One way to do it
| makeresults
| eval _raw="CLIENT_LOGIN 81392
CLIENT_LOGIN_ERROR 290
CODE_TO_TOKEN 2984
CODE_TO_TOKEN_ERROR 13
CUSTOM_REQUIRED_ACTION_ERROR 3
INTROSPECT_TOKEN 33
LOGIN 10559
LOGIN_ERROR 1240
LOGOUT 2
REFRESH_TOKEN 51
REFRESH_TOKEN_ERROR 126"
| multikv noheader=t
| rename Column_1 as Field, Column_2 as Count
| table Field Count
| where match(Field, "^(CLIENT_LOGIN|LOGIN|CODE_TO_TOKEN|REFRESH_TOKEN)$")
| stats sum(eval(if(match(Field, "^(CLIENT_LOGIN|LOGIN)$"), Count, null()))) as Logins sum(eval(if(match(Field, "^(CODE_TO_TOKEN|REFRESH_TOKEN)$"), Count, null()))) as Tokens
| transpose
From the |where statement - the rest is just setting up your example data.
