Splunk search for Cisco ACS data, shows users/device connections to APs

gistfile1.txt

index=firewall sourcetype="cisco:acs" eventtype=cisco_acs_auth_events
| streamstats values(message) as message by message_id
| eval message=mvjoin(message, ",")
| stats values(UserName) as UserName values(User_Name) as User_Name values(Called_Station_ID) as Called_Station_ID by Calling_Station_ID