Splunk Search

How to turn two columns of data into a two dimensional y/n matrix?


Hi... this might be a simple question and I am missing something obvious, but any help is appreciated...

I am trying to turn rows, with a Unique ID (like a username) and each with a categorical attribute (like Roles) into a Y/N type Matrix


Turn this

User     Role
User1    Developer
User1    Admin
User2    Manager
User2    Developer
User2    Admin
User3    Manager

Into this

        Developer    Admin     Manager
User1      Y           Y
User2      Y           Y         Y
User3                            Y

Your help is greatly appreciated!

Try this:

| yoursearch
| chart count over User by Role

This will give you 1s and 0s that you can easily replace with Y and empty if you want to afterwards.

EDIT: removed first line of the query and replaced that with "yoursearch". The chart line is the important one though

