Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


CDR and Splunk

CDR and Splunk

CDR and Splunk

Is configuring CM to send CDR to Splunk something anyone has done? We currently have a Call Accounting system, but the powers that be want this data offloaded to Splunk. I wasn't certain if the CDR data can be sent directly from CM to Splunk or would Splunk pull from the SQL DB of the Call Accounting system.

RE: CDR and Splunk

Ew. Why?

I mean, CDR can be streamed basically like a syslog type of service, but that's not going to make the data Splunk receives structured in any way.

The Utility Server (and I hate recommending it for anything but...) can use the on-disk CDR format (SFTP to CM, grab files) and keep CDR and make it downloadable. Depending if you're on 6.3 or 7, I figured my way into it's postgres database so there's a generic way to access it, though I think Avaya doesn't want you doing that.

Anyway, I don't know what makes syslog so special at a packet level, but you'll get UDP streamed data from CM at Splunk if you want. Give it a try. I have no idea what Splunk would help you accomplish though, unless you had someone going out of their way to structure that into a database or something.

RE: CDR and Splunk

The request was based on compliance searches, which they do for other systems. I'm not part of those other groups on what they log into splunk and grant access to, but the idea is most probably for a central portal to search data. My assumption is the Call Accounting systems are designed in a way to organize and present the call data in formats readable to a human being. My initial thought was sending directly into splunk would just be a garbled mess of raw data.

RE: CDR and Splunk

You can use a tool called AvayaCDR. It can parse the raw data into structural fields and send the data to Splunk. In Splunk, you can search the data by these fields.

RE: CDR and Splunk

thinking back on this, it's not a terrible idea. Having a single secure data stream "catcher" interface to your core can have it's benefits. If your CDR machine goes down, the data isn't lost forever. The security aspects make it a single box to deal with. If Splunk's job is to sit between two applications - like your PBX and CDR, and it adds some level of benefit either in security and/or reliability, then why not?

But the more i google on Splunk, the more I see it can A) bind to a port and catch stuff, so your Splunk guys should be easily able to tell you that and B) there's a company called sideviewapps that have Cisco Call Manager reporting tools to install atop your Splunk.

So, if they want a single secure man in the middle for your CDR, it'll probably work easily. If they want the same graphs they saw Cisco can do, then probably not.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close