I have checked that article but I definatly haven't got a typo as this search copied and pasted ito a search window in the new app using my admin user works fine ... View more

I have already tried that but have retested and it is still failing ... View more

@gcusello  here is the definition   ... View more

@gcusello  I have set the permission to  Its still not workin ... View more

All groups have read access, the admin and power grants are for write access   ... View more

@gcusello The read permissions are set for all roles on the system so both ... View more

I see nothing relating to this search in the audit.log ... View more

As I said above we are seeing this issue with Real-Time and Scheduled, I have the issue happening right now witha a Real-Time search in my test environment. I am firing test events into an existing index, I can see them arriving in the index, if I run the search in the alert as a manual search it shows the event but the the action isn't triggering and when I run  index="_internal" sourcetype!=splunkd_remote_searches savedsearch savedsearch_name=NOC_Alcatel result_count=1 I see hits from my first few test alerts but nothing from after it stopped responding. Yes we are running a 3 node cluster. I'm not seeing any issues in DMC the skip ratio over the last 4 hours is 0% I am seeing these every minute 08-26-2021 10:59:01.230 +0100 INFO SHCMaster - delegate search job requested for savedsearch_name="NOC_Alcatel" host = pr-l-sphead-03v.dcnlab.sset.local source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd 08-26-2021 10:59:01.230 +0100 INFO SHCMaster - realtime search savedsearch_name=NOC_Alcatel selector=nobody;noc;NOC_Alcatel sid=rt_scheduler__admin__noc__RMD5aff146651f76f3cb_at_1629386520_7_5E69A627-7FCE-4CAE-A9C4-E72E65CBF04A is either already running or being dispatched. Ignoring request. host = pr-l-sphead-03v.dcnlab.sset.local source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd but I am also seeing these going back forever so I dont think they are anything to do with this issue     ... View more

Wer are seeing the same issue with both but are in the process of migrating from Real-Time to scheduled as the scheduled gives faster results   ... View more

I think I have foungd it you need the !important after the color: black ... View more

On my live dashboard the css is in the simplexml  ... View more

This is an example dashboard showing the issue <dashboard> <label>Text Colour</label> <row> <panel> <table> <title>Colour vs text</title> <search> <query>| makeresults | eval whiteBg="White Background", redBg="Red Background" | table whiteBg redBg</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> <format type="color" field="redBg"> <colorPalette type="map">{"Red Background":#FF0000}</colorPalette> </format> </table> </panel> </row> </dashboard>   You can see the whiteBG has black text and the redBG has white text, I have raised a case on this as well ... View more

@ITWhisperer Yes I have tried that, the colour seems to change as the colour saturation increases ... View more

The issue appears to occur when you hide columns using the .column(i).visible(false) method as soon as you hide a column the DataTable starts leaking memory I have worked around this using CSS to hide the columns ... View more

Example of font colour attached  Image showing change in font colour ... View more

Thanks Kamlesh worked like a charm, had to edit as my fonts were otf and ended up with  @font-face { font-family: 'bariolregular'; src: url('Bariol_Regular.otf') format('opentype'); font-weight: normal; font-style: normal; } .abc { font-family: 'bariolregular' !important; font-weight: bold !important;     ... View more