Getting Data In

VoIP reporting via RTCP?

Toups
Explorer

I have seen a couple of apps/blogs/questions regarding integrating voice performance metrics, however it appears (from what I have found) this is a field with limited Splunking to date. I have some basic criteria and short and long term project goals, however I am curious if anyone else has already started an effort in this direction.

I am investigating options for receiving and indexing RTCP reports generated by IP endpoints such as Avaya and Cisco. The UDP stream is directed at the server port of 5005 however Splunk only reports received data as a single "^" or similar symbol. Wireshark shows more detailed information but again once it hits Splunk, all bets are off. Below are some of the data sources of interest for cross referancing and advanced troubleshooting and data analysis:

  • CDR data (simple text string, not an issue)
  • RTP/RTCP reported metrics (no so simple, see above)
  • Periodic user list for cross reference by name/local (long, but again simple text)
  • Dynamic system configurations (exported periodically and processed)
  • and the list goes on.....

Any assistance in getting pointed in the right direction would be greatly appreciated, and I can provide copious amounts of detail and log data to anyone interested.

Tags (3)
0 Karma

southeringtonp
Motivator

RTCP is a binary protocol. Splunk typically doesn't play well with binary formats. In certain cases you can work around that, but it really wants text.

Your best bet will be to install some form of RTCP listener that can write a text-based log file, which Splunk can quite happily consume. Maybe one of these.

Failing that, you could sniff the traffic with TShark (Wireshark's console mode), and dump the output to a file for indexing.

Toups
Explorer

Thank you, I have found the same documentation (most links/programs are invalid) and understand this will need a RTCP listener.

I am surprised however by the lack of interest from the "voice" admins of the world in what they can do with Splunk.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...