IP500v2 R11.0.4 - call info shows up in Overall Performance but not Detailled Calls panel.,Our Detailled Calls panel shows no data, but we see call info in the Overall Performance panel. This is with an IP500v2 R11.0.4 - maybe the SMDR data is being parsed differently in the new Avaya version(s)?
Below, some tips to make this application work
The most frequent problems are related to problems of communication between Spkunk and Avaya IP Office.
In your Splunk software choose the Avaya Call application.
If you want to use an Index (It’s better), you can set it in Splunk Settings / Indexes / New Index as below.
It is mandatory to define source in Splunk Settings / Data inputs / TCP as below.
Choose TCP port source, tcp-raw as Source Type and your Index Name.
After, you can edit the sourcelog macro in Advanced search / Search macros and put your specifics inputs as below.
For example :
If you have a specific index, replace the quotation marks “” in the sourcelog macro with index=ipo
If you haven’t a specific index, replace the quotation marks “” in the sourcelog macro with the IP Office address host=10.1.1.1
If you haven’t a specific index, replace the quotation marks “” in the sourcelog macro with the source="tcp:6969"
If you want to know if you are receiving logs from the IP Office :
In Search, enter your host and your index, for example : host=10.1.1.1 index=ipo
If you haven’t index, in Search, enter host only, for example : host=10.1.1.1
Click on Data Summary.
You should now see the IP address of your Avaya IP Office.
If you do not see the host of your IP Office, check the connection between Splunk and your IPO, check your firewalls, check that you have created the correct entry in DATA INPUT.
This is an old thread, but when I researched this myself, I was able to figure out what was going on here. As I could not find more documentation, and the authors PDF download goes to a broken link I am sharing how I got this to work. Per the App authors response, if you can see the SMDR data coming in while you search, you need to tell the app where to look for the data.
This is the bare minimum that I did to get Avaya Call to work:
1) After installing Splunk Enterprise, download the Avaya Call .tgz file on his app page
2) Extract the .tgz archive to receive a .tar. Extract the .tar archive to SPLUNKINSTALLDIRECTORY\etc\apps\ (I used 7Zip to do this), and then restart splunk
3) In your Splunk Web portal, go to Settings --> Indexes --> New Index
4) Set the Index Name to something like 'IPO', and then set the App to AVAYA CALL under General Settings and hit Save.
5) Now go to Apps --> AVAYA CALL --> Start with the Dashboard view "Overall Performance" and click Edit. Switch the Edit Dashboard mode to 'Source'.
6) Search the dashboard source code for 'sourcelog'. You should find 'sourcelog' as the first string in every <query> section. Delete 'sourcelog' and replace it with index=THENAMEYOUGAVEYOURINDEX. Repeat for every entry, and click Save.
7) Repeat step 6 for the other 5 dashboards.
😎 Login to your IPO and go to System --> SMDR. Set the Output to SMDR Only, set the SMDR IP Address to the IP of your Splunk server, and set the port to 6969 (it doesn't have to be 6969, this is what the author used in their example). Check off Call Splitting for Diverts, and click OK. Save the IPO with save type MERGE (you shouldn't have to reboot the IPO).
9) Return to the Splunk Web portal and go to Settings --> Data inputs --> Local inputs --> TCP --> Add new
10) On the first page (Select Source) type in the same port you used on the IPO (I.E. 6969). If you wish, set 'Only accept connection from' to the IP of your IPO (not necessary). Hit Next.
11) On the second page (Input Settings): Select --> Select Source Type --> Search for tcp-raw. Now set the App context to AVAYA CALL. Set the Host method to IP. Set the Index to the Index you created earlier. Hit Review, double check the settings, and then hit Submit.
12) Place some test calls and return to the AVAYA CALL dashboards and review the data.