Getting Data In

VoIP reporting via RTCP?


I have seen a couple of apps/blogs/questions regarding integrating voice performance metrics, however it appears (from what I have found) this is a field with limited Splunking to date. I have some basic criteria and short and long term project goals, however I am curious if anyone else has already started an effort in this direction.

I am investigating options for receiving and indexing RTCP reports generated by IP endpoints such as Avaya and Cisco. The UDP stream is directed at the server port of 5005 however Splunk only reports received data as a single "^" or similar symbol. Wireshark shows more detailed information but again once it hits Splunk, all bets are off. Below are some of the data sources of interest for cross referancing and advanced troubleshooting and data analysis:

  • CDR data (simple text string, not an issue)
  • RTP/RTCP reported metrics (no so simple, see above)
  • Periodic user list for cross reference by name/local (long, but again simple text)
  • Dynamic system configurations (exported periodically and processed)
  • and the list goes on.....

Any assistance in getting pointed in the right direction would be greatly appreciated, and I can provide copious amounts of detail and log data to anyone interested.

Tags (3)
0 Karma


RTCP is a binary protocol. Splunk typically doesn't play well with binary formats. In certain cases you can work around that, but it really wants text.

Your best bet will be to install some form of RTCP listener that can write a text-based log file, which Splunk can quite happily consume. Maybe one of these.

Failing that, you could sniff the traffic with TShark (Wireshark's console mode), and dump the output to a file for indexing.


Thank you, I have found the same documentation (most links/programs are invalid) and understand this will need a RTCP listener.

I am surprised however by the lack of interest from the "voice" admins of the world in what they can do with Splunk.

0 Karma