Mothership App for Splunk

Mothership is a Splunk App that provides a single pane of glass into large multi-instance Splunk deployments. Mothership dispatches SPL on remote Splunk instances on a scheduled interval and retrieves and stores search results locally. Field extraction is preserved, requiring no configuration other than a valid username and password for a service account on the remote machine. An administrative interface with REST services is provided to simplify management and reporting. All remote search results are stored in RBAC controllable stores (i.e., lookups, indexes).

Built by Splunk Works

Latest Version 2.1.0

September 12, 2024

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

Mothership is a Splunk App that provides a single pane of glass into large multi-instance Splunk deployments. Mothership dispatches SPL on remote Splunk instances on a scheduled interval and retrieves and stores search results locally. Field extraction is preserved, requiring no configuration other than a valid username and password for a service account on the remote machine. An administrative interface with REST services is provided to simplify management and reporting. All remote search results are stored in RBAC controllable stores (i.e., lookups, indexes).