All Apps and Add-ons

Sideview App for CDR : open questions

asarolkar
Builder

Hi guys:

We are looking to monitor amongst other items FOR an instance on which Cisco Call Manager Runs (Cisco CDR)

i) the JVM Usage
ii) CDR statistics

This two-part question is a Splunk best practices question about how to go about accomplishing the two tasks above:

i) I want to install a Universal Forwarder on the instance on which Cisco CDR actually lives - and push data to an indexer using this App ( the app is installed on the same box as the Universal Forwarder)

Apparently based on this BLURB here THAT is NOT how this app works.

http://sideviewapps.com/apps/splunk-for-cisco-cdr/docs/getting-the-data-out-of-callmanager/

Can anyone who has actually done this step up and help us with some good ol' advice ?

ii) Of all the apps listed here

http://sideviewapps.com/apps/sideview-utils/

Which app is the most beneficial to install if data is to be captured in Splunk particular to CDR performance metrics only ?

Also, are ANY of these apps known to provide JVM metric data for Cisco CDR on which they are installed ?

Thanks,

0 Karma
1 Solution

sideview
SplunkTrust
SplunkTrust

Hi there. I'm the owner of the Splunk for Cisco CDR app.

The Splunk for Cisco CDR app will index all your Call Detail Records and Call Management Records. Out of the box it won't help you with your JVM metrics data. (although I'd be happy to help you and I can try and add the functionality to a future release of the app).

Between the CDR and the CMR data, the CMR data as you know contains fields around call quality. While this lies pretty close to "performance metrics", I'm not at all sure it's what you mean particularly given your later reference to the JVM perf data.

So... I think you're looking for performance data from the underlying host, and no I'm afraid the app does not provide anything there as of today.

However I'd love to talk with you about it and I'm confident that I'd be able to add at least some of what you're looking for to the app in a future release. A conversation with you and/or some sample data would greatly improve the odds of such a feature appearing sooner. The app is doing well and the customer base is growing but that's no reason to stop adding features if they're valuable ones.

As far as using the Universal Forwarder, let me just caution you about using the UF to index the CDR and CMR data. I've talked to a great deal of people over the years and those setup docs represent a great deal of evolution. Put simply the reason that that app's setup docs have you use the 'external billing server' mechanism for the CDR/CMR files is just because it really is the simplest and the fastest method for the end-user. It's a very long story though, the short version of which is that Splunk forwarding (including both UF and heavyweight forwarding), and Splunk's features around the automatic indexing and field-extraction of CSV files, do not play at all well together. And on the plus side, Cisco's external billing server mechanism is quite surprisingly workable and reliable.

As far as the JVM metric data though, assuming it's not in a csv format then no such problem exists. As such the UF is certainly a very reasonable way to get that data into Splunk.

tl;dr = contact me and I'll be happy to help get you where you're trying to go.

View solution in original post

sideview
SplunkTrust
SplunkTrust

Hi there. I'm the owner of the Splunk for Cisco CDR app.

The Splunk for Cisco CDR app will index all your Call Detail Records and Call Management Records. Out of the box it won't help you with your JVM metrics data. (although I'd be happy to help you and I can try and add the functionality to a future release of the app).

Between the CDR and the CMR data, the CMR data as you know contains fields around call quality. While this lies pretty close to "performance metrics", I'm not at all sure it's what you mean particularly given your later reference to the JVM perf data.

So... I think you're looking for performance data from the underlying host, and no I'm afraid the app does not provide anything there as of today.

However I'd love to talk with you about it and I'm confident that I'd be able to add at least some of what you're looking for to the app in a future release. A conversation with you and/or some sample data would greatly improve the odds of such a feature appearing sooner. The app is doing well and the customer base is growing but that's no reason to stop adding features if they're valuable ones.

As far as using the Universal Forwarder, let me just caution you about using the UF to index the CDR and CMR data. I've talked to a great deal of people over the years and those setup docs represent a great deal of evolution. Put simply the reason that that app's setup docs have you use the 'external billing server' mechanism for the CDR/CMR files is just because it really is the simplest and the fastest method for the end-user. It's a very long story though, the short version of which is that Splunk forwarding (including both UF and heavyweight forwarding), and Splunk's features around the automatic indexing and field-extraction of CSV files, do not play at all well together. And on the plus side, Cisco's external billing server mechanism is quite surprisingly workable and reliable.

As far as the JVM metric data though, assuming it's not in a csv format then no such problem exists. As such the UF is certainly a very reasonable way to get that data into Splunk.

tl;dr = contact me and I'll be happy to help get you where you're trying to go.

View solution in original post

asarolkar
Builder

Thank you ! You should hear from us shortly !

0 Karma

sideview
SplunkTrust
SplunkTrust

Also, I've made a licensing change that allows companies to use Sideview Utils for internal use only. Full details are on the site http://sideviewapps.com/apps/sideview-utils/ if you click "download full version (internal use only)". But the short version is that you no longer need to buy a license for Sideview Utils if you're going to use it only for internal use and you're not developing anything for third-parties.

sideview
SplunkTrust
SplunkTrust

The app has extensive setup docs and among other things, they discuss the 'external billing server' stuff and how that works here: http://sideviewapps.com/apps/splunk-for-cisco-cdr/docs/set-up-ftpsftp-on-the-splunk-host/

As far as the pricing, Although Sideview Utils of course contains a lot of code and UI elements that allow the apps to do their thing, I wouldn't say that Sideview Utils can "do the work of all the other apps combined". 😃 A great deal of work went into the other apps, particularly the Cisco CDR app.

asarolkar
Builder

see my response below ! Thanks

0 Karma

asarolkar
Builder

Hi there:

Thanks a bunch for your response !

Sorry for the delay in getting back to you. We have been busy in some non-Splunk-related work and I did not have an opportunity to get back to you.

I can independently capture JVM metric data using other tools or perhaps a standalone client that captures and pushes this data via UF. That attribute can be extracted in several ways and the fact that it is not provided by default within sideview is not a dealbreaker.




Switching gears to the advice that you provided about staying away from Universal Forwarder (UF) based indexing of CDR and CMR data, I would like to research this a bit further before I get back to you.

I need to fully understand how the 'external billing server' mechanism works. Based on what I know about our architecture, the Windows CISCO instance where the logs(by logs I mean CDR and CMR data) get generated will be different and separate from our Windows Splunk indexer instance that captures data all data sent to it from every instance on which a LF is installed.

Without a UF on the CISCO box, how would these metrics be relayed from the CISCO instance to the Splunk instance ?

Can you perhaps provide some insight into this ?




Also and this is a separate THIRD THREAD, if you could speak to how the license purchase system works -- in terms of buying licenses for sideview apps a-la-carte (say one were to purchase a license for Splunk for Cisco CDR and Splunk for WinSSHD ONLY). How does that compare in terms of price points, to buying a license for just SideView Utils which can do the work of all the other apps combined ? What are the price points and what is the benefit to going one way or another ?

Thanks.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!