The regex in the "AllSplunkEnterpriseLevel - Splunk Servers with resource starvation" alert needs a couple of small tweaks to support timezones that start with "-". Example log entry:

05-22-2021 02:43:52.616 -0400 WARN ServerInfoHandler - Responding to /server/info took longer than seems reasonable (5266 milliseconds, props_ms=2, kvs_ms=1, shc_ms=1, cluster_ms=1). Check your system for resource contention, most notably CPU availability.

The first two rex lines in the search:
| rex "^[\d-]+ [\d:\.]+( )+\+?\d+( )+[^ ]+( )+(?P<componentAndArea>([^ ]+( )+){3}).*\((?P<number>\d+) milliseconds"
| rex "^[\d-]+ [\d:\.]+( )+\+?\d+( )+[^ ]+( )+(?P<componentAndArea2>DispatchManager\s+([^ ]+( )+){3}).*elapsed_ms=(?P<number3>\d+)"

Need to be changed to:
| rex "^[\d-]+ [\d:\.]+( )+[\+-]?\d+( )+[^ ]+( )+(?P<componentAndArea>([^ ]+( )+){3}).*\((?P<number>\d+) milliseconds"
| rex "^[\d-]+ [\d:\.]+( )+[\+-]?\d+( )+[^ ]+( )+(?P<componentAndArea2>DispatchManager\s+([^ ]+( )+){3}).*elapsed_ms=(?P<number3>\d+)"

Thankyou for the updated regex, I've added it to the testing branch for the next release of the app.

Released in 2.6.5