How to do it...

Follow these steps to search and tabulate the selected event data:

1. Log in to your Splunk server.
2. Select the Search & Reporting application from the left-hand side of the screen, as shown in the following screenshot:
   
3. Set the time range picker to Last 24 hours, and type the following search into the Splunk search bar. Then, click on Search or hit Enter:

index=main sourcetype="access_combined"

The following screenshot illustrates the process: 

1. Splunk will return the results of the search and display the raw search events under the search bar.
2. Let's rerun the search, but this time, we will add the table command as follows:

index=main sourcetype=access_combined | table _time, referer_domain, method, uri_path, status, JSESSIONID, useragent

1. Splunk will now return the same number of events, but instead of presenting the raw events to you, the data will be nicely formatted as a table, displaying only the fields we specified. This is much easier to read! The following screenshot displays the formatted data:
   

1. Save this search by clicking on Save As and then on Report. Give the report a name of cp02_tabulated_webaccess_logs and click on Save. On the next screen, click on Continue Editing to return to the search, as shown in the following screenshot: