Given the Splunk result set in the attached screenshot, I'd like to formulate a search that finds all overlapping events that occurred on the same host. Many thanks!
What about this?
| stats values(MessageKey) by host
Or
| chart count over host by MessageKey usenull=f
You could use the transaction command, for example:
.... | transaction host
This returns no results.