Splunk Search

Search Results into a table


Hi guys, 

I am new to splunk and would like to create a report based off the number of times a particular windows event code is showing up.

My search String -
sourcetype = WinEventLog:Security
| table ComputerName , EventCode, Message

The above gives me what I want but I would like to streamline it further so that it shows up in a csv file. The table I have in mind is something like below.

Can someone please guide me or point me in the right direction, please? Thank you so much

HostnameEventCodeNumber of Times showing upActionMessageUser Account


Labels (1)
0 Karma


@splunknewbie81  Do you want to visually see the results in CSV format or export them? table/stats command just shows the information in tabular format visually underlying they are not CSV format.

If you want the CSV format you shall export the results which you can find in search app itself. Same can be achieved using Splunk Rest API calls.


An upvote would be appreciated if it helps!

0 Karma

Path Finder

Try using

index="windows-servers" sourcetype = WinEventLog:Security EventCode=4625 
| stats count as "Number of Times showing up" values(EventCode) as EventCode by Message Workstation_Name action user 
| rename Workstation_Name as Hostname,user as "	User Account",action as Action
0 Karma