Splunk Search

How to turn two columns of data into a two dimensional y/n matrix?


Hi... this might be a simple question and I am missing something obvious, but any help is appreciated...

I am trying to turn rows, with a Unique ID (like a username) and each with a categorical attribute (like Roles) into a Y/N type Matrix


Turn this

User     Role
User1    Developer
User1    Admin
User2    Manager
User2    Developer
User2    Admin
User3    Manager

Into this

        Developer    Admin     Manager
User1      Y           Y
User2      Y           Y         Y
User3                            Y

Your help is greatly appreciated!

0 Karma


Try this:

| yoursearch
| chart count over User by Role

This will give you 1s and 0s that you can easily replace with Y and empty if you want to afterwards.

EDIT: removed first line of the query and replaced that with "yoursearch". The chart line is the important one though

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!