I have a user that wants us to ingest Cisco CallManager Alternate Syslog data into Splunk. These apparently come out of a system known as Real Time Monitoring Tool (RTMT). I was curious if anyone was aware of an existing add-on that might be able to deal with this file format, or if anyone had already worked up the regex for it. Any thoughts? Thanks in advance!
Just FYI, we are running Splunk Enterprise 6.2.3 on a Linux based installation.
I'm not familiar with taking Call Manager data and passing it through that Cisco tool before giving it to Splunk, but there is a very comprehensive Splunk app already created that can read that information directly from Call Manager. You can read about it here at the splunkbase CDR app page, or get a more detailed look at the sideviewapp's page on the same. There's a free 90 day trial, and we found it to be a very good value. Your mileage may vary, but I'd suggest giving the trial a shot and making up your own mind.
We are actually currently testing the CDR app, which is what lead to this question. The app was doing such a good job of dealing with the cdr and cmr records that our Call Manager staff asked us to bring in the AlternateSysLog into Splunk as an additional data source. The SideView CDR app didn't deal with this file type originally.
However, I reached out to the people at SideView to see if they had any knowledge of this file type, and they responded that they didn't currently, but they were interested in looking into it if we could provide some sample data. I let them see the file formats we were looking for, and they were VERY helpful in getting the data ingested. I can not say enough about the people at SideView. They were willing to help and they were extremely friendly and easy to get along with. They even said that it was possible that future versions of the CDR app may include this file type (no promises, but at least they were open to the idea). Fantastic group over there.