Mothership is a Splunk App that provides a single pane of glass into large multi-instance Splunk deployments. Mothership dispatches SPL on remote Splunk instances on a scheduled interval and retrieves and stores search results locally. Field extraction is preserved, requiring no configuration other than a valid username and password for a service account on the remote machine. An administrative interface with REST services is provided to simplify management and reporting. All remote search results are stored in RBAC controllable stores (i.e., lookups, indexes).
The Mothership app will write summary results to lookups (transforming searches) and/or indexes (non-transforming searches). In a distributed environment or Search Head Cluster, lookups populated by Mothership can be replicated across the cluster, this means that Mothership running exclusively transforming searches (which write to a lookup) will work with a properly configured Distributed or Search Head Cluster Deployment. Non-transforming searches (which write to an index) are currently not supported in a distributed or Search Head Cluster deployment.
| rest /services/licenser/groups
Editmenu in the
Actionscolumn and selecting
Editmenu. This menu will provide you with lifecycle management options (create, read, update, delete) ad-hoc querying, metrics and debug logs, and more.
Mothership logs all transactions made to a remote machine including success and error state to the _internal index with the following source
*environment_poller_debug.log. Click on the "Debug" link found in the "Actions" dropdown for either the Environment or Environment Search to debug errors.
* Allow for the deletion of environment searches and environments with non-existant references (saved search, HEC token. password, etc...).
* Update savedsearches.conf.spec to include args.interval to remove warnings on startup.
* Multi-user timezone configurations reflect correct last run time, use epoch time within metrics logger.
* UI Environment search raw search string moved from Saved Search to Search section.
Initial public release.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.