Thank you for your quick response. I received the following error:

Error in 'rex' command: The regex 'total/interval/max' does not extract anything. It should specify at least one named group. Format: (?...).

The full search string is as follows:

index=* OR index=_* source="/zones/COP1/root/var/svc/log/application-ucop-topcop-pub:default.log" | rex field=messages_read total/interval/max "\d+\/\(?d+)\/" | timechart span=1h avg(interval) AS avgInterval

So I am sure I am doing something wrong.

There is an additional slash in the answer. This should work fine.

Updated
Good catch by @jkat54

 .... | rex field=messages_read total/interval/max "\d+\/(?<interval>\d+)\/" | timechart span=1h avg(interval) AS avgInterval

Need a slash in front of the d+ in the capture group and the field name isn't messages_read. The answer I gave should work fine.

Now remove the field=messages_read and total/interval/max and it'll be a ok. I wouldn't have posted a new answer if sundareshr's answer didn't have so many mistakes. You'll see where I just offer corrections in comments when folks are close. Now however his updated answer has an extra ? too.

I had the starting quote in the wrong place. Try this

.... | rex field=messages_read "total/interval/max=?\d+\/\(?<interval>d+)\/" | timechart span=1h avg(interval) AS avgInterval

OR

.... | rex field=messages_read "?\d+\/\(?<interval>d+)\/" | timechart span=1h avg(interval) AS avgInterval

Okay. It looks like it is getting closer.

I am using the following:

source="/zones/COP1/root/var/svc/log/application-ucop-topcop-pub:default.log" | rex field=messages_read "total/interval/max=?\d+\/(?d+)\/" | timechart span=1h avg(interval) AS avgInterval

On the Statistics tab there is a _time column and a avgInterval column, but there is nothing listed in the avgInterval column. Would I expect to see a number in that column, equating to an average of all the results for an hour?

Much appreciated!