;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-3-93"
+         width="7.7983656"
+         height="7.7983651"
+         x="99.758842"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="102.70319"
+         y="21.772495"
+         id="text1100-6-3"><tspan
+           sodipodi:role="line"
+           id="tspan1098-2-6"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="102.70319"
+           y="21.772495">J</tspan></text>
+    </g>
+    <g
+       id="g33524"
+       transform="translate(6.4976324)">
+      <rect
+         style="fill:none;stroke:#c3cfd9;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-6-6"
+         width="7.7983656"
+         height="7.7983651"
+         x="107.56965"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="109.90614"
+         y="21.798332"
+         id="text1100-61-1"><tspan
+           sodipodi:role="line"
+           id="tspan1098-8-2"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="109.90614"
+           y="21.798332">K</tspan></text>
+    </g>
+    <g
+       id="g33529"
+       transform="translate(7.4246532)">
+      <rect
+         style="fill:none;stroke:#c3cfd9;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-7-0"
+         width="7.7983656"
+         height="7.7983651"
+         x="115.37069"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="118.0131"
+         y="21.798332"
+         id="text1100-7-93"><tspan
+           sodipodi:role="line"
+           id="tspan1098-9-1"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="118.0131"
+           y="21.798332">L</tspan></text>
+    </g>
+    <g
+       id="g36585">
+      <rect
+         style="fill:none;stroke:#c3cfd9;stroke-width:0.4;stroke-linecap:butt;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect234-7-0-0"
+         width="7.7983656"
+         height="7.7983651"
+         x="131.56"
+         y="16.383999" />
+      <text
+         xml:space="preserve"
+         style="font-size:4.23333px;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, ';fill:none;stroke:#000000;stroke-width:0.264583;stroke-opacity:1"
+         x="133.69908"
+         y="21.798332"
+         id="text1100-7-93-6"><tspan
+           sodipodi:role="line"
+           id="tspan1098-9-1-1"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:sans-serif;-inkscape-font-specification:sans-serif;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583"
+           x="133.69908"
+           y="21.798332">M</tspan></text>
+    </g>
+    <g
+       stroke="#c3cfd9"
+       stroke-linecap="round"
+       stroke-linejoin="round"
+       id="g23653"
+       style="fill:none;fill-rule:evenodd"
+       transform="matrix(0,0.26458333,-0.26458333,0,148.00943,-154.59883)">
+      <path
+         stroke-width="4"
+         d="M 620.45117,245.5 H 637"
+         id="path23649"
+         sodipodi:nodetypes="cc" />
+      <path
+         stroke-width="2"
+         fill="#c3cfd9"
+         fill-rule="nonzero"
+         d="m 633.908,239.959 7.092,5.541 -7.092,5.541 z"
+         id="path23651" />
+    </g>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.88056px;line-height:0;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:center;text-anchor:middle;fill:#000000;fill-opacity:0.884306;stroke:none;stroke-width:0.264583;stroke-opacity:1;letter-spacing:0.079375px"
+       x="82.677803"
+       y="7.5473428"
+       id="text30099"><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.88056px;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:center;text-anchor:middle;fill:#000000;fill-opacity:0.884306;stroke:none;stroke-width:0.264583"
+         x="82.677803"
+         y="7.5473428"
+         id="tspan31091"
+         dx="0">Event of interest</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.88056px;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:center;text-anchor:middle;fill:#000000;fill-opacity:0.884306;stroke:none;stroke-width:0.264583;stroke-opacity:1;letter-spacing:0.079375px"
+       x="65.221672"
+       y="34.386532"
+       id="text30099-1"><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.88056px;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:center;text-anchor:middle;fill:#000000;fill-opacity:0.884306;stroke:none;stroke-width:0.264583"
+         x="65.221672"
+         y="34.386532"
+         id="tspan31091-0">Events before</tspan></text>
+    <g
+       stroke="#c3cfd9"
+       stroke-linecap="round"
+       stroke-linejoin="round"
+       id="g23653-8-0"
+       style="fill:none;fill-rule:evenodd"
+       transform="matrix(-0.26458333,0,0,-0.26458333,228.97829,93.561213)">
+      <path
+         stroke-width="4"
+         d="m 595,245.5 h 42"
+         id="path23649-4-3" />
+      <path
+         stroke-width="2"
+         fill="#c3cfd9"
+         fill-rule="nonzero"
+         d="m 633.908,239.959 7.092,5.541 -7.092,5.541 z"
+         id="path23651-5-6" />
+    </g>
+    <g
+       stroke="#c3cfd9"
+       stroke-linecap="round"
+       stroke-linejoin="round"
+       id="g23653-8"
+       style="fill:none;fill-rule:evenodd"
+       transform="matrix(0.26458333,0,0,0.26458333,-62.869857,-36.090819)">
+      <path
+         stroke-width="4"
+         d="m 595,245.5 h 42"
+         id="path23649-4" />
+      <path
+         stroke-width="2"
+         fill="#c3cfd9"
+         fill-rule="nonzero"
+         d="m 633.908,239.959 7.092,5.541 -7.092,5.541 z"
+         id="path23651-5" />
+    </g>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.88056px;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:center;text-anchor:middle;fill:#000000;fill-opacity:0.884306;stroke:none;stroke-width:0.264583;stroke-opacity:1;letter-spacing:0.079375px"
+       x="100.13393"
+       y="34.32814"
+       id="text30099-6"><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.88056px;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:center;text-anchor:middle;fill:#000000;fill-opacity:0.884306;stroke:none;stroke-width:0.264583"
+         x="100.13393"
+         y="34.32814"
+         id="tspan31091-3">Events after</tspan></text>
+  </g>
+</svg>