All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Create reports

fiveitsplunk
Explorer
‎08-14-2019 02:00 PM

I need to create the following reports, but I have difficulty making the proper queries (i using splunk and SideViews).

Answered Calls ("removing as source ID" / except from number = 1234,5687,4444,4321) are entered in the chart as Answered.
Currently this filter below meets me partially, but I can not see the way I need, I want to show only 01 column with the Total.

===========================
cdr_events

| stats first (callId) as callId list (callingPartyNumber) as callingPartyNumber list (duration) as duration list (durationStr) as durationStr list (eventtype) as eventtype by globalCallID_callId globalCallID_callManagerId globalCallId_ClusterID
| search duration = 0 (eventtype = "incoming_call") | chart dc (callId) over callingPartyNumber | sort 0 callingPartyNumber

===========================

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎12-09-2019 09:17 AM

I'm going to do this the UI way, since it all can be done from there. I'll include a few links as I go through it to blogs or docs we've written that can be used as reference information.

(Also note SOME of this is stuff you've already done I'm sure, I'm just including it here to make it complete)

Starting out -

First, find the calls you want. So in Browse calls up in the enter number(s) area, you'd type in the 4 extensions you want (1234,5678,4444,4321) and also pick incoming, outgoing and other items like that. There's more information about doing this - not that I expect you need it - in our user docs on searching for Numbers and Parties.

Now, how do we know if it was "answered" or not? There's quite a few ways and it sort of depends on exactly what you mean my "was answered". In this example I'm going to define (rather simplistically) any call that ended up in a dest_device_type of unityvm to be not answered, and all others answered. This is probably not going to work for you, but it'll work as an example (and who knows, maybe it will be fine enough given the extensions you want to track!) Other options might be in some cases just "legs>1" because answered calls to those numbers are handled and unanswered ones hop around to other lines/extensions. Sometimes it's a duration and who picked up in combination.

So I add the field dest_device_type to my fields (via field picker in the upper right) so that I can browse these calls and see that indeed, this will work for my field I'll use later to split the calls up by answered vs. unanswered.

Now, near the upper right click "Graph calls over time". All your settings for numbers to search for will come over, and by default it'll be a count of calls over time for those extensions/numbers, in that direction (etc...). So let's do some magic here.

In the advanced field, we're going to use an eval a new field, called "wasAnswered" that is set to "Not Answered" if the dest_device_type is unityvm, and "Answered" otherwise. So type in eval wasAnswered=if(dest_device_type="unityvm", "Answered", "Not Answered") (or copy and paste it, but be SURE to double-check your browser/copy/paste/whatever didn't change those dumb quote (") marks to the "smart" ones!). You can see some examples in a blog we made on using custom fields.

Then, - and this is IMPORTANT - run that search once. Running the search is what actually creates that field.

Now that you've done that, check down in the "over time" drop-down. You can drop that down and way at the bottom (because alphabetical!) is "over wasAnswered"

Pick that and ... that should give you the results you were looking for!

Happy Splunking.
-Richfez

0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎08-14-2019 02:24 PM

Can you update the question with what your desired end goal is? It sounds like maybe you want a single number representing all answered calls from any of those 4 extensions?

There are some other pieces that you want to introduce but before I start answering I want to make sure I understand the question. Ideally if you could give a brief description of the goal and then specify what you want the table columns to be, or what you want the chart to show?

0 Karma
Reply

fiveitsplunk
Explorer
‎08-16-2019 08:06 AM

I need to show the customer answered calls and missed calls.
Calls Missed by Extension and Answered by Extension.

0 Karma
Reply

fiveitsplunk
Explorer
‎08-16-2019 08:04 AM

I want to create the same as the draft ...
alt text

0 Karma
Reply

fiveitsplunk
Explorer
‎08-16-2019 08:05 AM

https://drive.google.com/open?id=1sn5VMbmMsgd5mSM1JybDGFXybqlKRCMC

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...