Standalone Installs – Choose Hardware
Although in Splunk terms CDR data is generally small, in production you will still want to have it on a nice server, or a very nice VM. Specifically:
- Nice fast disks that can do around 1000 IOPS. Some ballpark disk counts: for 15k RPM disks, 1000 IOPS would require 6 or more in RAID 10, for 10k RPM disks that would require 10 or more in RAID 10, or for SSD that would be a mirrored pair.
- 8 or more cores (ie dual quad-core)
- 16GB RAM or more
For the 90 day trial, Splunk *can* also run on lesser hardware to some degree, especially if you know this trial will *only* be indexing the CDR data. Be warned – although it may run fine otherwise, the UI may be quite slow to load and reports will take a long time to complete.
Standalone Installs – Install the Splunk Server
To download the Splunk Server, click the following link and on the following page pick the version appropriate to your platform.
Download and install Splunk
NOTE: that you do NOT want the “Splunk Light” product but rather Splunk Enterprise. Splunk for Cisco CDR will not run on Splunk Light.
Standalone Installs – Setting up an SFTP/SSH server
This step is a requirement of CallManager. Its native ability to send CDR data uses SFTP, sending data once per minute for any calls that terminated in that previous minute. In order to receive this data, we need an SFTP server somewhere.
In a standalone install on a Windows server, you will need a Windows-compatible SFTP server (not client). One place to start might be the free SolarWinds SFTP/SCP Server. Commercial options also exist, such as WinSSHD.
On the other hand if you’re running Splunk on a Linux or Unix system, just make sure sshd is up and running, and that the CallManager host has a route to it.
In either case, create a user and password inside your SFTP server that Call Manager can use.
- Confirm that you can log into the SFTP server using that username and password using FileZilla (port 22) or some other SFTP client.
- Confirm that you can upload a file to the SFTP server using that username and password.
- Confirm that the resulting file, as saved on the file system, is in the location it should be.
Please correct any issues in this before moving on. Once you have a working SFTP server, continue on to the next section, Callmanager Configuration.
Distributed Installs – if your company already has Splunk Enterprise deployed….. Befriend your Splunk Admin(s)!
Many if not most Splunk Apps can cause headaches and frustration for Splunk administrators. Our app is not like those. Here are some bullet points you can send to your Splunk admins to try and convince them that they wont regret installing this app for you.
- The actual CDR data is tiny in Splunk terms and won’t cause license problems.
10,000 calls a day is on the order of 15MB/day of CDR (Note MB not GB) which is probably insignificant relative to your current Splunk license size. Also it’s likely the extra resource load from indexing the data will not be measurable.
- Our app puts no passive search load on the Splunk instance.
We don’t have any big scheduled searches or accelerated data models going, so installing our app won’t by itself cause any extra load on the Splunk deployment.
- There is a TA available on Splunkbase!
You won’t have to do any work teasing apart the app to figure out what config files need to go on forwarders, because we provide a TA you can download from Splunkbase to put on your forwarder – “TA for Cisco CDR Reporting and Analytics“.
- In the event of any problems or concerns or questions or nits about our docs, contact us.
Give your admin our email and phone number for good measure!
Distributed Installs – Overview of requirements
For existing, distributed environments, it’s very likely the Cisco CDR Reporting and Analytics can run in your existing infrastructure. Needs vary, but generally the only infrastructure we’ll need is:
- A data collection node.
This can be any already existing UF/HF that can receive SFTP (e.g. any *nix box usually or a Windows box with SFTP software). Or a small VM with the UF can be created specifically for this use – from our experience a *nix virtual machine with 5 GB of free disk space, 2+ GB of RAM and 1-2 cores should be more than sufficient for even fairly large installations. This will get the Splunk Universal Forwarder installed on it, and a copy of the small app “TA_cisco_cdr” applied to it and configured. The TA_cisco_cdr for data collection can be deployed via Deployment Server with no issues.
The indexes involved generally have low space consumption. A custom index is *highly* suggested and a sample config for that is in the app. Apart from having an index created on them, there is no other customization needed on the indexing tier.
- Search Head(s)
This is where the main application (the Cisco CDR Reporting and Analytics app) will be installed. The Cisco CDR Reporting and Analytics app is fully compatible with both standalone non-clustered Search Heads and on a Search Head Cluster. An existing SH can be used if one has some spare capacity, or a new one can be created to only run Sideview Utils and the Cisco CDR Reporting and Analytics app.
After reading and digesting the above, please continue on to the next section, Callmanager Configuration.
If you have any comments at all about the documentation, please send it in to firstname.lastname@example.org.