Install the Sideview apps
If you have Splunk admins, make friends with them if you haven’t already. They can probably do this in their sleep. Even if it’s just you, these two steps should only take a couple of minutes.
Create a new index in Splunk called “cisco_cdr”
If you or your Splunk admins have a preferred way of creating indexes, just do that and get an index called “cisco_cdr”. If you do not, follow the instructions below.
Install the two required Sideview Apps
Once the index is created, continue to installing the two Sideview apps. You don’t need to be a Splunk expert to do this.
Note : If Browse More Apps does not work, for instance because you are on an air-gapped network or if Splunkbase integration is disabled, that’s fine. Just go to the Splunkbase page for Canary and download it as as a .tgz file, then do the same for Cisco CDR Reporting and Analytics. Assuming your account is a Splunk admin, you can install them by going to the Manage Apps page and clicking Install App From File.
Note : If instead of Install it says View on Splunkbase, this means your Splunk user account does not have the ability to install new apps. Engage the help of your local Splunk admin team.
Note : If you are using Splunk Cloud and it says you cannot install our apps, contact us, because something is wrong. Our apps are approved for Splunk Cloud and we will investigate and reach out to the Cloud folks and get you going.
Get a trial license for the app
You should now have both the Canary and Cisco CDR Reporting and Analytics apps installed. Don’t worry that the Cisco CDR landing page complains that you have no data yet, the next step is to enable the data collection system.
If you have any comments at all about the documentation, please send it in to email@example.com.