I just updated the Splunk App for Lookup File Editing to the latest and now I can no longer download lookup files via CLI.  This has been working flawlessly in Splunk Cloud when I was running v3.6.0 but just updated to 4.0.1 (v4.0.2 not available in Cloud yet) and now I am getting 403 errors. Through testing, I verified lookup endpoint is still valid, lookup shared at global level, and I even changed the permissions of the account to be sc_admin but still experiencing the same issue.  Has anyone else come across this and found a solution?  Same error no matter which lookup file I attempt to download. My test command   python3 lut.py -app search -l geo_attr_countries.csv -app search INFO:root:list of lookups to download: ['geo_attr_countries.csv'] ERROR:root:[failed] Error: Downloading file: 'geo_attr_countries.csv', status:403, reason:Forbidden, url:https://[REDACTED].splunkcloud.com:8089/services/data/lookup_edit/lookup_contents?lookup_type=csv&namespace=search&lookup_file=geo_attr_countries.csv    Python script from here ... View more

I need to count the number of times an alert has triggered in a specific time window (say, last 24 hours).  I am trying to do that via  | rest   but noticed the counts remain constant despite changing the search time interval (60m, yesterday, last 7d, 15m, etc.). What "time" does the | rest search or return results for?  I tried reading the docs on rest and and the user manual for REST API but nothing quite explains it. Current SPL     | rest /services/alerts/fired_alerts splunk_server=local | search author="me@me.com" | table eai:acl.app eai:acl.owner id title triggered_alert_count | rename eai:acl.* as *, app as App, owner as Owner, id as Endpoint, title as Title, triggered_alert_count as "Count of Triggered Alerts"       ... View more