You do not need to have your instance exposed to the internet. Looking at the documentation, the 503 error means "The app is unable to connect to the Cloud Gateway service. The connection is unavailable or Splunk Cloud Gateway modular_inputs aren't working.". What is suggested to do is to check that the Splunk server can access the internet. From the troubleshooting docs (references below): To check if you have WebSocket connection, run the following curl command at the command line: curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: echo.websocket.org" -H "Origin: https://www.websocket.org"; https://echo.websocket.org To test WebSocket connectivity between your host and Splunk Cloud Gateway, run the following curl command on command line: curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: prod.spacebridge.spl.mobi" -H "Origin: https://prod.spacebridge.spl.mobi"; -H "Authorization: c014fb4e" https://prod.spacebridge.spl.mobi/mobile On the second source, there is also search commands to track down the internal logs to provide more details. Sources: https://docs.splunk.com/Documentation/Gateway/1.8.0/Registration/TroubleshootGateway https://docs.splunk.com/Documentation/Gateway/1.8.0/Registration/TroubleshootConnectionIssues ... View more

There is no additional costs to use the Connected Experience (mobile, tv, ar). While there may be a limit in theory, I have not found any documentation on one. ... View more

The Connected Experiences apps (Mobile, TV, AR) on your mobile device connect to the Cloud Gateway service at prod.spacebridge.spl.mobi through websocket or Remote Procedure Call (gRPC) connection. Information at: https://docs.splunk.com/Documentation/Gateway/1.8.0/Installation/Security https://docs.splunk.com/Documentation/Gateway/1.8.0/Installation/Installation ... View more

There are limitations for the Connected Experience (Mobile, Splunk TV, AR). Please see below for a link to the Docs on the limits of the visualizations. https://docs.splunk.com/Documentation/Gateway/1.8.0/ReleaseNotes/VizSupport ... View more

There is the app to help you connect to MS Teams: https://splunkbase.splunk.com/app/3375/. Right click on the channel you want the alert to go to and select Connectors. On the right, choose Configure on "Incoming Webhook". Give the incoming webhook a name. I tend to use the alert name as the webhook name. Upload a custom image if you want. Then click Create. That will generate the URL you need to enter in to the Splunk app. When you setup up the alert in Splunk, make sure the "Microsoft Teams Webhook Alert Connector" app is installed, use the Microsoft Teams action and paste in the webhook URL. *Note - You need to format the alert in to tables for best results. ... View more

If you have access to your internal index. You can try the following: index=_internal source="*/python.log" "Sending email" You should see a field called server. server="localhost" ... View more

skoelpin, Running a user group is amazing. You learn from the group. I have been running the Eastern Nebraska user group for over 3 years now. Don't worry about numbers of people attending. Getting a core group of 5 or 10 people attending is the goal. I try to introduce my group to different ways of using Splunk. I love to try to get some hands on activities during the meetings. This could be loading your first Splunk server, getting data in to Splunk, what are all of these .conf files, how to search, building reports, building dashboards, building an app, etc. I would suggest jumping on the Splunk Slack instance. You can sign up through my groups site at: www.splunk402.com/chat. Let us know any other questions you have. -Tony Reinke ... View more