All Apps and Add-ons

Create reports

fiveitsplunk
Explorer

I need to create the following reports, but I have difficulty making the proper queries (i using splunk and SideViews).

Answered Calls ("removing as source ID" / except from number = 1234,5687,4444,4321) are entered in the chart as Answered.
Currently this filter below meets me partially, but I can not see the way I need, I want to show only 01 column with the Total.

===========================
cdr_events

| stats first (callId) as callId list (callingPartyNumber) as callingPartyNumber list (duration) as duration list (durationStr) as durationStr list (eventtype) as eventtype by globalCallID_callId globalCallID_callManagerId globalCallId_ClusterID
| search duration = 0 (eventtype = "incoming_call") | chart dc (callId) over callingPartyNumber | sort 0 callingPartyNumber

===========================

0 Karma

Richfez
SplunkTrust
SplunkTrust

I'm going to do this the UI way, since it all can be done from there. I'll include a few links as I go through it to blogs or docs we've written that can be used as reference information.

(Also note SOME of this is stuff you've already done I'm sure, I'm just including it here to make it complete)

Starting out -

First, find the calls you want. So in Browse calls up in the enter number(s) area, you'd type in the 4 extensions you want (1234,5678,4444,4321) and also pick incoming, outgoing and other items like that. There's more information about doing this - not that I expect you need it - in our user docs on searching for Numbers and Parties.

Now, how do we know if it was "answered" or not? There's quite a few ways and it sort of depends on exactly what you mean my "was answered". In this example I'm going to define (rather simplistically) any call that ended up in a dest_device_type of unityvm to be not answered, and all others answered. This is probably not going to work for you, but it'll work as an example (and who knows, maybe it will be fine enough given the extensions you want to track!) Other options might be in some cases just "legs>1" because answered calls to those numbers are handled and unanswered ones hop around to other lines/extensions. Sometimes it's a duration and who picked up in combination.

So I add the field dest_device_type to my fields (via field picker in the upper right) so that I can browse these calls and see that indeed, this will work for my field I'll use later to split the calls up by answered vs. unanswered.

Now, near the upper right click "Graph calls over time". All your settings for numbers to search for will come over, and by default it'll be a count of calls over time for those extensions/numbers, in that direction (etc...). So let's do some magic here.

In the advanced field, we're going to use an eval a new field, called "wasAnswered" that is set to "Not Answered" if the dest_device_type is unityvm, and "Answered" otherwise. So type in eval wasAnswered=if(dest_device_type="unityvm", "Answered", "Not Answered") (or copy and paste it, but be SURE to double-check your browser/copy/paste/whatever didn't change those dumb quote (") marks to the "smart" ones!). You can see some examples in a blog we made on using custom fields.

Then, - and this is IMPORTANT - run that search once. Running the search is what actually creates that field.

Now that you've done that, check down in the "over time" drop-down. You can drop that down and way at the bottom (because alphabetical!) is "over wasAnswered"

Pick that and ... that should give you the results you were looking for!

Happy Splunking.
-Richfez

0 Karma

sideview
SplunkTrust
SplunkTrust

Can you update the question with what your desired end goal is? It sounds like maybe you want a single number representing all answered calls from any of those 4 extensions?

There are some other pieces that you want to introduce but before I start answering I want to make sure I understand the question. Ideally if you could give a brief description of the goal and then specify what you want the table columns to be, or what you want the chart to show?

0 Karma

fiveitsplunk
Explorer

I need to show the customer answered calls and missed calls.
Calls Missed by Extension and Answered by Extension.

0 Karma

fiveitsplunk
Explorer

I want to create the same as the draft ...
alt text

0 Karma

fiveitsplunk
Explorer
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...