Webhook alert actions are failing with urlopen error [Errno 101] Network is unreachable Proxy settings added to: server.conf [proxyConfig] http_proxy = http://<ip>:<port> https_proxy = http://<ip>:<port> no_proxy = <ip> splunk-launch.conf HTTP_PROXY=http://<ip>:<port> HTTPS_PROXY=http://<ip>:<port> NO_PROXY=localhost,127.0.0.1 Confirmed that we can successfully do curl via proxy, but the alert does not go through the proxy. Patching webhook.py directly to add an explicit ProxyHandler has no effect, which leads us to believe Splunk 9.4 may have internalized the webhook implementation and no longer executes this file. Is there a supported configuration we're missing?       ... View more

Hi, as in the title, the old panel id persists and the styling isn't applied. Refreshing the browser, clearing cache, restarting splunk idoesn't help. What am I missing? I'm on 9.4.9 ... View more

I am looking to replace a sourcetype using props.conf / transforms.conf so far with no luck. props.conf [original_sourcetype] NO_BINARY_CHECK = 1 SHOULD_LINEMERGE = false TIME_PREFIX = oldtimeprefix TIME_FORMAT=oldtimeformat pulldown_type = 1 TRANSFORMS-set_new=set_new_sourcetype [new_sourcetype_with_new_timeformat] NO_BINARY_CHECK=1 SHOULD_LINEMERGE=false TIME_PREFIX=newtimeprefix TIME_FORMAT=newtimeformat pulldown_type = 1 #rename=original_sourcetype transforms.conf [set_new_sourcetype] SOURCE_KEY = MetaData:Source REGEX = ^source::var/log/path/tofile.log FORMAT = sourcetype::new_sourcetype_with_new_timeformat DEST_KEY = MetaData:Sourcetype tried different REGEX's, including  REGEX = var/log/path/tofile.log   Also tried setting it like this in props.conf [source::var/log/path/tofile.log] TRANSFORMS-set_new=set_new_sourcetype   I am also looking at inputs.conf, which has monitoring stanzas for all syslog traffic, perhaps some blacklisting/ whitelisting based on source can be done there. But I am curious as to what is not working with my props/transforms. Thanks       ... View more