OS:  Windows Server Platform: Splunk Enterprise 10.2.1   After upgrade to from Splunk Enterprise 9.4.8 to 10.2.1, there is an error message in Dashboards "Unable to retrieve the favorite date, try again". I have tested the dashboards, alerts, searchings and they seem working fine. The data is also received normally by Splunk.  I cannot find any issues there. But the message has just never gone. I tried restart Splunk Enterprise and reboot the server. The message is still there. What exactly the message want to tell? ... View more

I don't understand why the legacy 'run a script' alert action has been deprecated.  The official guidelines to create a 'Custom Alert Action' are to complicated to follow. I attempted to find a guide from Google, but there are too many conflicting methods, and I consistently failed to implement them. I just want a simple and straightforward guide to create a 'Custom Alert Action'  that runs a batch file (script.bat) or a PowerShell script file (script.ps1) when the alert is triggered.  Or just create a 'custom alert action' that exactly do the same thing as the deprecated 'run a script' alert action. (Just type the batch file name and that's it)   Environment: Splunk Enterprise 9.1 (Windows)   ... View more