Is there a way to see if the same log message got logged seconds apart from each other and get a count on how many times such back-to-back activity occurred in a given time period?
Any help appreciated.
Thanks in advance.
Do you know what the message is, or is it dynamic?
You may be able to achieve this using the transaction command with the maxpause option. Here's some documentation on that. Your search would look something like this
your base search | transaction message maxpause=60m | stats count by message