https://community.splunk.com/t5/Splunk-Search/Nature-of-traffic/m-p/540508#M152919 <P>Hi,</P><P>&nbsp;</P><P>I have two instances of Asterisk running in my production environment. The third server has a Splunk indexer installed with Universal Forwarders installed on the two Asterisk servers, respectively. The calling system is via SIP trunks and all of the calls fall on the Asterisk servers.</P><P>&nbsp;</P><P>Now, I would like to monitor the nature of the traffic that is catered by the Asterisk Servers, i.e. UDP, TCP or RTP?</P><P>&nbsp;</P><P>Is there a way to do so?&nbsp;</P><P>&nbsp;</P><P>Any degree of help will be appreciated.</P><P>&nbsp;</P><P>thanks and regards,</P><P>Hisham</P> Fri, 19 Feb 2021 12:20:37 GMT hishamjan 2021-02-19T12:20:37Z https://community.splunk.com/t5/Splunk-Search/Nature-of-traffic/m-p/540508#M152919 <P>Hi,</P><P>&nbsp;</P><P>I have two instances of Asterisk running in my production environment. The third server has a Splunk indexer installed with Universal Forwarders installed on the two Asterisk servers, respectively. The calling system is via SIP trunks and all of the calls fall on the Asterisk servers.</P><P>&nbsp;</P><P>Now, I would like to monitor the nature of the traffic that is catered by the Asterisk Servers, i.e. UDP, TCP or RTP?</P><P>&nbsp;</P><P>Is there a way to do so?&nbsp;</P><P>&nbsp;</P><P>Any degree of help will be appreciated.</P><P>&nbsp;</P><P>thanks and regards,</P><P>Hisham</P> Fri, 19 Feb 2021 12:20:37 GMT https://community.splunk.com/t5/Splunk-Search/Nature-of-traffic/m-p/540508#M152919 hishamjan 2021-02-19T12:20:37Z https://community.splunk.com/t5/Splunk-Search/Nature-of-traffic/m-p/540669#M152970 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/228379">@hishamjan</a></P><P>RTP and SIP are application layer protocols that may use either TCP or UDP as a transport. I'm not familiar with Asterisk, but it presumably includes functionality to log session and call metrics.</P><P>You can use <A href="https://splunkbase.splunk.com/app/1809/" target="_self">Splunk App for Stream</A> to monitor network traffic on the forwarders and send cooked traffic events to the indexer. Both RTP and SIP are <A href="https://docs.splunk.com/Documentation/StreamApp/7.3.0/DeployStreamApp/VoIP" target="_self">supported</A>.</P><P>The implementation of Splunk App for Stream can be non-trivial. If you're unfamiliar with packet capture and protocol analysis concepts, you may prefer to enlist Splunk Professional Services or another qualified consultant.</P> Sat, 20 Feb 2021 21:25:06 GMT https://community.splunk.com/t5/Splunk-Search/Nature-of-traffic/m-p/540669#M152970 tscroggins 2021-02-20T21:25:06Z