Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there an existing add-on or other way of indexing Cisco CallManager RTMT Alternate Syslog data?

mgranger1
Path Finder
‎11-13-2015 08:10 AM

Hey Gang,

I have a user that wants us to ingest Cisco CallManager Alternate Syslog data into Splunk. These apparently come out of a system known as Real Time Monitoring Tool (RTMT). I was curious if anyone was aware of an existing add-on that might be able to deal with this file format, or if anyone had already worked up the regex for it. Any thoughts? Thanks in advance!

Just FYI, we are running Splunk Enterprise 6.2.3 on a Linux based installation.

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎12-20-2015 06:46 PM

I'm not familiar with taking Call Manager data and passing it through that Cisco tool before giving it to Splunk, but there is a very comprehensive Splunk app already created that can read that information directly from Call Manager. You can read about it here at the splunkbase CDR app page, or get a more detailed look at the sideviewapp's page on the same. There's a free 90 day trial, and we found it to be a very good value. Your mileage may vary, but I'd suggest giving the trial a shot and making up your own mind.

0 Karma
Reply

mgranger1
Path Finder
‎12-30-2015 06:38 AM

Rich,

We are actually currently testing the CDR app, which is what lead to this question. The app was doing such a good job of dealing with the cdr and cmr records that our Call Manager staff asked us to bring in the AlternateSysLog into Splunk as an additional data source. The SideView CDR app didn't deal with this file type originally.

However, I reached out to the people at SideView to see if they had any knowledge of this file type, and they responded that they didn't currently, but they were interested in looking into it if we could provide some sample data. I let them see the file formats we were looking for, and they were VERY helpful in getting the data ingested. I can not say enough about the people at SideView. They were willing to help and they were extremely friendly and easy to get along with. They even said that it was possible that future versions of the CDR app may include this file type (no promises, but at least they were open to the idea). Fantastic group over there.

Thanks,
Matt G.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...