win event summary
Total Windows Events
sourcetype="whatever" | stats count
Non-Login Windows Events
sourcetype="whatever" EventCode!=4624 EventCode!=4625 EventCode!=4634 | eval fc=EventCode.":".name | timechart limit=30 span=2h count(EventCode) by fc
sourcetype is the windows security evetlog sent by the splunk forwarding agent on a DC