Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

VoIP reporting via RTCP?

Toups
Explorer
‎11-04-2010 09:13 PM

I have seen a couple of apps/blogs/questions regarding integrating voice performance metrics, however it appears (from what I have found) this is a field with limited Splunking to date. I have some basic criteria and short and long term project goals, however I am curious if anyone else has already started an effort in this direction.

I am investigating options for receiving and indexing RTCP reports generated by IP endpoints such as Avaya and Cisco. The UDP stream is directed at the server port of 5005 however Splunk only reports received data as a single "^" or similar symbol. Wireshark shows more detailed information but again once it hits Splunk, all bets are off. Below are some of the data sources of interest for cross referancing and advanced troubleshooting and data analysis:

  • CDR data (simple text string, not an issue)
  • RTP/RTCP reported metrics (no so simple, see above)
  • Periodic user list for cross reference by name/local (long, but again simple text)
  • Dynamic system configurations (exported periodically and processed)
  • and the list goes on.....

Any assistance in getting pointed in the right direction would be greatly appreciated, and I can provide copious amounts of detail and log data to anyone interested.

Tags (3)
0 Karma
Reply

southeringtonp
Motivator
‎11-04-2010 09:40 PM

RTCP is a binary protocol. Splunk typically doesn't play well with binary formats. In certain cases you can work around that, but it really wants text.

Your best bet will be to install some form of RTCP listener that can write a text-based log file, which Splunk can quite happily consume. Maybe one of these.

Failing that, you could sniff the traffic with TShark (Wireshark's console mode), and dump the output to a file for indexing.

Reply

Toups
Explorer
‎11-04-2010 09:51 PM

Thank you, I have found the same documentation (most links/programs are invalid) and understand this will need a RTCP listener.

I am surprised however by the lack of interest from the "voice" admins of the world in what they can do with Splunk.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...