I'm trying to query events per host over a certain time period. Event rate, or events per second, by HOST. I'd like a table of "Of all hosts, this is the message count for 1) Last 1 minute, 2) Last 5 mins, 3) Last 15 minutes.
Ultimately, i'd like a little graph of eventrate over time for multiple hosts. This would help me visually identify which hosts are suddenly responsible for many more events than usual.
I feel like this might be in metadata somewhere. (new user, so i'm not very familiar).