I'm looking at creating a dashboard where I can generate standardized reports based on behaviors. To get started, I just want to provide a list of login activity by server to administrators to validate lookup lists as valid.

What I'm trying to draw in a table is similar to this:

Account Name:        |  Event Codes      |    Logon Type   |   Sparklines  |   Peak  Count   |   Peak Time
Joe Smith            |  4624             |   3, 5, 6       |   4624 Spark  |  4624 Peak      |  Time of 4624 peak
                     |  4625             |   0             |   4625 Spark  |  4625 Peak      |  Time of 4625 peak

Right now I've got the base search figured out:

sourcetype=WinEventLog:Security host=HostNameHere |stats values(EventCode) values(Logon_Type) sparkline(count(Account_Name)) count(Account_Name) by Account_Name | sort Account_Name

1st problem:
what I can't get added correctly is peak measurements. I've tried some stats functions like max(count) or eval max=count but they end up null.
Question: How can I get this to correctly evaluate the peak count & time that is shown in the sparkline?

2nd problem:
I can get the eventCodes to all stay in a single cell related to the account name, but I can't get the rest to obey the same principle.
Question: Is it even possible to format the table as I'm attempting to do? I can't seem to find via Google anyone that has tried to get the values of fields to actually line up with eachother.