Solved: Navigation Menu xml Match Help

I-Man · ‎03-17-2011

In the Default Search Nav Menu I am trying to match all of my Active Directory reports so they are Nested in "AD Reports". All of the reports start with "AD ". The issue i'm running into is that other reports that have "AD " are matching such as "Dead Hosts".

<collection label="AD Reports">
  <saved source="unclassified" match="AD " />
</collection>

I searched for anything about xml and match but could not find any rules or ways to use regex. Any ideas about how to specify a match?

Similar to a question asked by Glenn, what characters are we allowed to use to specify the match?:

http://answers.splunk.com/questions/4288/is-it-possible-to-match-views-in-app-menu-using-wildcards-o...

gkanapathy · ‎03-17-2011

The match is a simple case-insensitive substring match, so unfortunately no regex or anything else special is available here.

View solution in original post

brettcave · ‎05-15-2013

Until regex matching is brought in, the next-best approach would probably be changing your naming convention, like starting all reports with _ and then matching on "_AD ".

not the most elegant solution, but might work.

brettcave · ‎05-15-2013

and on playing with this, when matching, it matches on the name of a view, not the display name, so you could rename all your views to __ad__foo and leave the display name as "AD Foo"

Starlette · ‎07-19-2011

This sounds like a mod request? ( to use regex)

brettcave · ‎05-15-2013

+1000 on this!

gkanapathy · ‎03-17-2011

The match is a simple case-insensitive substring match, so unfortunately no regex or anything else special is available here.

Navigation Menu xml Match Help

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes