sourcetype=WinSecurity EventCode=4625 | table _time User EventCode ComputerName
I don't know how to write your search for you, because I don't know how you are bringing the event log into Splunk. What is the sourcetype of the data, how do you identify the events of interest? I guessed at the field names for the table command, based on event logs I have seen in the past, but yours could be different.
You really need to play around with Splunk and your data; the community can help answer specific questions, but it is hard to show the basics in a Q&A format. I recommend the free e-learning course called Splunk Tutorial, as well as an online self-training document Splunk tutorial. (They are similar in content, but not the same.) You can also find videos and documentation at splunk.com.