One approach would be to run a Severity Level Summary or 24-hr Syslog Analysis report in RME, either of which would get you some rough idea of what's the most chatty message. Then zero in from there.
Or you could awk the syslog_info file directly from CLI and tally the hosts/message types to find the offender(s).