Reference pages


Install the apps

This page walks you through installing the three apps you will need to have installed if your installation is on prem.

If you are a Splunk Cloud customer and installing it on there, it gives guidance on what to tell Splunk Cloud Support.

In both cases, it also walks you through applying your Cisco CDR Reporting and Analytics license key to your install.

All Installs – Get your license key (trial or full version)

Trial license keys –

  1. Go to our “Get Trial License” page.
  2. Fill out the short form and click Submit.
  3. Watch your email for an email with your 90 day trial license string.

 Full license keys –

  1. Check recent emails from us – particularly around your last renewal – the license key will generally be in there.
  2. If you can’t find one you can certainly contact us! But also you can go to the “Download Full Version” page.
  3. Put in one of the email addresses associated with the account and submit.
  4. Watch your email for an email with your license string.

In both cases:

  • Be aware the email can take a few minutes to get through your spam filtering.
  • If no email shows up, just complete the steps again – for some reason the second time through it gets caught as spam less often and is much faster.
  • We do NOT do anything else with your email except to follow up with you about your trial or app.  To be explicit:
    • We don’t sell it,
    • We don’t give it to anyone,
    • We don’t let others have it, use it, or see it
    • It’s just for our internal use for our own products.
    • So if you get spam, it wasn’t because of us!

All Installs – Important Notes

Splunk Cloud users

If you are Splunkcloud, you may or may not be able to use this process.  “Self Service” Splunkcloud installers should be able to, but other cloud users  will need to contact support and ask for the latest version of both apps to be installed from Splunkbase.  You will still need to apply your own license key, so in this case skip to the bottom of this doc.

Search Head Clusters

If you are on a SHC, please perform all this work on the Deployer, then push the configuration.  If you don’t know what this is, it’s likely not something that affects you so don’t worry about it.

Everyone (SHC, Standalone, Distributed, … all of you)

The Search Head tier is the only tier that needs to have these three apps installed. If you have a single combined Search Head and Indexer, it will need all pieces installed on it as well. Here’s how to do it from the Splunk UI.

(If you can’t use the standard “Browse More Apps” way from the Splunk UI, you could just go to splunkbase and search for all three, download each, then use the “Install app from file” inside Splunk.)

All Installs – Install Sideview Utils, Canary and the Cisco CDR Reporting and Analytics App

If your Splunk server has internet access, follow the following method.  (If your Splunk server does not have direct internet access, see a little farther down for the right section).

You could do these three separately, but in a fresh install, we believe the easiest method is to install both directly from Splunk’s “Browse more apps” feature.

  1. Log into the Splunk UI as an admin user.
  2. Click the “splunk>enterprise” logo in the upper left
  3. Click the gears icon next to Apps
  4. In the upper right, click Browse more apps
  5. In the resulting page, type or paste in “sideview” and press enter

  6. This will display several apps – we need three
    • Canary
    • Sideview Utils (free internal use license)
    • Cisco CDR Reporting and Analytics
    • like this:

  7. Click Install beside Canary and follow the prompts.
    • It may or may not require a restart.  We don’t need to yet, so if it asks you to restart click Later.
    • The log in it requires is for Splunkbase, which is not the same as your local Splunk installation’s admin username or password.  You can create a new account if needed at
  8. Click Install beside Sideview Utils (free internal use license) and follow the prompts.
    • It should not require a restart and not ask, but if it does ask to restart click Later.
  9. Click Install beside Cisco CDR Reporting and Analytics and follow the prompts.
    • Restart when it asks.
    • If for any reason it doesn’t ask to restart, please click Settings, Server Controls and restart from there.

We have recently seen admins set lookups to be not replicated to the indexing tier (using the setting “replicate=false” in the stanza for the lookup). This is not an optimization for our lookups – setting this will actually both decrease performance and also cause warnings and errors. We are happy to explain why if you’d like to know, but for now just take our word for it. Do not set the lookups to be “replicate=false”.

NOTE: If you have any error at this point, send it to us at

If your Splunk server does NOT have direct internet access

You can use the instructions above, with just a few easy changes.

  1. Go to the following urls at Splunkbase, and for each click the big green “Download” button on the right.
  2. After those have been saved, follow steps 1, 2 and 3 above on your Splunk server (well, in it’s interface – you can do this from your local web browser)
  3. When you get to step 4, do not click “Browse more apps” instead click the second button, “Install app from file”
  4. Follow the little wizard each time, selecting each file in turn.
    • You WILL want to check the “upgrade app” each time.  Just in case!
    • You do NOT need to restart each time, just be sure to do it after the last install!
    • If for any reason it doesn’t ask to restart after the last one, please click Settings, Server Controls and restart from there.

All Installs – Apply your license key

  1. Log into the Splunk UI as an admin user.
  2. Click the “splunk>enterprise” logo in the upper left
  3. Click on the Cisco CDR Reporting and Analytics app
  4. The app’s home page will detect you do not have a license installed, so click the license page shortcut

    (You can also get to it by clicking Setup, then Update License in our menus)
  5. Paste in your license string, then click Replace License
  6. Confirm that the information that subsequently displays is correct.

An alternative if you don’t have UI access (or are already sitting in an ssh session with the server) –

  1. Find and edit your $SPLUNK_HOME/etc/apps/cisco_cdr/local/sideview_license.conf file
    • Create it if it doesn’t exist (note permissions!)
  2. Add the license key to the stanza [cisco_cdr], like
    • [cisco_cdr]
      license = blahblahblah
  3. Save and close and restart Splunk.

What’s next?

Once you have those apps installed, proceed to the next section, Configure Splunk to index the data.

If you have any comments at all about the documentation, please send it in to