Installation Overview

There are a variety of ways to have Splunk installed, and how Splunk is installed in your environment will make a big difference in how you will install and configure our app.

But first, do you have a trial or production license key to use?  Getting one is easy, just follow this link and follow the simple instructions.

Once you have a license key, find the installation most similar to your own and follow its links to install!

(The images are clickable, and there’s a link in each description too!)

I have no Splunk at all!

In this case, you’ll need to install Splunk first.  There are some hints for how to do this at our “No Splunk” page.

Single, Standalone Splunk Server

This installation assumes you have Splunk installed on a single host and that you’ll use that *same* host as the SFTP server for CUCM to send data to.  Note you can’t SFTP directly to *Splunk*, but you can install other software on the Splunk host to accept SFTP (the instructions talk about this).

This is a common scenario for Voice teams using Splunk only for our app, and works fine up to perhaps a hundred thousand calls per day.

Single Splunk Server with Separate SFTP Server

We’re still using a single *Splunk* host, but the path data takes to get into Splunk from CUCM now passes through a separate SFTP server.

If you already have an SFTP server you want to use but otherwise have no Splunk, you may want this scenario.

Distributed Splunk Architecture

There are nearly infinite variations on this theme, but you’ll find that for the purposes of our app, it really just means that

  • your SFTP host is separate from your Splunk servers
  • you use a Splunk Indexer server or servers that is separate from your Splunk Search Heads
  • and that you have a good idea what you are doing already.

If that’s the case, we’ve got instructions for you too.  Well, for you if you are the architect, or for your Splunk Admins if you aren’t.  Follow along the instructions for a distributed Splunk architecture, or send that link to your Splunk folks.

If you don’t know what I’m talking about here, then this option is very likely not for you.

Splunk Cloud

Using Splunk Cloud simplifies a few parts of the installation, though not all of them.

You will still need a host that runs and SFTP server, and on that host you will install a Splunk forwarder and configure it to read the files the SFTP server creates and send those into your Splunk Cloud.


If your Splunk architecture is different from the above, feel free to contact us at  We’re happy to talk with you a bit and sort out how you might best proceed.


If you have any comments at all about the documentation, please send it in to