Splunk Cloud

Note this process is in flux; Splunk is changing how some of this is done, so while we’ll try to keep it updated, know that instructions here *may* lag slightly behind how it’ll have to happen.  If you hit any snags, let us know!

• IN YOUR CLOUD
  • Ask support to install the three Sideview apps –
    • Canary https://splunkbase.splunk.com/app/4697
    • Sideview Utils (free internal use license) https://splunkbase.splunk.com/app/1486
    • Cisco CDR Reporting and Analytics app https://splunkbase.splunk.com/app/669
  • Also ask support to create a separate and new index called “cisco_cdr” on the indexing tier.
  • The rest of the apps go on the SH.
  • No IDM is required or useful, the actual input goes on your heavy forwarder on premise.
  • SSAI cannot be used, because the input on the SH is actually a migration and management script – not an input at all, but required for operation.
  • Also ask support to not set “replicate=false” for the lookups in our app.  I don’t think this is a thing they do often, but it’s happened at least once.
• WAIT while that’s done.
  • Please note – we *are* cloud compatible.  We have a significant portion of our installations already in cloud, and they’re fine.
  • But, we are sufficiently different, larger, and more complex than nearly any other third party app they install in cloud that sometimes the process isn’t as smooth as it could be.
  • So, If you get any responses from Splunk that seem to indicate otherwise, just forward them to us and we’ll get it straightened out.
• Install a trial license key in our app on the search head (or full key if it’s available)
  • Install it in the Cisco CDR Reporting and Analytics app via Setup > Update License (instructions)
  • If you don’t have the license key –
    • For trials – get a trial from our “Get Trial License” page.
    • For full licenses – get it from the official contact who should have it in an email
    • Or drop us a line at support@sideviewapps.com and we’ll figure it out.
• ON YOUR SFTP SERVER, Configure the SFTP.
  • Outside of the scope for us, but here’s some pointers/tips for a Windows or for Linux forwarder.
• ON YOUR SFTP SERVER, Install and configure the universal forwarder.
  • Download and install that Universal Forwarder instance. You can download the UF from here.
  • Configure the UF so that it can send data to your Splunk Cloud instance.
  • Configure the UF’s inputs so that it will read your CDR data.
• IN CUCM, add a new Billing Server entry pointing to your SFTP server.
  • • See our Call Manager Configuration documentation, complete those steps and come back here.
    • If there are no empty Billing Server slots left, please contact us to discuss how to share a billing server entry with another app.  There are details to be aware of.

Next steps!

• Important – Configure your clusters.  This should only take a few seconds.
• Sites – Add IP address ranges to identify sites, see cross-site call volume, and to optionally enable mapping to work for your own infrastructure.
• Groups – Track calls by ‘groups’ of people – ‘groups’ being whatever you’d like to define as a mapping of groups, subgroups, and names to extensions. Use it to report on your sales team, help desk or to build your own mini call center.

If you have any comments at all about the documentation, please send it in to docs@sideviewapps.com.