This document contains the steps required to

  • Install the SA_cisco_cdr_axl app into Splunk (if you haven’t already)
  • Enable the AXL Web Service in CallManager
  • Create a group in CUCM “Standard AXL Access” to provide the permissions the AXL user will require
  • Create an AXL user
  • Retrieve and install the wsdl and xsd files needed
  • Configure the app with the credentials it will need
  • Test that the configuration is valid.

Install the SA_cisco_cdr_axl app into Splunk (if you haven’t already)


  1. Log into Splunk
  2. Get to the “Manage Apps” page – either using the Apps menu at the top left of most pages in Splunk, or by going back to the “Launcher” app and clicking manage apps at the bottom left.
  3. Click the green button to “Browse more apps” in the upper right.
  4. Search for Cisco AXL and you’ll see our app.
    1. You should be able to just click “Install” and it will prompt you to restart Splunk after. If you see the app from that page but you don’t seem to be able to Install it, please contact us.
  5. ALTERNATIVE: If your Splunk admins have locked down your instance such that it can’t talk to Splunkbase, then you can download the tar.gz direct from Splunkbase and save it locally. Then in that same “Manage Apps” page from above you’ll see an “Install App From File” button. Click that and follow the prompts.


Enable the AXL Web Service

These steps enable the AXL web service to work.  Regardless of user account permission settings, if the base service for AXL isn’t enabled the AXL lookups can never work.  You *may* find this is already enabled on your system. If so, just move on to the next section.  🙂

Experts: Check that the Cisco AXL Web Service is started and running.

If you need more specific directions –

  1. Log into the Cisco Unified Serviceability application using an administrator account.
  2. Browse to Tools, then to Control Center – Feature Services.
  3. Select your CUCM server from the drop down asking which server to configure, then click Go.
  4. Browse that list, find the Cisco AXL Web Service and depending on your version either …
    • (for older CUCM versions) make sure there is a check mark beside it to enable it then click Save.
    • (for newer CUCM versions) confirm its Status says Started.  If it is not, click it and click Start at the bottom.

Create group “AXL Service User”

This creates a group that we call “AXL Service User”, which has the rights/permissions inside CUCM for allowing anyone that’s a member of this group access to the AXL information.  This is needed so that the user we create in the next step can be added to this role, and thus can access AXL.

Experts: Create a User level Access Control Group, then assign that group to include role AXL API Access.

Or, follow along below:

  1. Log into the Cisco Unified CM Administration application using an administrator account.  NOTE you can access it from the “Navigation” menu in the upper right if you came to this section straight from the Enable the AXL web service section above.
  2. Click User Management, User Settings then Access Control Group.
  3. Scroll to the bottom of the list and click the Add New button.
  4. Type in AXL API Access for the name and click Save.
  5. In the upper right, to the right of Related Links: (Which should say “Back to Find/List”)  click Go.
  6. (You might find that you have to “Find” the AXL user we just created)
  7. To the right of the newly created Access Control Group AXL API Access, click the “i” button under Roles.
  8. Click the button Assign Role to Group.
  9. In the “Find and List Roles” window, click Find to have it display all available Roles
  10. Click the checkbox beside Standard AXL API Access.
  11. At either the very top of the page or the very bottom, click Add Selected.
  12. Click Save.  (Note this page refreshes with “Update successful” but otherwise gives no indications you are done.)

Create an AXL-enabled user

This creates a new user and adds the permissions (via the group created above) required for it to query the AXL information.

Experts: Create a user (name doesn’t really matter) and add it to the above created access control group so that it can query AXL.

  1. Log into the Cisco Unified CM Administration application using an administrator account.  NOTE you can access it from the “Navigation” menu in the upper right if you came to this section straight from the Enable the AXL web service section above.
  2. Click User Management then Application User.
  3. Click the Add New button.
  4. Supply a user name and an appropriate password.  Remember these, we’ll need them later.
  5. For that user, down near the bottom find Add to Access Control Group
  6. In the new “Find and List Access Control Groups” window, click the checkbox beside AXL API Access
  7. At the bottom of the page, click Add Selected.
  8. When returned to the Application User Configuration page, click Save.
  9. Again, this is a screen where the confirmation is subtle – “Add successful” but no other change.
  10. Check the roles and groups applied by going to User Management, Application User, finding the user you created in step 3 above and confirming it lists the Permissions information at the bottom.
  11. Click Save.

Retrieve and deploy the needed files from UCM

Cisco’s licensing does not allow redistribution of the portions of the Cisco Call Manager AXL SQL Toolkit Plugin, so we can’t provide it with the CDR app.  Instead, see the below instructions to retrieve the toolkit and extract and deploy the required files.

  1. Log into the Cisco Unified CM Administration application using an administrator account.  NOTE you may already be in this application if you were following the steps above.
  2. Go to Application | Plugins
  3. Click the Find button once (with default parameters) to populate the list.
  4. Click on the Download link by the Cisco CallManager AXL SQL Toolkit Plugin (older versions) or the Cisco AXL Toolkit (newer versions).
  5. Save the file onto your local system in a convenient place.
  6. After saving the axlsqltoolkit.zip file to your local system, open it with your favorite zip file utility.
  7. Drill down into axlsqltoolkit/schema/<UCM version>/
    (For instance axlsqltoolkit/schema/11.5/ )
  8. Extract the three files you find there – AXLAPI.wsdl, AXLEnums.xsd and AXLSoap.xsd – into a temporary folder.
  9. Copy those three files to your $SPLUNKHOME/etc/apps/SA_cisco_cdr_axl/bin/ folder on the Search Heads.  They can be deployed via most other “generally accepted” Splunk deployment methods.
  10. Restart Splunk!

A soothing word

Just in case you were wondering or worried, we set up defaults in the app:

methodwhitelist = ^list|^get|^help

In other words, we hardcoded some defaults that will prevent nefarious or accidental misuse.  This should put you and your security team more at ease.

Configure the SA_cisco_cdr_axl app with AXL credentials and information

We can now configure the cisco_cdr app with the AXL credentials it will need.

  1. Open Splunk and log in as an administrator.
  2. Open the  Supporting AXL Addon for Cisco CDR Reporting and Analytics app (SA_cisco_cdr_axl).
  3. Click “Update Credentials” at the top.
  4. Enter the publisher host, the port (generally 8443) and the username and password for our AXL user.
  5. Submit the form.


Then try the following to confirm everything is set up correctly:

  1. Open the Supporting AXL Addon for Cisco CDR Reporting and Analytics app.
  2. Click on our Search navigation item near the top.
  3. Paste in the following search and  press enter:
    | ciscoaxl listPhone name=”SEP%” columns=”name,description”

If all is set up correctly, in a few moments (maybe minutes!) you should be presented with a list of all hardphones.

NOTE if your CUCM deployment is enormous you might want to filter that test down to a smaller subset of phones by changing “SEP%” to something more targeted.  For instance “SEP0123%” will only match hardphones phones that have MAC addresses starting with “0123”.

Populating Devices

Now that you have all this set up, it’s probably best to just contact us at support@sideviewapps.com and we’ll help you get your Devices automatically generating.

However, if you look in the Cisco CDR Reporting and Analytics app, there’s a macro called generate_rows_for_devices_lookup.  You can run it as a test like this:

| `generate_rows_for_devices_lookup`

If that returns a big pile of devices (it might take quite a while to run, so be patient!), you could schedule that to run and put its output into the devices lookup.  Obviously, there’s some care needing to be taken and some testing to be done, which is why we’re happy to hop on a webex and walk through those last few steps with you.

So when you get to this point, send us an email!


If you have any comments at all about the documentation, please send it in to docs@sideviewapps.com.