Scenario 1 is fairly easy, scenario 2 can be harder, but maybe not.
Scenario 1: As long as you have a way to separate different "instances" of 4741 and 4743 (e.g. "by user" or something), then
index=foo sourcetype=bar (eventId=4741 OR eventId=4743)
| stats count by _time, <user>
| where count>=2
That's obviously just sort of tossed together pseudocode, but should get you close. It relies on the timestamps being the same (to second resolution) for two events for the same user.
Scenario 2: some questions.
Are these two events expecting to be in a particular order or might they be in either order?
What's the approximate volume of the source data, and how often they'll match?
Answers that work really well with a few hundred or thousand events and which can be easily understood, like transaction, are not necessarily the same answers as if there's a few million/billion per day. For the latter, we may have to sort of "approximate" what "2 seconds apart" means very slightly which will work LOTS faster on bigger data sets but may not quite work as perfectly or at least be as understandable as a simpler, slower solution.
Let me know about those latter questions and I'm sure we can get you moving on that one too.
(Now that I've said that, someone will probably answer it with a generic and good search... 🙂 and that'd be perfect! Besides, you can give karma to more than one answer!)