you can try something like this

|multisearch [search index=blahblah host=blahblah earliest=1515004200 latest=1515090600 | eval date="1/4/2018"] [search index=blahblah host=blahblah earliest=1515090600 latest=1515177000 | eval date="1/5/2018"] | fields host, EventCode
| stats count by host, EventCode date
| sort - count
| where count > 200

OR

index=blahblah host=blahblah earliest=1515004200 latest=1515177000 | bin _time span=1d
| fields host, EventCode
| stats count by host, EventCode _time
| sort - count
| where count > 200

let me know if this helps !