This should help you get started

index=_audit action="alert_fired" 
| rename ss_name AS alert_name
| sort alert_name, _time
| delta _time as timediff
| streamstats count as rownum by alert_name reset_on_change=true
| eval timediff=if(rownum==1, null(), abs(timediff))
| where timediff<600

This will give you all alerts which triggered less than 10 mins apart.

hope this helps