Cisco CDR Reporting and Analytics


Installation and setup


on Splunk 6.0 only – data input patch

This documentation has been superceded, and this page left here only for people who retained their own links to the old version.

We are working to get the 3.0 version of the app out the door, along with a better way to handle this problem,  but there is a bug in Splunk 6.0 that we have to patch here.

If you are using Splunk 5.0 or 4.3,  you can skip this step.

a) Go to Manager > Data Inputs
b) Note the “app” listed under the 2 data inputs (cdr_* and cmr_*) that you you just created.    It *should* be “cisco_cdr” if you went slow and followed the setup instructions exactly.  If so, great.  However very often customers do not follow the instructions to the letter and often the data input ends up in either in the “search” app or the “launcher” app.   This is fine. Just note where they are.
c) Now on the filesystem go to $SPLUNK_HOME/etc/apps/<APP>/local and open the inputs.conf file you will find there.   Note that <APP> is the app you noted in b.  Hopefully the both ended up in the same app at least.
d) find the 2 stanzas corresponding to the 2 data inputs you created during setup.
e) Inside each of the 2 stanzas,  add this key:
initCrcLength = 5000
f) restart Splunk.
g) Splunk will now index the CDR and CMR files it had previously been ignoring.
It will also re-index a tiny handful of files it had already indexed, but since it will only be a tiny fraction of 1%, you probably will never notice any ill effects during your trial. And as time goes on the duplicated data will age out.
Again, we apologize for the necessity of this workaround and we’re rushign to get the 3.0 version of the app out the door so it can just work out of the box.

If you have any comments at all about the documentation, please send it in to