Is configuring CM to send CDR to Splunk something anyone has done? We currently have a Call Accounting system, but the powers that be want this data offloaded to Splunk. I wasn't certain if the CDR data can be sent directly from CM to Splunk or would Splunk pull from the SQL DB of the Call Accounting system.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
CDR and Splunk
- Thread starter trilogy8
- Start date
Ew. Why?
I mean, CDR can be streamed basically like a syslog type of service, but that's not going to make the data Splunk receives structured in any way.
The Utility Server (and I hate recommending it for anything but...) can use the on-disk CDR format (SFTP to CM, grab files) and keep CDR and make it downloadable. Depending if you're on 6.3 or 7, I figured my way into it's postgres database so there's a generic way to access it, though I think Avaya doesn't want you doing that.
Anyway, I don't know what makes syslog so special at a packet level, but you'll get UDP streamed data from CM at Splunk if you want. Give it a try. I have no idea what Splunk would help you accomplish though, unless you had someone going out of their way to structure that into a database or something.
I mean, CDR can be streamed basically like a syslog type of service, but that's not going to make the data Splunk receives structured in any way.
The Utility Server (and I hate recommending it for anything but...) can use the on-disk CDR format (SFTP to CM, grab files) and keep CDR and make it downloadable. Depending if you're on 6.3 or 7, I figured my way into it's postgres database so there's a generic way to access it, though I think Avaya doesn't want you doing that.
Anyway, I don't know what makes syslog so special at a packet level, but you'll get UDP streamed data from CM at Splunk if you want. Give it a try. I have no idea what Splunk would help you accomplish though, unless you had someone going out of their way to structure that into a database or something.
- Thread starter
- #3
The request was based on compliance searches, which they do for other systems. I'm not part of those other groups on what they log into splunk and grant access to, but the idea is most probably for a central portal to search data. My assumption is the Call Accounting systems are designed in a way to organize and present the call data in formats readable to a human being. My initial thought was sending directly into splunk would just be a garbled mess of raw data.
thinking back on this, it's not a terrible idea. Having a single secure data stream "catcher" interface to your core can have it's benefits. If your CDR machine goes down, the data isn't lost forever. The security aspects make it a single box to deal with. If Splunk's job is to sit between two applications - like your PBX and CDR, and it adds some level of benefit either in security and/or reliability, then why not?
But the more i google on Splunk, the more I see it can A) bind to a port and catch stuff, so your Splunk guys should be easily able to tell you that and B) there's a company called sideviewapps that have Cisco Call Manager reporting tools to install atop your Splunk.
So, if they want a single secure man in the middle for your CDR, it'll probably work easily. If they want the same graphs they saw Cisco can do, then probably not.
But the more i google on Splunk, the more I see it can A) bind to a port and catch stuff, so your Splunk guys should be easily able to tell you that and B) there's a company called sideviewapps that have Cisco Call Manager reporting tools to install atop your Splunk.
So, if they want a single secure man in the middle for your CDR, it'll probably work easily. If they want the same graphs they saw Cisco can do, then probably not.
- Status
Similar threads
- Locked
- Question