All Apps and Add-ons

Create reports

fiveitsplunk
Explorer

I need to create the following reports, but I have difficulty making the proper queries (i using splunk and SideViews).

Answered Calls ("removing as source ID" / except from number = 1234,5687,4444,4321) are entered in the chart as Answered.
Currently this filter below meets me partially, but I can not see the way I need, I want to show only 01 column with the Total.

===========================
cdr_events

| stats first (callId) as callId list (callingPartyNumber) as callingPartyNumber list (duration) as duration list (durationStr) as durationStr list (eventtype) as eventtype by globalCallID_callId globalCallID_callManagerId globalCallId_ClusterID
| search duration = 0 (eventtype = "incoming_call") | chart dc (callId) over callingPartyNumber | sort 0 callingPartyNumber

===========================

0 Karma

Richfez
SplunkTrust
SplunkTrust

I'm going to do this the UI way, since it all can be done from there. I'll include a few links as I go through it to blogs or docs we've written that can be used as reference information.

(Also note SOME of this is stuff you've already done I'm sure, I'm just including it here to make it complete)

Starting out -

First, find the calls you want. So in Browse calls up in the enter number(s) area, you'd type in the 4 extensions you want (1234,5678,4444,4321) and also pick incoming, outgoing and other items like that. There's more information about doing this - not that I expect you need it - in our user docs on searching for Numbers and Parties.

Now, how do we know if it was "answered" or not? There's quite a few ways and it sort of depends on exactly what you mean my "was answered". In this example I'm going to define (rather simplistically) any call that ended up in a dest_device_type of unityvm to be not answered, and all others answered. This is probably not going to work for you, but it'll work as an example (and who knows, maybe it will be fine enough given the extensions you want to track!) Other options might be in some cases just "legs>1" because answered calls to those numbers are handled and unanswered ones hop around to other lines/extensions. Sometimes it's a duration and who picked up in combination.

So I add the field dest_device_type to my fields (via field picker in the upper right) so that I can browse these calls and see that indeed, this will work for my field I'll use later to split the calls up by answered vs. unanswered.

Now, near the upper right click "Graph calls over time". All your settings for numbers to search for will come over, and by default it'll be a count of calls over time for those extensions/numbers, in that direction (etc...). So let's do some magic here.

In the advanced field, we're going to use an eval a new field, called "wasAnswered" that is set to "Not Answered" if the dest_device_type is unityvm, and "Answered" otherwise. So type in eval wasAnswered=if(dest_device_type="unityvm", "Answered", "Not Answered") (or copy and paste it, but be SURE to double-check your browser/copy/paste/whatever didn't change those dumb quote (") marks to the "smart" ones!). You can see some examples in a blog we made on using custom fields.

Then, - and this is IMPORTANT - run that search once. Running the search is what actually creates that field.

Now that you've done that, check down in the "over time" drop-down. You can drop that down and way at the bottom (because alphabetical!) is "over wasAnswered"

Pick that and ... that should give you the results you were looking for!

Happy Splunking.
-Richfez

0 Karma

sideview
SplunkTrust
SplunkTrust

Can you update the question with what your desired end goal is? It sounds like maybe you want a single number representing all answered calls from any of those 4 extensions?

There are some other pieces that you want to introduce but before I start answering I want to make sure I understand the question. Ideally if you could give a brief description of the goal and then specify what you want the table columns to be, or what you want the chart to show?

0 Karma

fiveitsplunk
Explorer

I need to show the customer answered calls and missed calls.
Calls Missed by Extension and Answered by Extension.

0 Karma

fiveitsplunk
Explorer

I want to create the same as the draft ...
alt text

0 Karma

fiveitsplunk
Explorer
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...