Documentation Navigation

Cisco CDR Reporting & Analytics | Release Notes

Release Notes

Version 7.3 (March 20^th, 2024)

Functionality Investigate Devices and Device Detail pages now correctly handles device names that exist on more than one cluster. Likewise ‘cluster’ and ‘clusterId’ are optional fields and form elements as appropriate to those pages.
Functionality Restored the “cancel” button (removed in 7.0). We have also however removed the “print” button.
Fixed a bug in Investigate Devices where if your CDR ever had completely empty values for origDeviceName and destDeviceName the page would output an error “Field ‘deviceNumberUserTypeSite’ does not exist in the data.”
Removed 8.2+ style SPL comments which had crept into a few places, notably the “settings” layer in the top right. This was causing problems for customers running older versions of Splunk (8.0.X and 8.1.X ).
Fixed a bug in Chart where if you already had the primary axis set to something other than “time” and then you set the y‑axis to “max” “concurrency”, the primary axis would fail to reset to “time” and you would get an error.
Investigate Extensions now has optional fields available for failed calls and also percent failed.
Added an optional macro “customizable_filter_for_deployment_stats”. Customers can use this to more narrowly determine which calls from which devices get counted in the “Your Deployment” section on the app’s landing page.
Added a device_type extraction for Analog Telephone Adapter (ATA) devices.

Version 7.2.1 (February 19^th, 2024)

Fixed a bug for customers who have multiple “data types” loaded in the app. When a report was saved using “save report”, the selected data_type(s) would not be saved correctly.
Fixed a problem that affected customers that use Search Head Clustering (SHC) when they updated from pre‑7.2. The bug was that the devices lookup would end up with incorrect fields loaded. This issue is fixed such that customers updating from pre‑7.2 to 7.2.1 or later will not be affected.
Fixed a bug for customers with multiple data_types enabled, where dashboard panels would be created without the proper drilldown logic to set the data_type pulldown in Investigate Calls back to the way it had been when the chart was saved..

Version 7.2 (January 31^st, 2024)

Functionality The primary charts and tables on the Site Detail page now have “Create dashboard panel” buttons on them, so users can easily create custom scheduled-pdf dashboards around calls to/from particular physical locations.
Previously not only Investigate Calls but also Extensions, Devices and other views had functionality, where the search would pause and a “resume” button would appear if any search took more than 10 seconds. This has been changed so that this functionality is now restricted to Investigate Calls.
The “Set up data inputs” page, applicable only to standalone / single-instance deployments, has been reimplemented. This was mostly because the previous implementation used some Splunk features that are now deprecated.
Fixed a bug where if a user typed only an asterisk into the ‘number’ field it would slow down the search greatly for no actual benefit.
Fixed a subtle bug around charts on dashboard panels. If you saved a chart with stackMode on but with no “split by” field set, and then later during SimpleXML editing tried to turn on “show data labels”, the presence of the stack mode key would make the labels render oddly. Now the stackMode key is only pushed to the panel if there is also a “split by” field set.
The devices lookup now has 2 new fields: ‘clusterId’ and ‘lastUpdated’. The clusterId field allows the lookup to work properly for customers who have the same device name on multiple publishers. The lastUpdated field helps us manager things when customers of the AXL app have different publishers updating on different schedules. Admin Note: On restart the app will automatically run its own migration to add both missing columns to the SH’s devices lookup.

Version 7.1 (December 14^th, 2023)

Functionality Along with changes in Canary 1.7, the Cisco CDR app now supports dark mode.
Investigate Extensions, Investigate Groups and Investigate Gateways pages now have optional fields to list total/incoming/outgoing/tandem duration in minutes (as opposed to values like “08:53:44”).
Fixed a bug around dashboards created with our “create dashboard panel” app. The app would add an XML declaration when creating new dashboards and this would work fine. However it would then trigger a bug in Splunk’s SimpleXML Editor later, where the editor would add an encoding attribute to the declaration and this attribute would cause the dashboard-level ‘dark mode’ to never work for that dashboard.
Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code etc for all phone numbers worldwide.
Pulled new NANPA data into the “npa-nxx-lata-clli-ocn-location.csv” lookup.

Version 7.0 (November 9^th, 2023)

Functionality The “investigate calls” page and the “Chart” pages are now integrated into a single interface. Switching between these two modes is now using a more intuitive tab control. Furthermore switching between is now much faster and much more of the UI state will be preserved and jobs reused.
Functionality There is a new system whereby Supporting Addons can define a “data type” in a conf file that essentially adds support for another telephony product or PBX, and then those records will be usable, at a minimum within Investigate Calls and Chart.
Functionality Action menus on field values in Investigate Calls now include options to jump into the Chart view to see call volumes for each value of the given field, or call volume over time split by the given field.
Functionality in the Gateways page, in the “calls over time” tab, the pageable set of timecharts (one for each of the gateways), now allows you to inspect the calls with a drilldown click.
Fixed a bug where the setup pages for the various lookups didn’t work if any values contained double quote characters.
Fixed a bug in Investigate Calls where action menu options to add/remove searchterms didn’t work if the value contained double-quote characters.
Fixed a bug in Site Detail where ‘edit site details’ would pass the wrong site name as argument.
Fixed a bug in Device Detail in the ‘calls over time’ tab, if split-by was set to ‘extension/DN’. If that was set, the inline drilldowns on the subsequent Chart rendered below, would not render the call summaries in the table below that.

Version 6.6.1 (September 7^th, 2023)

Functionality Site Detail page now has a ‘call quality’ tab.
Further improvements and logic fixes to the action menu options in Investigate Calls
Fixed a regression in 6.6. where the Chart view would always show both the chart and the table regardless of which tab was selected.
Fixed a bug where the action menu options for the duration field on multileg calls would not work correctly.

Version 6.6 (August 28^th, 2023)

Functionality In Investigate Calls, the contextual action menus have some new and useful options on certain key fields.
Functionality In Investigate Calls and Chart, the “data_type” pulldown’s selected state is now saved as a per-user preference.
Critical Fixed a bug where the links in the app navigation bar did not work correctly when the user was still in the Simple XML Dashboard’s “Edit” mode.
Fixed a bug in Investigate Extensions, where calls for which CUCM listed no callingPartyNumber at all, would get rolled up as a row with a blank extension. Since the other parties on the call are represented elsewhere in the rollup, these blank rows are now filtered out.
The “Other data sources” tab in the Device Detail page will be a little better at finding the given device name in other sourcetypes. It will also now give links to explore any “ciscoguid” values found in this data.
Fixed a bug where entering an expression in the huntPilotDN field in Investigate Extensions would allow a few extensions into the returned results even when they had calls involving that huntPilot.
Performance optimization that significantly speeds up the Chart view for many simpler cases where the user is filtering by one or more numbers but has only a simple report that necessitates no intermediate stats command.

Version 6.5.3 (July 11^th, 2023)

Critical Fixed a bug that affected customers who were using the “callId” field, specifically as created by the ‘get_call_id‘ macro. The “callId” field was renamed to “call_id” in 6.5. And although callId remained as a deprecated alias in props.conf, it was not left in as an alias within the ‘get_call_id‘ macro. Customers affected by this should be able to just update to this version and their existing syntax will work again.
The Device Detail page’s “Calls over time” tab, now allows “quality” as a splitby option, and lists “quality” as a field in the table of calls.
Further improvements in search efficiency when using the “number” field in Investigate Calls.
the new calledPartyNumber field added in 6.5 is now an index-time field.
“server_name” field is now extracted more reliably for CUBE data.
Fixed a bug in Investigate Devices where the “calls” field was always zero.
Fixed a bug where if you added a dashboard panel from the call concurrency page it would end up rendering as tabular data instead of as a line chart.
Added a “create dashboard panel” button to the intraday call distribution panel on Extension Detail
Slightly changed the SPL used to populate the “data_types” pulldown, to protect against an unusual corner case in complex ‘custom_index‘ values.

Version 6.5.2 (May 17^th, 2023)

Fixed a regression that greatly lowered search efficiency when using the “number” field in Investigate Calls.

Version 6.5.1 (April 28^th, 2023)

Fixed a bug in the Investigate Devices page, where only partial or zero results could be displayed for devices that had no “device type” extraction defined.
Cube CDR data now has extracted fields for duration_elapsed, duration_total and duration_in_minutes, whether single leg or multileg, just like the CUCM CDR data.

Version 6.5 (April 25^th, 2023)

Functionality Investigate calls now allows you to search for CUBE calls even when the call did not touch CUCM at all. As a part of this there is a new form element in the page that will only appear if you have CUBE CDR indexed, in which case it allows you to switch between seeing only CUCM calls, only CUBE calls or both.
Functionality Newly aliased fields. In CUBE CDR the clid and dnis fields are aliased to callingPartyNumber and calledPartyNumber and the “number” field in Investigate and Chart now uses these fields. In CUCM CDR the “finalCalledPartyNumber” field is now aliased to “calledPartyNumber”
Functionality renamed field initialType to initial_type, callId to call_id. CUBE CDR also now has fields number, duration, data_type, type
Functionality Splunk 7.3 is no longer supported, and you must run Splunk 8.0 or higher. Various messaging has been added in case administrators on older Splunk versions update the apps and miss this detail.
Functionality Added new fields that hold useful english-language descriptions of 16 fields. These fields have to do with protocol, precedence, video resolution, bandwidth and more. Contact us for a full field list.
Functionality Investigate Devices now has a Clusters pulldown. Investigate Extensions now has a general search textfield.
Functionality Layout improvements and bugfixes for the “Summary” tab within the Device Detail page.
Functionality Device Detail page will now search for the device name’s presence in other sourcetypes and indexes. If any are found it gives the user links to explore that data.
Functionality Layout improvements and fixes on the Site detail page.
Functionality Default thresholds for call quality are improved now. Also within the “Define call quality thresholds” page there is now a button admins can use to reset their current thresholds to the current shipping defaults.
Critical Fixed a bug in the CUBE CDR integration, where the CUBE field values included in the results in Investigate Calls were the distinct values of those fields, then somewhat repeated, rather than a simple list of the values.
Critical Fixed a bug in the CUBE CDR integration, where CUBE fields would only appear in the results if nothing had been entered in the number text field.
Critical Fixed a bug whereby the ‘emergency calls’ alert was not actually editable in the Splunk admin UI. Also updated the instructions on Emergency calls on how to customize the alert.
Fixed a bug in the Call Concurrency and Gateway Utilization page, where clicking a concurrency point in the chart wouldn’t narrow down the drilldown detail to the relevant split-by value.
Fixed a bug that caused an error to display on the homepage erroneously if you had more than one index configured in the ‘custom_index‘ macro (separated by OR’s). If this was the case then the homepage would erroneously say “ERROR — the index specified in the ‘custom_index’ macro exists but contains no data.”
Fixed 2 bugs affecting the Upload tab on the ‘Define groups and extensions’ page. If you uploaded a file that had wildcarded numbers that were not all grouped at the end of the file, then when the page tried to repair the row order it would inadvertently also discard the last 3 fields resulting in an error message later. Also error messaging has been improved when uploaded CSV files contain non-utf8 characters.
Performance improvements on the Call Detail page, specifically using a narrower timerange of just several hours before and after the time of the call.

Version 6.4.1 (Oct 27^th, 2022)

Fixed a bug in Investigate Sites where sites could be erroneously listed on more than one row.
Fixed a bug where a few places in the Define Sites page were truncating the lookup on disk down to 10,000 subnets.
Investigate Sites now has a simple “site” textfield you can use to filter the list (with wildcards if necessary) if/when an unusually large number of sites have been defined.
Fixed a bug in Investigate Sites that only affected customers who were using our “customizable” macros to calculate sites from the mediaTransport IP’s instead of the normal call-control IP’s (This is our recommended config for customers using SME Clusters). The bug was that the Investigate Sites page would ignore the customization and calculate the sites using the origIpAddr/destIpAddr values. This was a regression introduced in Cisco CDR 4.1.9.
Fixed a bug in the Call Detail view where indexing very high volumes of CUBE CDR could slow the page to a crawl. The SPL in that view has been made far more efficient, such that the page should now perform well even if you have a million or more CUBE CDR indexed per day.
In the Call Detail view, the panel containing the Call Quality Information has been moved up to sit just above the panels titled “other calls to/from…”
Added a health check to detect whether the Devices Lookup contains any device names that are listed on more than one row.
Fixed a bug in the Call Detail view, where the top right panel that can list any field values, could previously not display any CMR fields. Also this panel now respects the field-ordering specified by the field picker (previously it listed them alphabetically).
Fixed a bug where if the Canary app was missing entirely the app’s landing page loaded blank, displaying no error message about the need to install Canary.

Version 6.4 (Sept 28^th, 2022)

Critical For customers using Search head Clustering (SHC), the app’s config now specifies that existing lookups on the SHC members are to be preserved in all cases, even when the deployer push was done with preserve-lookups set to false.
Critical For customers using Search Head Clustering (SHC), users are now able to post lookup changes from the “Setup” screens, instead of being told to make their lookup changes on the Deployer.
Functionality Form fields have been reordered across the various Investigate pages to improve consistency from page to page.
Fixed a bug in the Device Detail page. If users were in its “Calls over time” tab and attempted to drill down on one of the displayed calls it would not work. Now clicking those table rows leads to the Call Detail view and the call is displayed correctly there.
Fixed a bug in the Investigate Groups page, where you can now tell it to include groups/extensions with zero calls, and also at the same time use the “number” field to filter. The matching will then occur as expected on both the “extensions with calls” and also the “extensions with no calls” sides.
Improved a core health check to detect whether the index specified in the “custom_index” macro actually exists.
Reworked some health checks to reduce error messages if the user’s role has unusually restricted capabilities or permissions.

Version 6.3.9 (June 24^th, 2022)

Worked around a problem in Splunk that was dragging down performance in the Call Concurrency and Gateway Utilization page. Searches in that page are now approximately 6x faster and run with far fewer resources used.

Version 6.3.8 (June 1^st, 2022)

Critical – Fixed a bug in the app’s migration code where users upgrading from versions older than 6.3.5 would end up with an incorrect and unusable call_quality_thresholds lookup. This version and going forward will not create that problem and will moreover repair that damage when it sees it on disk.
Fixed a bug around uploading new csv lookup files in the Setup pages, specifically when using SHC (Search-Head Clustering). Prior to this release the upload would fail for admin users who had the capabilty list_search_head_clustering, but succeed for users lacking that capability, leading to an inconsistent state on the SHC. This is now fixed and all users will get the message that they cannot upload new CSV files when using SHC.
Fixed a bug that affected customers who used SHC, and also Cloud customers on Victoria stacks, where after an upgrade searches would fail with an error about the codec_types lookup. The root cause is that Splunk will in these architectures erroneously retain the previous version of the codec_types lookup across an app update. The new version of that file in the app is now simply renamed to workaround these bugs in SHC and Victoria.
Fixed a bug where if non-admin users were in core Splunk views or simpleXML dashboards, certain navigation elements in the app navbar would not work.
Fixed a bug in the setup pages where the “edit” tabs allowed you to delete the last row of a lookup, putting the lookup into a problematic state.
Fixed some of our health checks to make them not generate false-positives in the Monitoring Console’s health checks page.

Version 6.3.7 (May 10^th, 2022)

Critical – Fixed a regression introduced in 6.3.6 that prevented the Chart view’s “over nothing” mode from working properly.
Improvements to the Example Call Quality Dashboard to make the searches consistently screen out zero duration calls and calls that never connected.

Version 6.3.6 (May 6^th, 2022)

Critical – Fixed a bug where downloading the devices.csv from the Setup > Define Devices page, would give you a copy of the csv that was missing the required axlHost and axlPort columns.
Fixed a bug where the “Call quality information (CMR)” panel on the Call Detail page did not actually report the new “quality” field.
Added health checks to catch cases where after an app upgrade there can potentially still be scheduled searches regenerating the devices lookup or the groups lookup with columns matching the previous version’s columns for that lookup.
When you use “Save Report” or “Create Dashboard Panel” the newly created report or dashboard will now be in the “Saved Reports” or “Saved Dashboards” menu right away. Previously the newly created item would not be in the menu until the page had been refreshed. Note to get the new behavior you also need Canary
Dashboard panels created by the app now have the version=”1.1″ attribute, to prevent warnings from being displayed by Splunk.

Version 6.3.5 (April 1^st, 2022)

Critical – Fixed a bug in the Call Detail page affecting multileg calls where the top right panel would only show field values from one of the N call legs. The panel now shows all values from all legs.
Functionality – huntPilotName, huntPilotGroup, huntPilotSubgroup fields now populate with information based on the groups lookup, so you can use groups with hunt pilots just like you can with other numbers.
Functionality – The field that the app creates as our normalized overall measure of call quality was renamed. Instead of the old confusing name “qos” the field is now named “quality”. Note that customers that populated the old call_quality_to_qos lookup will get their changes migrated to the new call_quality_thresholds.csv lookup automatically when Splunk restarts after the version upgrade.
Fixed a bug where CMR events could fail to get timestamps extracted properly if the “directoryNumber” field began with a “+” sign. For reasons unknown this seems to be rare – normally even when the party numbers in CDR are prefixed with “+”, the directoryNumber in the CMR is not.
Fixed a bug in the Investigate Groups page where anything entered in the huntPilotDN textfield resulted in ‘no results found’. The field now works as expected to filter the group statistics down to the calls whose huntPilotDN values match the expression.
Pulled new NANPA data into the “npa-nxx-lata-clli-ocn-location.csv” lookup.

Version 6.3.4 (March 10^th, 2022)

Functionality – the Investigate Sites page now has a control to filter by Cluster.
It also now has options to pick whether it should a) count calls with zero duration, and b) show rows for sites that have no calls at all in the given timerange.
Fixed a minor bug on the app homepage where the “Learn more about the product” panel would become invisible if any critical health checks failed.
Fixed a bug where users still running Splunk Enterprise 7.3 would be redirected to the homepage if they clicked links in the app’s Navigation Bar while within SimpleXML dashboards or core Splunk pages.
Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code etc for all phone numbers worldwide.

Version 6.3.3 (February 11^th, 2022)

Fixed a problem in 6.3.2 that prevented 2 new panels on the homepage from loading correctly
In “Explore new reports” on the landing page there is now improved messaging when a particular report detects that an optional component that it requires, still needs to be set up.

Version 6.3.2 (February 9^th, 2022)

The “graph calls over time” link from Investigate Calls, as well as the “see calls” link from the Chart view, no longer open in a new tab/window. For some users with very low quotas for disk usage in /var/run/dispatch the old behavior made it easier to run out of disk there and prevented them from running more searches until some TTL’s expired.
Minor fixes to a few of the app’s health checks in checklist.conf

Version 6.3.1 (February 7^th, 2022)

Reworked the “Your Deployment” panel on the new app homepage to run in far less time and with fewer resources used.
Fixed a bug where if you navigated to the “Search” view and from there to the Example Call Quality Dashboard, you would end up on the wrong URL and a 404 error.
Fixed a minor bug where many reports in “Explore New Reports” were misidentified as “hub and spoke views”

Version 6.3 (February 4^th, 2022)

Functionality – The app landing page has been redesigned to help new users learn how to use the app more effectively, as well as to give experienced users more useful jumping off points.
Functionality – There is a new Setup page that allows you to customize the thresholds on the call quality statistics that are mapped to the four categorical “qos” values (good, acceptable, fair, poor).
Functionality – On calls that go through both CUCM and CUBE, for which the CDR from both sides is indexed, the Call Detail view will now also present the rows from the CUBE side, in both the table and the gantt chart.
Functionality – There is a new “call quality dashboard” containing a number of out-of-the-box examples of interactive charts pertaining to call quality. The page allows users to easily select a chart they like, to customize it in the Chart view and then add it to their own dashboards.
Functionality – Added new fields, audio_codec, video_codec as well as origAudioBandwidth, destAudioBandwidth, origVideoBandwidth and destVideoBandwidth.
Functionality – The Navigation has been reorganized and some key items have been renamed. eg: “Browse Calls” is now “Investigate Calls”, and the saved dashboards menu is now at the top level of the nav.
Fixed a bug where Browse Extensions would show wrong numbers dialed if “count calls with zero duration” was checked.
On each restart, if clusters.csv does not contain any clusters seen in the last 14^d worth of indexed CDR data, those clusters will be added as new rows lookup. Formerly this check would only happen on the very first restart after install, with the problem being that no data might be indexed indexed at that time.
Fixed a problem where if you were viewing both CUBE CDR and UCM CDR in Investigate Calls (formerly Browse Calls), any use of the “number” field would inadvertently screen out all CUBE fields from your results
Fixed a regression introduced in 6.0.5 where users on Splunk 7.X could no longer upload lookup files in the Setup pages.
Fixed a bug in Call Detail where the gantt chart could in some cases display strange points in time from many months ago, relating to calls that happened to have the exact same callIds on the same CM node and cluster.
Fixed a bug in Call Detail pages when displaying multileg calls, where if the parties were the same on two or more legs, only one of them would be shown in the Gantt chart
Fixed a bug in the Site Detail page, in the “Unusual call termination reasons” panel, where the chart drilldown to Investigate Calls (formerly Browse Calls) would not pick up the given cause_description searchterm.

Version 6.2.2 (January 7^th, 2022)

Critical – Fixed a bug that prevented users from adding dashboard panels to dashboards that had been shared at the app level.
Fixed a bug where multileg calls that had legs dateTimeConnect=”0″ would have their legs sorted incorrectly.
Fixed a bug on the Extension Detail page. If you set a huntPilot filter and/or interact with the time_of_day chart to filter the calls displayed and then click “investigate calls”, now when you get taken to the “Browse calls” page it includes the extra huntPilot and time_of_day filters.
Fixed a bug where clicking elements in certain charts on the Site/Extension/Device Detail pages would not work correctly when run in the Canary UI.
Fixed a regression where in the Browse Devices the “devices with no device_type assigned” filtering option stopped working.
The Canary app is now required even for users still running Splunk Enterprise 7.3

Version 6.2.1 (December 10^th, 2021)

Critical – Fixed a bug where the “qos” field would fail with an error if you were using distributed search.
Multileg calls are now displayed consistently in the correct order, with logic for various cornercases where calls have multiple legs connecting during the same second.
Fixed a bug where Extension Detail view was showing a table of raw call legs without collecting the legs up into possibly multileg call rows.
Fixed a bug in the Browse Devices page where fields from the devices lookup would only be added if the option to “show devices with zero calls” was selected. Also fixed a bug where the “show devices with zero calls” option would not show those devices if you also had a subset of the device_types selected.
Fixed a bug whenever the “concurrency” field was used, and a split-by field was in use that happened to be null-valued, where Splunk would display a strange error message: “Failed to parse templatized search for field ‘max_concurrency: ‘”.
Users running Splunk with the Free license can now update the Cisco CDR app’s license string in the UI without any error.
CIPC devices are now given device_type field values of “ipcommunicator” instead of “softphone”.

Version 6.2 (November 11^th, 2021)

Functionality – When you use the “Create Dashboard Panel” buttons in the General Report page to create dashboard panels, the resulting panels now have working drilldown interactions that send the user to the matching calls in the Browse Calls page. Likewise, creating panels from Browse Calls creates drilldown to Call Detail, and creating panels from other Browse views creates drilldown to the corresponding Detail views.
Functionality – When you use the “Create Dashboard Panel” buttons, it now creates the panel with the correct visualization, chart type, and stack mode.
Functionality – General Report now allows you to select no “over” field at all, so your search results can be a single statistic. Note that you still have the option to set a split-by field, in which case your search results would be a single row with multiple columns.
Critical – Fixed a longstanding bug in the Canary UI where for many of the links in the app navigation bar, if you clicked those links while you were editing a Simple XML view you would get taken to an incorrect URL and a 404 error.

Fixed a bug in General Report where if you tried to take a call volume report with no filtering, and split it by a CMR field, the CMR values would all be null. Dashboard panels created via the “Create Dashboard Panel” layers now have inline searches rather than separate referenced saved searches. Note that users who preferred it the old way can still use this functionality but then use Splunk’s Simple XML Editor, click the magnifying glass icon, and choose “Convert to Report”.Fixes for when we are running in the old 7.X UI instead of in the Canary UI, where erroneous error messages no longer appear at the top of the pageDevices lookup now has 2 new fields – “axlHost” and “axlPort.” These are created by the Supporting Addon for AXL, and represent the CUCM node that the device information was pulled from. Fixed a bug in the Setup Groups/Devices/Sites page, where if the user lacked the “output_file” capability, they would see no error when they attempted to create/edit or delete elements from the lookup using the app’s UI

Version 6.1 (October 6^th, 2021)

Critical – Fixed a bug where the “download” tab within the Setup Devices page would give you a csv file that was missing three required fields – className, subClassname, and directoryNumber.
Functionality – Addition of many links in the context menus in Browse Calls that appear on gateway/site/device fields and that lead to the relevant detail pages.
Functionality – The Setup Clusters page now allows admins to download/upload the current cluster list as a csv file.
Functionality – The huntPilotDN field is now looked up against the groups lookup, and if present there are now fields created for huntPilotName, huntPilotGroup, huntPilotSubgroup
Functionality – Added a new field “ring_time” that is simply calculated from the origination/connect/disconnect timestamps.
Functionality – Browse Groups page now has a control to select a single UCM cluster or a subset of UCM clusters, and the selected value is passed on in subsequent drilldowns to Browse Extensions and Browse Calls.
Fixed a bug when running on Splunk Enterprise in 7.X, in the old (non-Canary) user interface, where the Browse Devices page wouldn’t load properly.
Fixed a bug where sometimes on the Call Detail page, legs with the same origination timestamp but different dateTimeConnect values would be displayed in the wrong sort order.
Added a “cidr” field that if populated, will hold the matching subnets that were used to match the call leg’s origSite and/or destSite values. This is really just a convenience, as it was already present as origCidr and destCidr
Fixed a bug in General Report where if you picked “max(concurrency),” then with certain “split by” fields selected the report would run as though no split-by field was selected. Since we have no reasonable way to run the report still those split-by options are now disabled when concurrency is selected.
Fixed a bug where the “setup data inputs” page (only used for standalone onprem deployments) was not displaying some unexpected error messages when run in python3.
NOTE: The required minimum version of Splunk Enterprise / Cloud has been changed from 7.2 to 7.3.

Version 6.0.8 (August 25^th, 2021)

Functionality – Improvements to the Browse Gateways and Gateway Detail pages.
1. Added a Clusters pulldown which filters both the selectable options in the gateway pulldown and also the gateways that are listed in the main results.
2. “cluster” is now an optional field in the field picker.
3. If there are any gateway names that are repeated across clusters, each will now get its own row with separate rollup stats in the report.
4. There is new contextual messaging to reduce confusion if this happens when the ‘cluster’ field is not selected as visible.
5. Gateway Detail page now has a field for cluster which is populated by the drilldown from Browse Gateways.
Functionality – Added a new prototype feature in the form of a field “qos” that can have values of good, fair, acceptable, or poor. The values are calculated from any CMR quality stats with customizable thresholds defined in “lookups/call_quality_to_qos.csv”.
Functionality – Added a contextual message to the Browse Calls page, that only shows if “get only” is not set to “all records” and the user has entered some “search filters” in the last form field. If the case is detected, the message suggests trying again with the “get only” field set to “all records”.
Improved the call_failed field so that calls with cause_description=”User busy” are no longer counted as failed calls.
Added a time range control to the Setup Clusters page so the administrator can pick how far back to look for clusters to put in the lookup.
Added sourcetype ‘cucm-kiwi-syslog’, which should be able to parse Cisco UCM Alarms coming in via Kiwi Syslog server on Windows.
Improved search performance in the specific case when users are in the Call Detail or Extension Detail views and they click on one of the calls shown in the call tables. Formerly, the clicks sent no timerange bounds to the following pages, and on some very large Splunk deployments even with the globally unique callId as a search term, it would result in very long page load times.
Fixed a bug on the Browse Groups page where any selection in the “subgroup” pulldown would produce zero results.
Browse Groups will now display the actual subgroups of the calls matched if there are fewer than 6. If there are 6 or more it will give only the number, eg: “(8 subgroups included)”.
Fixed a bug where if you went to Call Detail or Extension Detail directly, ie not by following a drilldown link, the logic that displayed contextual help messaging there was not working in the Canary UI
Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code, etc for all phone numbers worldwide.
Pulled new NANPA data into the “npa-nxx-lata-clli-ocn-location.csv” lookup.
Removed deprecated sourcetype “cucm_alternate_syslog”

Version 6.0.7 (August 5^th, 2021)

Functionality – Added a new field “internal_party_number” that holds all of the calling/called party numbers on the internal side of the call legs
Fixed a bug where using the “number” field in the Browse Extensions page would return results that didn’t include incoming call counts.
Fixed a minor but longstanding usability problem in General Report where if you set the “over” field to a field that is already set as your “split by” field you would get a confusing error saying that you could not set both pulldowns to the same value. Now the UI just quietly considers the selection of the “over” field to supersede the split-by field and it resets the split-by to “(none)”.
Fixed a bug in the Extension Detail view, where if you used the “investigate these calls” link in the bottom left panel it would send you to Browse Calls but without the arguments set quite right so that it only showed calls *from* the given extension and included no calls to it.
Changed Browse Devices and Browse Extensions pages so that devices that have not made any calls at all are listed with the call counts set to “0”. Most notable about this change is that you can then sort on “calls” to find the zeros, or use a simple search term of “calls=0”
The Emergency Calls page now has an export link on the right-hand side that when clicked will download the results as CSV and open them in Excel.

Version 6.0.6 (August 3^rd, 2021)

Critical – Fixed a rare bug introduced in 6.0.5 as a part of the General Report optimizations. If you specified party numbers both in the number field and in the search terms field, the results would inadvertently filter out results where the party numbers were on different legs.
Fixed a bug where if you included only a single “*” character in certain fields in Browse Extensions and Browse Devices, the argument would get ignored. Most notably the hunt pilot field in Browse Extensions, ie to narrow to only calls with huntPilot involvement.

Version 6.0.5 (July 12^th, 2021)

Functionality – Significant optimizations to increase search speed and efficiency in General Report. This wont apply to reports with complex filtering and with unusual primary fields or splitby fields however many of the most common reports will see a significant increase in speed and a significant drop in resource usage.
Functionality – Browse Calls now has links from party numbers directly to the Extension Detail page.
Functionality – Improved design and functionality on the Extension Detail page. Added an intraday chart. Fixed some issues in the drilldown interactions within the page.
Functionality – If the devices lookup has been populated, either manually or by setting up our Supporting AXL App, then all of the device fields can be used for filtering and searching and grouping, *without* their orig* and dest* prefixes. For instance, you can now run a report “over productName” instead of having to run separate reports for “over origProductName” and “over destProductName”.
Functionality – Primarily for customers using our supporting AXL app, the devices lookup can now contain a “directoryNumber” field per device. This is designed to hold the primary DN/DiD number set in UCM for the given device. At search time this comes out as “origDeviceDirectoryNumber” and “destDeviceDirectoryNumber” as appropriate, as well as a third field containing the union of both those values, “deviceDirectoryNumber”.
Functionality – Added a new field “internal_device_name” that combines the origDeviceName and destDeviceName fields but excludes device names. This is very useful as a group-by or split-by field in General Report.
Fixed a problem that would sometimes cause users to end up on URL’s with an extra slash at the root.
Fixed a bug where if SplunkWeb was listening on a different port than the browser was talking to, some of the Setup pages like Setup Sites, would fail with an error when you tried to make changes to that config.
Fixed a bug where CUBE fields were appearing as options in the Browse Calls page’s field picker even if you had no CUBE data indexed.
Fixed a bug where the Devices page would not filter correctly when “include devices with zero calls” was selected. The page now applies all the selected filters regardless of that setting
“911 calls” page is now renamed “emergency calls”.
Fixed a bug in the Call Detail page that was causing the call legs to be sorted incorrectly and the duration field to be displayed in seconds instead of as HH:MM:SS.
Fixed a bug in the Gateway Detail page where the breakdown by cause_description was displaying the count of raw records (cdr+cmr) rather than the actual count of callIds (and thus calls) which is generally slightly lower and is what users expect to see there.

Version 6.0.4 (May 11^th, 2021)

Functionality – The Browse Gateways page now has an expanded field list and a field picker the user can use to display optional fields.
Critical – Fixed a bug on the Device Detail page where the table titled “x calls to/from this device” wasn’t displaying raw field values from call legs but instead an unintuitive summary of those fields.
Critical – Fixed a bug where the “add new row” functionality in the Setup pages did not work properly. This bug was introduced in some changes in 6.0.
Fixed a relatively harmless problem in the call_quality_to_qos lookup that was generating an error message from Splunk for some users.
Fixed a bug where the field picker on the Browse Devices page would act strangely if both a) the “show devices with zero calls” option was on, and b) your timerange did not include any actual call data.
Removing the “stacked100” option from General Report’s “chart type” pulldown until Canary’s Chart module gets proper support for it.

Version 6.0.3 (April 15^th, 2021)

Critical – Fixed a longstanding bug that only just came to light, where if you are using the “number” field within General Report, it was impossible to build any reports on any quality fields.
Speed improvement on the Devices page. The “device types” pulldown now populates much more quickly than before.
Fixed a confusing bug introduced in 6.0.2 in a particular link label case for the new action menus in Browse Calls. When you have foo=bar in the search filters, instead of getting an option to “remove filter for foo=bar”, the action menu item would say just “foo=bar”.
Devices lookup now has 2 extra fields “className” and “subclassName”. On upgrade, the app will automatically migrate the existing Devices lookup file to add the new columns. Note that this change is really just for users of our Supporting AXL App for Cisco CDR.

Version 6.0.2 (April 8^th, 2021)

Critical – Fixed a bug where certain North American location fields like LATA, CLLI, OCN, CompanyType, Company Name, and NumberType wouldn’t populate in Browse Calls until you added one another location field to the field picker.
Functionality – Improved context menus in Browse Calls such that now clicking on party numbers will add the value to the “number” field instead of the “search filters” field. Also, the type and cluster fields now have working menus.
Improvements to how full DN’s are parsed such that some more common offnet prefixes will now be recognized out of the box.
Fixed a bug where party numbers that began with an offnet prefix of “9” followed by an area code that also began with 9 would not get any location fields populated.
Pulled new NANPA data into the “npa-nxx-lata-clli-ocn-location.csv” lookup.
Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code, etc. for all phone numbers worldwide.

Version 6.0.1 (March 19^th, 2021)

Critical – Fixed a bug in Call Detail where the top right panel would only ever allow you to see a subset of the fields.
Functionality – Browse Calls will no longer display rows for which there is only a CMR record and no CDRs. This situation can happen sometimes especially in large deployments when there are calls in progress that have generated one or more CMR, but that have NOT yet generated any CDR. Such calls would appear as a “ghost call” on the first page of search results, ie with most or all fields empty. These apparently blank calls so regularly caused confusion that they’re now suppressed in that view specifically.
Minor changes to avoid appinspect false positives.
Reworked some health check searches to improve homepage load times.

Version 6 (February 24^th, 2021)

Functionality – Users can now click on individual values in the Browse Calls view and a menu will appear allowing them to choose between adding a search filter for the given field=”value” term, excluding calls with field=”value” from results, or viewing the call details for the call.
Functionality – As with the above change to Browse Calls, clicks on charts in General Report now trigger context menus with different actions
Functionality – Browse Devices now has better, more usable options for including or not including zero duration calls in the call counts, and also for including *all* devices or only ones that participated in a call during the time period (requires devices lookup to be set up, either manually or via our Supporting AXL app for Cisco CDR Reporting and Analytics).
Functionality – There is a new “Browse Groups” page that presents similar statistics to Browse Extensions but at the level of distinct groups. Clicking a row gives the user the option to view the extensions in Browse Extensions or to view all the group’s calls in Browse Calls.
Functionality – Browse Extensions and Browse Devices pages now will remember each user’s selected fields for later.
Critical – Fixed a bug where errors were never displaying on the homepage to tell the user that the current installed version of Canary or Sideview Utils was too old.
Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code, etc. for all phone numbers worldwide.
Added CUBE fields to the field gallery so now field names and descriptions are available on the Home screen.
Fixed a bug on Call Detail where the two field picker modules on the page would each set each other’s selected field list when they set their own.
Fixed a bug affecting 7.X users where the “Report” section in the nav would highlight erroneously when the page was loaded, and various dashboards core to the app were appearing erroneously under “Saved Dashboards”

Version 5.3.9 (January 15^th, 2021)

Functionality – Users running the most recent version of the Canary app will now have selected fields from their CUBE data marked with “(CUBE)” in the field picker, just as happens in the legacy Splunk and Sideview Utils UI.
Updating the minimum required version of Splunk required to 7.2 since Splunk has ended support for 7.0.X and 7.1.X.
The option to chart the data as a “bar” chart is now disabled if the data is plotted over time.
Fixed a problem where the Define Groups page’s “Edit” tab was listing the form fields in the wrong order
The “device_name” field that the app creates is now created at index time through an INGEST_EVAL stanza. This means that for data indexed after upgrading to 5.3.9, techniques like tstats that leverage index-time fields can be used for better device usage reports. Conversely, to support all the customers who have data indexed prior to this update, the device_name field also continues to be extracted at search-time to preserve the functionality in normal searches and reports.
Fixed a minor usability bug on the homepage where if you searched for one of the field category names itself like “quality”, it would not match against the category names. Now such searches will also match and return all the fields in that category.
Pulled new NANPA data into the “npa-nxx-lata-clli-ocn-location.csv” lookup.

Version 5.3.8 (December 2^nd, 2020)

Changed how the app’s homepage checks for indexed data. Formerly it used the metadata command, but since this command can be deliberately disabled for lower privilege users, that can in turn cause the check to fail erroneously. The end result was some lower-privilege users would only see a homepage telling them that they hadn’t indexed any data yet. This is fixed now and the check uses a tstats search.
Patched a bug that only occurs in Splunk 8.1, where some of the SPL used by the “call concurrency and gateway utilization” page does something the 8.1 SPL parser doesn’t like.
Fixed a typo in our health check responsible for finding unusual indexing lag, that had been preventing it from running properly.
Fixed a minor problem where if someone was trying out the app while running only a Splunk Free license in Splunk itself, our health checks for user/role capabilities would fail erroneously.

Version 5.3.7 (November 6^th, 2020)

Fixed a bug around the ROOT_ENDPOINT key, where users could get redirected to malformed URLs that were missing a slash between the root endpoint and the locale.
Improved the health check for indexing lag to list the 95^th percentile of the lag in the health check message directly.

Version 5.3.6 (October 29^th, 2020)

Fixed a critical regression introduced in 5.3.5 that broke the app on 7.X versions of Splunk.

Version 5.3.5 (October 16^th, 2020)

Fixed a problem where the app’s own license checks would fail if the Splunk server was using the “root_endpoint” key. This would result in the license check failing when Splunk was set up in a reverse proxy configuration.

Version 5.3.4 (October 6^th, 2020)

Fixed a bug on the Call Detail page where the panel displaying fields from individual call legs only let you choose selected fields from a subset of the available fields
Browse Extensions now allows you to pick a particular subset of your UCM Clusters, in addition to filtering by group/subgroup/name/number/huntGroup etc.
Minor changes to our default device_type extractions to catch some unusual cases in the field for instance where jabber device names occasionally have hyphens or other non-alphanumeric characters in them.
Call Detail page now has ‘see search syntax’ links allowing you to see and troubleshoot aspects of the raw CDR events or CMR events in the default Splunk UI
Minor modifications to some of our health checks to reduce false positives.
App now ships an app.manifest file which may help various things stay on the tracks in Splunk Cloud

Version 5.3.3 (August 26^th, 2020)

Resolved a longstanding bug where the devices lookup would be unexpectedly empty after an install or update.
The Cisco CDR app’s navigation has been subtly reworked to improve user experience if folks
miss the step about installing the Canary app, and also to allow us to soon remove the
dependency on Sideview Utils for users on Splunk 8 and up.
Several existing health check searches improved to be more robust.
Additional health check search created to find duplicated data.
Browse Devices page now has a “see raw search syntax” link.
Browse Devices page now has an optional field called “last_seen” listing the date and time of when the device was last involved in any call.
Added destAudioCodec and origAudioCodec, which will have values like “G711mu-law 64k” or “G729”.

Version 5.3.2 (June 24^th, 2020)

Hoopjumping for some less-than-ideal problems in the Splunk Cloud vetting process. This release deletes one line of python code that was already commented out. This line was causing a silent failure of Cloud Manual Vetting for several months, for an erroneous and silly reason, and Splunk’s process gives no feedback to the third party app developer at all such that we were unable to learn about this problem until recently (Thanks to the internal resource who dug into the matter and was able to tell us the details). Our apologies to all our customers and prospects who over the past few months were told erroneously that the recent releases of this app were not cloud compatible.

Version 5.3.1 (June 3^rd, 2020)

Some small changes to make various Splunk tools, and thus the users of those tools, recognize that the app is python3 compatible (which it was previously too).
Fixed a complex but rare bug in General Report where if you 1) had a categorical group-by or split-by field set, 2) you had a numeric y‑axis field set, 3) you were using a numeric function on that y‑axis field (eg sum or avg), 4) you were analyzing multileg calls, and 5) some legs in the individual calls being analyzed actually had the same value for the group-by or split-by field, then the math would work out slightly wrong. For example if you had a lot of calls with exactly two legs, and callingPartyNumber was always the same for both legs, and you were doing sum(duration) over callingPartyNumber in General Report, the duration values would be off by a factor of 2.
Fixed a bug in the General Report page where fields that had no non-null values were appearing as options in the pulldowns. For most users this should lower the number of fields in the pulldowns from around 350 to more like 250.
Removed some field aliases that we released long ago without any announcement, that were creating a few CIM-compliant field names. We had added these as an experiment to allow admins to try integrating CUCM CDR data into their security world. Since these never attracted anyone’s attention and at this point they’re doing a little more harm than good. Also added a health check to detect anysavedsearches in the app’s context that might be referencing them after their removal.
Fixed a bug on the “Setup Data Inputs” page when run in Canary, where the user would be unable to ever switch to the helptext for distributed setups – regardless of which kind of installation they selected in the pulldown they would only get the help text for standalone setup
Fixed a bug where the Gateway Utilization, when run in Canary UI, was missing its chart-type pulldown
Fixed a bug where the “Find sites to add” tab within the Setup Sites page would not render its tabular data in Canary
A small change to the python that implements our licensing system that will allow us to switch over to a new license string format in the future, where the beginning and end of all license strings doesn’t look identical.

Version 5.3 (April 24^th, 2020)

Fixed a bug in the General Report page’s “max(concurrency)” option, whereby the code was inadvertently binning the _time field before doing the concurrency calculations. This resulted in only a small error for sparse call data, or for very narrow time scales. However when run over larger time scales or with a very large number of shorter duration calls, the report would overcount concurrency to quite a significant degree.
Added some behavior to the app_setup script, which runs when Splunk restarts and which checks for “first-time-run” and migration cases, so that if splunkd runs the script before Splunkd’s REST API is actually up and running, that it waits for up to 20 seconds for the REST api to become responsive, before proceeding.
Changes to the license endpoint such that now any user with either the “license_edit” or “edit_sourcetypes” capability can post a new trial or full license for the Cisco CDR app (Note this is NOT the license for Splunk Enterprise itself, but the app-level licensing that the Cisco CDR app itself implements). Formerly only a user with the ‘admin_all_objects’ capability was able to post a new license. Note that this uses the documented mechanism in restmap.conf passSystemAuth=True
Added 4 new optional fields to Browse Extensions page – video (number of video calls), audio (number of audio calls), video_duration and audio_duration.
Added a new field called “call_failed” that has a value of either 0 or 1. The field has a value of 0 for all call legs that connected, AND for all call legs that failed for ‘normal’ reasons like ‘unallocated (unassigned) number’. Conversely it will be “1” for any call legs that failed for “bad” reasons, ranging from “no circuit/channel available” to any of the very numerous other unusual cause descriptions and CCM_SIP error codes.
Improved the default device_type extraction for Unity devices to include device names beginning
with “Unity”. Previously it would only match device names beginning with “CiscoUM”.
Removed some duplicate entries from the field_gallery.
Fixed a bug in the Field Gallery panel on the homepage where CS_total and SCS_total and some other fields were not searchable.
Fixed a problem, where if CallManager was misreporting seconds between origination time and connection time, as concealed or severely concealed seconds, which doesn’t really make any sense, that the CS_total and SCS_total fields could exceed the actual duration field in seconds, which would then lead to either of the ratio fields CSR_overall or SCSR_overall having values greater than 1. If this ever occurs in the field now, the CS_total and SCS_total fields are capped at the duration_total value, thus effectively capping the ratio fields at 1.
Fixed a bug in the Busy Hour Calculator page where a handful of rare gateways would get omitted from the list sometimes if you had more than 100 or 200 gateways
CSS cleanup and raising required Canary version to 1.2.5.

Version 5.2.7 (March 26^th, 2020)

Fixed a bug in the Call Concurrency page where the drilldown on the main chart (to display a more fine grained concurrency chart within that one data point), failed with an error
Fixed a bug in the Call Concurrency page where the gateways pulldown would in some situations load only a partial list of your gateways
Fixed a bug in the Call Concurrency and Gateway Utilization page where if you had a subset of your gateways selected, and “no split by” selected, the chart would not render.
Fixed a bug when loading the Extension Detail page in the Canary UI, where the top panel would load blank and collapsed. The layout of the information in the top panel has also been improved somewhat.

Version 5.2.6 (March 19^th, 2020)

Fixed a bug where the Cisco CDR app wouldn’t accept new licenses for the app
if the Splunk Enterprise instance was only running the Splunk Free License.
Fixed a regression on the Gateway Utilization page. Essentially the fix in 5.2.4
for the “unwanted types showing up” bug had a flaw in it, that not only didn’t work
but regressed the same behavior for the gateway side. There is now unit testing covering
this to try and make sure it never happens again.

Version 5.2.5 (March 11^th, 2020)

Fixed a regression in the ‘set up data inputs’ wizard that only affected 8.X.
(Note this functionality is only relevant to users who have a standalone splunk
instance on one host, with not even any forwarders involved.)
Improved UI messaging for the ‘set up data inputs’ wizard so that if the user
is not an admin user or they are, but they lack the admin-all-objects capability,
they get an error telling them as much instead of a confusing “AuthorizationFailed”
error message.
Switched over to using the new restmap.conf controller for the “upload csv” functionality
for both Setup Groups and Setup Sites.
Some cleanup in our python logging.

Version 5.2.4 (February 28^th, 2020)

Fixed a bug in the Call Concurrency and Gateway Utilization page where
if you had a subset of your gateways selected, and “no split by” selected,
the chart would not render.
Fixed another bug in the same view where if you had split by set to “call type”
and you had a subset of the 4 call types selected, and you also had multileg calls
with different call types in their legs, you could get other unwanted call types
displayed in the chart.
Added new default device type extractions to set device_type fields for TCT*,
BOT* and TAB* devices, which are respectively jabberiphone, jabberandroid, and
jabbertablet.
renamed existing ‘jabber’ device_type extraction (based on CSF*) to
‘jabberdesktop’ to more closely match its real world meaning.
Fixed a bug where the call_answered field would only exist if your report was also
referencing other related fields like call_answerable or call_connected.
Fix to the “add new site” and “add new extension/group” tabs of the Setup Sites
and Setup Groups pages – now when you submit it gives you a confirmation message
that the new row was created.
Fix to a bug that affected the CUBE CDR integration, when in the legacy Splunk UI.
Prior to this release the “(CUBE)” suffix would appear only on the relevant fields
when the layer initially loaded and if you used the text box to filter your fields the
suffix would vanish from the CUBE fields.
Fixed a bug around large multileg calls in the Call Detail view where the Gantt
chart there would only display ten call legs and the rest would be lumped into an “other”
leg that behaved strangely.
Fixed a bug around large multileg calls in the Call Detail view where the field picker
panel in the top right would display multivalued fields without spaces between the values.
Fixed a bug around large multileg calls in the Call Detail view the main fields
displayed in the first two panels would display duplicates and thus clutter up the display

Version 5.2.3 (January 9^th, 2020)

Fixed a typo in the concurrency searches if you did not have a split-by
field set. Improved test coverage to avoid regressions in this area in
the future.
Updated python to include latest version of libphonenumbers
Updated the “npa-nxx-lata-clli-ocn-location” lookup. This is the piece
that allows the app to take a north american number with just areacode
and exchange, and create fields with city, state, zip, CLLI, OCN,
CompanyType, latitude and longitude.

Version 5.2.2 (January 2^nd, 2020)

Fixed some critical problems that were introduced with 5.2.1’s new field
extractions for gateway, device_type and type fields. Chief among these was
a problem where FXO ports on MGCP gateways were getting misunderstood by
5.2.1 as calls to internal devices rather than outgoing calls.
Fixed a bug in the Call Concurrency and Gateway Utilization page that only
affected tandem calls, where the concurrency numbers for those gateways
would be undercounted.
Fixed an obscure bug where if you attempted to use one of the dateTime*
field as a search term, and you used it with a comparison operator like “>”,
on multi-leg calls, the filtering would not work.
Fix made to our first-time-run and migration script to make it not error
out when run in python3 on splunk 8.

Version 5.2.1 (December 10^th, 2019)

Fixed a bug in the Call Concurrency and Gateway Utilization page where if you
narrowed the chart to just N gateways, the presence of any tandem legs in the
calls being analyzed would drag other (unselected) gateways into your chart.
Added 3 extra hidden fields to the groups lookup, that are optional.
Admins can now customize the automatic lookup statements to use these fields
and alias them to more useful names reflecting the local use case
requirements, and then they will begin working as filtering, reporting and
grouping, and the ‘setup groups’ forms will automatically include appropriate
form elements to create/update/delete the values.
Fixed a bug in the Canary UI where General Report and a few other pages would
sometimes get an extra “Loading…” indicator stuck open even when nothing
further was loading.
Improved how the “type”, field is calculated from span integers to never
recognize conference bridge devices and conductors as ‘gateway’ devices.
Prior to this change, the default ^CFB and “CONF$$” regexes for device_type
“conference_bridge” were doing a lot of this work, so for many customers the
net improvement here may be minimal or zero. On the other hand for some this
will make a lot of “tandem” call legs become “incoming” or “outgoing” legs
more in line wiht expectation.
As with the fixes to the “type” field (see above), the extraction of the
device_type and gateway fields has been improved.
Fixed a bug where calls to/from, analog devices attached to MGCP gateways
would get the orig/dest gateway fields set to the MGCP gateway. This was
misleading at best.
Fixed a bug where picking just incoming or internal calls, would erroneously
filter out matching calls involving conference bridge devices, (even where we
were previously extracting the ‘type’ field correctly).
removed duplicate values from the internal_device_type field.
Fixed a bug where the origSpan and destSpan fields were marked as categorical
instead of numeric, so you couldn’t build reports like max(origSpan).
Fixed a bug causing the Canary UI on 8.0 to get a ‘switch back to the old
splunk UI’ (This was intended only for pre 8.0 versions, and the link when
clicked would just redirect you back to Canary UI).
The Browse gateways page now uses improved SPL to populate the checkbox
pulldown for selecting which gateways you want to analyze.
(Note: this work was mistakenly reported in the 5.1.4 release notes although
it did not actually ship until this release).

Version 5.2 (November 5^th, 2019)

To implement the “upload lookup” functionality on Setup Groups and Setup
Devices in Splunk 8 and higher, a restmap.conf controller now exists to
replace the legacy web.conf controller, and the respective pages now POST
to this new controller when run in the Canary UI. There is also an
improvement to how the messaging works for both success and failure cases.
Added a “download” tab to the “Define Sites” page so admins can download a
fresh copy of the current subnets to work on it, and then reupload it later.
MLQK values of exactly 0 are now discarded automatically. These values
always seem to be false readings and previously they had to be filtered out
manually.
Fixing a bug in the Call Detail page, where if many devices were involved,
Fixed a misalignment of the Pager module in the Browse Devices pages.
the layout of the page would get pushed out and break.
Fixed a bug that only affected the Canary UI where the page didn’t work
due to a typo where the page invokes app’s reusable ui pattern
“SaveCreateButtons”.
Fixed a bug that only affected the General Report and Browse Calls views
in the Canary UI where some fields would not get their special custom SPL
extractions/conversions inserted automatically behind the scenes.
Changes to the Call Detail page to get the Field selection to work in both
the Canary UI and the old Splunk UI.

Version 5.1.5 (October 7^th, 2019)

Compatibility work for the transition from Sideview Utils to Canary.
Layout fixes to the Browse Gateways page.

Version 5.1.4 (September 19^th, 2019)

Now when you use “Create Dashboard Panel”, the current choice of
visualization (chart vs table) as well as chartType and stackMode if
relevant, are passed along and saved into the final dashboard XML.
Fixed a problem where CallManager misreports inbound calls to UCXNSubscriber
devices as though the device was a gateway and the leg a tandem leg.
Added a new field called “bh_type” to the app whose value denotes whether
the origination time of the call is during “business_hours” or “off_hours”.
Added fields to Browse Extensions that are unchecked by default that show
“business_hours” and “off_hours” call counts, as well as
“business_hours_duration” and “off_hours_duration”.
Added proper logic to detect whether the Canary app is installed and if so
to switch to rendering the current page in the Canary UI instead of the
Advanced XML UI. Also text and links about Canary (currently in beta).
Fixed a bug in General Report when doing a “max” “concurrency” report,
where if you weren’t using a splitby field, the legend would say “1” instead
of “max(concurrency)”.
Fixed a bug where if you used the “Setup Clusters” page to generate your
clusters lookup, it would write the clusterLocale values as “”, which would
prevent the location lookup from running and thus you would not get any
location fields like area code, exchange, country, lat/long etc.

Version 5.1.3 (August 26^th, 2019)

Converted the encoding of a number of static file-based lookups from ascii
to UTF‑8 to allow customers to more easily translate the english language
content there into a local language.
Added a key to server.conf so that when admins update the sideview license
on any Clustered Search Head, that license change will be propagated to the
other SHC members.
Improvements to the app_setup/migration script so that it better handles
unexpected cases where the clusters/devices/groups/cidr lookups on disk
are found to be empty. It will now detect this case and attempt to replace
the contents of the file with the corresponding *.default.csv file.
Tightened the regex that matches the SEP prefix for hardphones to eliminate
false positives on other devices whose names happen to have those first few
letters. Now it looks further for 12 subsequent characters of hex.
Fixed a subtle problem in the Call Concurrency and Gateway Utilization page.
CallManager sometimes marks call legs canonically as outgoing or incoming
even when the destDevice or origDevice listed is clearly a hardphone or conf
bridge. Since gateway extractions all fail for these devicenames, the page
when splitting “by gateway” would end up with “NULL” as a legend item.
These have now been filtered out.
The gateways pulldown in the Gateway Utilization page will now return much
faster, and will contain the canonical list of gateways for the given time
range even if there are hundreds of gateways across 100K+ call legs.
Search optimization is disabled now for any user or view using our
‘get_locations‘ macro, as we have seen SPL optimization mangle the lookup
command for the external lookup.
Fixed a bug in General Report where if “sourcetype” was a field you were
analyzing, the UI wouldn’t realize it should try to pull any CMR and CUBE
records into the analysis as well.

Version 5.1.2 (July 19^th, 2019)

Fixed a bug where when using max(concurrency) in the General Report view,
your “bins” setting would be ignored and a default bins ceiling of 400
would get used instead.
Fixed a bug in Browse Extensions, and Browse Devices, where if you entered
values into a text field and then without changing anything else clicked
the submit button instead of hitting the enter key, the values you entered
would be ignored.

Version 5.1.1 (July 11^th, 2019)

Made a change so that if the Splunk instance is a Search Head Cluster and
someone tries to post a new license string into the Update License page,
it takes no action and gives them a helpful error.
Snuck in a semi-secret feature whereby concurrency reports can be done in a
limited fashion within General Report and Browse Calls.
Updated the “npa-nxx-lata-clli-ocn-location” lookup.
Updated python to include latest version of libphonenumbers

Version 5.1 (June 10^th, 2019)

Major improvements to both functionality and usability of the Browse
Devices page.
Devices lookup now can hold an additional column “productName”. When
present this creates fields origProductName and destProductName.
Device Detail page now has an additional tab that displays additional
summary details like unicodeLoginUserId values and numbers associated with
the device, as well as any values that our SA_cisco_cdr_axl app may have
pulled from CallManager via AXL.

Version 5.0.10 (May 14^th, 2019)

Removed the CSR and SCSR field from the field gallery because we realized
that these fields don’t actually exist in the CMR itself yet.
Added CS_total and SCS_total as new fields on the calls, which are the
total seconds of concealed speech and the total seconds of severely
concealed speech, across ALL CMR associated with the given call.
Added CSR_overall and SCSR_overall fields, which are respectively the
CS_total/duration_total, and SCS_total/duration_total.
As such these represent reliable concealed speech ratio metrics for any
devices reporting CS and SCS.
Fixing a bug in the transfers and legs fields, where if you used them
as a split-by field in reporting, they would get very significantly
overcounted, as represented by the range numbers in the legend for the
split by values.
Call Detail view now displays the time of any CMR that are present, either
by listing the value of its dateTimeStamp field or failing that, presenting
the time that the record was indexed by Splunk.
Fixed a bug where refreshing the browser manually on General Report pages
could reset your y‑axis field unexpectedly.
Fixed some formatting problems in field_gallery.csv which were causing
General Report to treat some fields incorrectly as categorical or numeric.
Changed the Update License page so it no longer attempts to preload the
textfield with the existing license string – instead now the raw string is
displayed in the table below.
Fixed a bug in Browse Extensions where “Show – Include numbers with zero
calls” would return two rows for some numbers in the results.
Fixed a bug where the devices lookup (rarely used, somewhat secret feature)
which is technically allowed to have null values in most of its fields,
would get some null values filled with “PLACEHOLDER” on Splunk restart.
Added migration to make the field names within the devices lookup
consistently cased.
added new fields that can be pulled from the optional devices lookup.
Device Detail and Extension Detail pages now have links under key panels
that show calls, to investigate these same calls over in Browse Calls.
Fixed a bug in the Browse Extensions page, where the “no group” and “no
subgroup” options wouldn’t work when checked, if any other checkboxes were
unchecked.

Version 5.0.9 (April 12^th, 2019)

Improved error messaging when underprivileged users attempt to update
the app’s license string, and when invalid licenses are submitted.
Removed the embedded app TA_cisco_cdr, as this has now been released
separately on Splunkbase. (NOTE – versions posted on Splunkbase never
had the TA’s in them so this only reflects a change for users
downloading from the Sideview website.)
Fixed a bug where orig_device_type, dest_device_type and device_type
fields would not populate correctly for non-mgcp gateway devices.
Implemented a small improvement for the device_type field on individual
call legs. If both types are the same, the field now only holds the single
distinct value
Implemented a subtle fix to what the app calls its “union fields”, (group,
name, subgroup, ip_addr and device_type) so that in the aggregated call
results, these fields now only list the distinct values.
Improved the Groups lookup’s handling of wildcarded numbers by having it
check and correct the sort order of the lookup, so now nested wildcards
work in the expected way without manual sorting.
Added Cisco’s somewhat newer redirect reason codes >300 to the app’s lookup.
Fixed an error in the Concurrent calls page that complained about an invalid
layoutPanel.
Added new default device_type extractions for conference bridges
Fixed a bug where some conference bridge devices would get misidentified as
gateways
Changes to default.meta to make some of our content not get flagged as
“orphaned” in splunk’s “reassign knowledge objects” admin UI.

Version 5.0.8 (March 12^th, 2019)

Improved the “to” and “from” fields so that if one of the geographical
fields like city OR state is blank, it does not fall all the way back to
displaying only country (this can happen with wireless numbers where there
is no city associated)
Raising the minimum version asserted by the app, from Splunk Enterprise 6.2
to Splunk Enterprise 6.4, as our new license endpoint was found to be only
compatible with 6.4 and up.
Fixed a bug when adding a dashboard panel to a shared dashboard not owned
by the current user. Previously this would fail with a confusing 404 error.
Fixed a bug when creating a new dashboard entirely, where the dashboard
panel creation would fail with “ERROR 400 Cannot create an object with
empty or all whitespace name”
When saving a new report, sharing the report with others now works properly.
When creating a new dashboard for new dashboard panels, the UI now prompts
you if your desired dashboard name contains invalid characters.
For multileg calls, the “from” and “to” fields now have only the distinct
string values from the various legs, and no longer list duplicate values.
Removing the interactive timeline from the top of the Browse Devices page
as it seems a change in more recent Splunk Enterprise versions has made
this not render properly. (if you want it back and fixed let us know)
Fixed a bug on the Browse Devices page where the device name filter would
allow the device names from the non-matching device (on the other side of
each call) to creep into the device search results.
Fixed a bug in the Gantt chart on Call Detail where it now renders even in
the rare case where callingPartyNumber or finalCalledPartyNumber are blank.
Fixed a bug in Browse Extensions where using the “name” field would filter
to the right people but could also return other internal parties that had
been on any multi-leg calls with them during the time range.
The “number” field in Browse Devices now supports multiple comma-separated
numbers, numbers with wildcards and hyphenated ranges of numbers (only up
to a max of 50) and various combinations thereof.
Cosmetic CSS fixes to render popuplayers, checkbox pulldowns and buttons
properly in the Splunk 7.3 beta.
Screened out some erroneous rest command warnings from the 911 calls page
and the sites setup page.

Version 5.0.7 (March 1^st, 2019)

Fixed a critical bug for Cloud users and users downloading from Splunkbase
that effectively barred all non-admin users from the product.
Health checks page can now be run even when product lacks a valid license.
Filtered out unnecessary “Successfully loaded lookup file” UI messages.
Added a warning to users who attempt to enter raw numeric terms into the
‘search filters’ field, as this is not supported and will return 0 results.

Version 5.0.6 (February 27^th, 2019)

Fixed a common problem where license strings pasted into “Update License”
would fail if they had an extra leading or trailing space character.
Improved the fix done in 5.0.5 around the “Sideview Utils not installed”
error case to no longer require a custom module.

Version 5.0.5 (February 19^th, 2019)

on Site Detail and Gateway Detail pages, some drilldowns and links were
linking to Browse Calls with the “get only the” pulldown set to only pull
the most recent 1000 call legs. This has been fixed so those links will set
that pulldown to “all” and so will now return expected results.
Implemented a workaround for a bug introduced in Splunk Enterprise 7.2.4
itself that causes an error message to appear on the app homepage saying
“ServerSideInclude Module Error”
Improved the Edit Clusters page so that if Splunk fails to run our
app_setup script (we are still not sure why this happens sometimes), users
can still use the “Edit Clusters” page to fix the clusters lookup manually.

Version 5.0.4 (February 4^th, 2019)

Fixed a bug where if you were using * as a wildcard in your groups lookup
entries the Extension Detail page for matching numbers would fail to list
the name, group, subgroup information.
Migration check added, to look for old saved reports that have ui_edit_view
specified but no ui_context. Since these will be unable to reload themselves
in the specified view they are now migrated to load in the default splunk
‘report’ view.
the Setup Groups page now gives users the ability to download a copy of the
groups lookup as a csv or to open it directly in Excel.
Fixed a bug around the “save report” buttons – the resulting reports would
reload fine in the Sideview UI but the underlying savedsearch stanza had an
extra “search” prepended to the SPL that would make it always return 0
results when run from core splunk interfaces and from the scheduler.

Version 5.0.3 (January 25^th, 2019)

Fixed a regression introduced surprisingly long ago where if you saved a
report and then tried to reload it from the “Saved Reports” menu, it would
not appear with the form elements selected to the right values and so the
results would be incorrect.
Fixed a bug where after you saved a report or dashboard from any of the
app’s interfaces, you would have to reload the page or navigate to a
different page before the new report/dashboard appeared in the Saved Report
or Saved Dashboards menu.

Version 5.0.2 (January 17^th, 2019)

Fixed a bug in the Devices page, where if you had all of the options selected
in the “sites” pulldown, then all of the sites in the table would switch to
“unknown”
Fixed a bug on Internet Explorer only that was introduced in 5.0.1, that
prevented the product from working properly on that browser.

Version 5.0.1 (January 14^th, 2019)

Fixed a problem introduced in Splunk 7.X where the TimeRangePicker control’s
menu options lost their submenus and became instead a huge flat list.
Screened out a class of uninformative “Successfully read lookup file”
messages from being displayed in the UI.
Improved clarity of product messaging when license/support terms expire.
Within General Report, the “over time” option now always gives you an option
to set the “bins”, ie to set the granularity of time on the x‑axis.
Cisco CDR app now requires at least Sideview Utils 3.4.6.

Version 5.0 (January 11^th, 2019)

The product has a new licensing mechanism. Instead of the license information
being embedded only in the source code served from our website, you can now
update the license by pasting your current valid license string into a page
in the product itself.
Fixed a bug in the “number” field in Browse Calls and General Report where
you could quickly click into the field as the page was loading and the
“enter number()” text would get stuck in there as though it was valid input.
Added Field Gallery docs for SCSR and CSR fields, and a sample report.
Pulled new NANPA data into the “npa-nxx-lata-clli-ocn-location.csv” lookup.
Fixed a bug that caused Browse Gateways to sometimes break a given gateway’s
stats into two different rows.
updated python-phonenumbers library to latest version.

Version 4.4.3 (November 9^th, 2018)

Significant performance improvements in both browse and general report
views by simplifying and optimizing the underlying SPL.
Fixed a problem in the Call Detail view caused by a regression in
Splunk 7.2 in its fields and table commands. Specifically this caused
confusing behavior in the Call Detail page where the field values in tables
could become misaligned and jumbled up from the field names
Fixed a bug where filtering using numeric fields with comparison operators
like MLQK>0 or jitter>20 would erroneously filter out all rows with 2 or
more call legs. (Note that technically this a workaround for a bug we
only recently discovered in Splunk’s own search language.)
Fixed a bug that caused callingPartyCountry and finalCalledPartyCountry to
often be blank.
Fixed a problem where users who lacked the dispatch_rest_to_indexers
capability in Splunk would get a confusing warning on some pages.
(besides the erroneous warning no functionality was actually affected)
Fixes to the hidden user_activity view (Note this view only works for users
that can search the _internal and _audit indexes, typically admins only)
Improved the messages displayed when the app comes up and Sideview Utils
is not installed or was removed accidentally.
Fixed a bug in the app_setup script that failed to account for the devices
lookup having a different header row that was canonical on older versions
of the app.
Fixed a minor bug — when summing a numeric field on multileg calls where the
same value gets repeated the sum would fall slightly short.
In General Report the “stack mode” pulldown now defaults to “stacked”.

Version 4.4.2 (October 10^th, 2018)

Fixed a bug in the new Create Report / Create Dashboard Panel functionality
where it would fail for non-admin users.
Fixed a bug where the data input setup wizard would fail if the “admin” user
had been deleted (regardless of which user you were using the wizard as).
Fixed a bug where non-US numbers would get not just *CountryCode and
*AreaCode fields but also the three digit *Exchange fields created
by mistake.

Version 4.4.1 (September 27^th, 2018)

Fixed a bug where the migration applied to the clusters lookup in 4.4
failed to properly migrate the names of the fields, leaving the lookup
inconsistent with props.conf

Version 4.4 (September 22^nd, 2018)

python script now handles the tasks around creating and migrating the
contents of key user-editable lookup files. (Formerly this was handled
by special config hidden on the home page that required an admin user to
load that page once after installs and after all upgrades.)
Minimum version of Splunk Enterprise has changed from 6.0 to 6.2.
Substantially reordered and redesigned the main form field layout in Browse
Calls and General Report.
Updated python to include latest version of libphonenumbers
Pulled new NANPA data into the “npa-nxx-lata-clli-ocn-location.csv” lookup.
Sites lookup now *can* have subnet blocks that contain other listed subnets,
meaning you can now put in catchalls for larger regions while carving out
specific subnets within for other site names. Various mechanisms also now
exist to detect when the file has incorrect sort order, and to fix it from
within Setup Sites itself.
In the Gateways – Summary tab, each gateway now has a failed call count and a
failed call percentage.
In the Gateways – Calls over time tab, you can now change the charts
displayed for the gateways to be split by call success/failure instead of
just by call type.
Added a new field “gateway” that represents the union of orig_gateway and
dest_gateway.
Clicking “see calls” from General Report will now set the “see only the N
most recent call legs” pulldown to “all” to avoid common confusion there.
Fixed several problems where all calls to/from non-US regions in the North
American numbering plan would not get their actual *Country, *AreaCode,
*Exchange, fields set correctly.
Added proper support for parsing IDD prefixes by locale. Clusters.csv now
has an extra column “locale”. Existing CSV’s are migrated when the homepage
is loaded. If left blank there is a failsafe macro that sets it to “US”.
Setup Clusters page now has a UI with which the users can edit the locale
for each cluster.
Canadian states and territories are now reflected properly in the
callingPartyState and finalCalledPartyState fields.
Fixed the field extractions for origUnityVMDevice and destUnityVMDevice
which were only holding the device name up to the first hyphen char.
Added two new categorical fields, callingPartyNumberType and
finalCalledPartyNumberType. eg: “toll_free”, “fixed_line”, “mobile”,
“fixed_line_or_mobile”, “shared_cost” etc.
Fixed a bug in Browse Gateways, where the click to Gateway Detail did not
pass on the currently selected timerange.
Changed the Origination/Connect/Disconnect times listed on the Call Detail
page to include second granularity (was formerly just to the minute).
Added ‘see search syntax’ links to the Extension Detail pages.
Added a field called “seconds_until_disconnect” that just measures the total
time between the origination time and the disconnect time. This can be useful
for analyzing inbound ring time for call legs that are not answered.
Browse Sites now lists the subnet_description fields and country if those
have been entered in the lookup.
Added some cosmetic CSS fixes to work with Splunk Enterprise 7.2.

Version 4.3.2 (July 31^st, 2018)

Numbers entered into the groups lookup can now have asterisk characters and
they will be treated as wildcards when matching against party numbers.
for US numbers, the callingPartyState and finalCalledPartyState fields now
are the full state names instead of the two letter abbreviations. There are
also new fields callingPartyStateAbbr and finalCalledPartyStateAbbr for the
users who need the abbreviated values.
For US numbers there are new fields callingPartyCLLI, finalCalledPartyCLLI,
callingPartyCompanyName and finalCalledPartyCompanyName.
Fixed the field pulldowns in General Report to properly disable fields that
we know to be categorical when a numerical statistic (eg avg) is selected.
Fixed a recent regression where the “reset to default fields” links
dissappeared from the field pickers.
removed the “all” option from the Sites pulldown on Site Detail as it didn’t
work properly and doesn’t make sense on a page designed to give detail on
only a single site.
Fixed a cosmetic bug in the TimePicker’s Calendar widget, where the “next”
button rendered in the middle of the month name.
Added a day_of_year field (integer-valued, from 1 to 366).
App homepage now automatically runs a subset of the health checks that we
deem critical, so common setup failures can be found and fixed more quickly.
Fixed a bug in General Report where the “bins” fields would often reset
themselves to “15”.
Lots of new Health Checks have been added to detect common and/or critical
misconfigurations and error states. (See Setup > Health Checks for details)
Fixed a bug in the “calls over time” tab within the Browse Gateways page
where not all gateways would actually get a timechart, if you had the
“scan only” pulldown set to less than “all”.
Fixed a bug in the “calls over time” tab in Browse Gateways where the charts
were not including stats from any incoming calls.
Health Checks page now groups the health checks that are considered
“Critical” in their own section at the top.

Version 4.3.1 (June 14^th, 2018)

Fixed a bug where some very long but nonetheless valid international numbers
were not getting location fields extracted.
Fixed a bug where “0011” was not being used as a possible IDD prefix.
Note that this is only likely to affect users in Australia.
Some changes in the Setup pages for clarity and also for look and feel and
consistency in Splunk 7.1
Added some initial functionality so that customers who follow our steps to
ingest data from CUBE, will see those extra fields in Browse Calls.
Added a health check to make sure no entries in the Groups lookup are
missing the number field.

Version 4.3 (May 7^th, 2018)

Browse Extensions now has options to include rows for extensions with zero
calls, as well as to include calls with zero duration in the counts.
Browse Extensions now has a field to specify one or more huntGroups whose
activity you want to narrow down to. The value entered is passed to the
Extension Detail page as well and exists as an editable field there also.
Supports * as a wildcard, comma-separated and hyphenated range values.
Simplification and optimization of the SPL search syntax used by the Browse
Extensions view. Removal of the “nameGroupSubgroup” field.
Fixed a bug where Browse Extensions was double-counting duration of calls
where the given party was both the original and final called party number.
Fixed a bug in the Devices page where selecting “no site extracted” would
not work correctly. As part of the underlying fix was in Sideview Utils,
the required Sideview Utils version is now 3.4.2.
Groups lookup now has max_matches=1, meaning if a given extension is in the
lookup twice, only the first matching row will be used.
Added huntPilotDN to the available fields in Browse Extensions, although it
is off by default.
Added a health check to look for numbers entered more than once in the
Groups lookup.
Added a simple report to the Field Gallery table, to show which pairs of
sites tend to have low MOS scores for calls carried internally.
Added logic to Device, Gateway and Site Detail views, so that when the user
clicks the breadcrumb to return to the corresponding Browse view, the
previous selection states will be restored.
Fixed a bug in the health check that checks leg_type definitions for
unwanted overlap.
Removed the MAX_DAYS_AGO=365 setting, so customers adding historical data
that is more than one year old don’t get it indexed with current clock time.
Gave Site Detail page a simple link you can use to see all calls in/out of
the given site, over on the Browse Calls page.
Screened out three field names from all field lists – the misspelled orig*
and “destdeviceName” fields that appears in CMR data, and the varVQMetrics
field which is not needed because we extract each metric separately.
Changed the gateway checkbox pulldowns on the Gateway Utilization, and Busy
Hour Calculator pages, to only pull 50,000 events at most, in calculating the
list of gateways.

Version 4.2 (April 24^th, 2018)

For all calls that have more than one leg, the order of those calls in the
results on Browse Calls is now reversed. This is a change we have wanted
to make for a long time. Formerly the first call leg was listed last and
the last call first. We apologize for the confusion of our existing
customers who had gotten used to it the old way.
Browse Gateways now has a checkbox pulldown to select any subset of gateways.
Improved the Browse Gateways page, to have a second tab wherein it lists
one chart per selected gateway, of call counts over time split by type
There is a new field called “leg_type”. You can assign values to call legs
simply by defining eventtypes whose names begin with “leg_type_”. This
enables a wide range from simple on-the-ground readability to advanced
reporting and analytics, particularly around complex multi-leg flows.
Docs and more product work are coming. Contact us for more details.
Sites lookup now has additional fields of country and subnet_description.
and the “location” field is now renamed to “site_name”.
The app homepage runs a simple migration that will implement these changes
and add the new columns as necessary to existing lookup files.
The fields we add to represent the “initial” and “terminating” party number
values, now are defined on each call leg instead of only on first and last.
Fixed a bug where if you used the “advanced” field within General Report,
clicking “see calls” to switch to Browse Calls would fail with an error.
Added a new field called initialType, that for each call represents the
“type” value of the call leg with the earliest origination time.
Changed defaults on the 911 report, to include 9911 and to exclude calls
that failed with “Unallocated (unassigned) number”.
Updated the call release cause codes and video codec types lookups to add
some entries only present in more recent CM versions.
Fixed a bug in Browse Calls and General Report where if you were using
any location fields suffixed with Lat, Long or StateAbbr, and not using
any other location fields, the values be all null.
Fixed the appearance of the app’s submit buttons when the app is loaded in
Splunk 7.1.
Added a workaround for a bug in Splunk 7.1, where the class of
“foo NOT foo” searches that we use to power the field pickers stop working
properly.
Fixed cosmetic bugs in Splunk 7.1 in the Pulldown, CheckboxPulldown and
FieldPicker modules.
TimeRangePicker controls on extension_detail, site_detail, gateway_detail and
device_detail no longer default to All time.
Required version of Sideview Utils is now 3.4.1 (was previously 3.3.15).

Version 4.1.10 (March 26^th, 2018)

Added a new default device_type extraction for Cisco ICD queues.
Workaround for a bug in Splunk where the server returns “UNKNOWN_VERSION” as
the Splunk version. Prior to this release of the app, when his bug did occur
in Splunk it made the app’s version dependency check fail, and then redirect
every user to the homepage to tell them the Splunk version was too low.
Fixed a bug where gateway devices were showing up on browse devices if you
had all device types selected (even though they’re not one of the options).

Version 4.1.9 (February 13^th, 2018)

Removed the runlocal=true from all lookups so bundle replication can push the
scripts and tables out to run at the indexers.
Fixed a bug in Browse Extensions where the group and subgroup pulldowns
would never populate with any entries that had a null value for subgroup.
(Note this bug does not occur when the row has merely “emptystring” values.)
Greatly improved performance of the Browse Sites page by switching to a
tstats search instead of a raw data search. Also removed the “scan only the
most recent 1000 calls”, as this became obsolete.
Added export buttons to two of the panels in Call Detail view, to make it
easier for users to do deeper investigations and comparisons in Excel.
Added “reset to default fields” and related links to the 2 Field Pickers in
the Call Detail views.
Improved checklist.conf entries that check our dependencies against Splunk
version and Sideview Utils version – they no longer erroneously say
“not applicable” when they pass.
There is a new mechanism implemented as a “check_single_value” key in
fields.conf that activates a health check. If any recent events have
multiple values for the given field the health check will fail.
Cisco CDR now ships its own custom controller to allow admins to update the
apps own file-based lookups via uploaded csv files.
(Prior to this release, that functionality relied on the presence of the
Lookup Updater tool in Sideview Utils.)
Replaced all our health checks with checklist.conf stanzas, added a custom
testrunner to pull those stanzas into our own health check page and run them
there.
Removed a number of old obsolete health checks, including the old custom
“headerextractionconfig” search command.

Version 4.1.8 (January 19^th, 2018)

Removed the long-deprecated “cisco_cdr” and “cisco_cmr” sourcetypes.
Fixed a bug where if callingPartyNumber was null, the countryCode, areaCode
and all location fields of finalCalledPartyNumber would also fail to extract
and vice versa.
Fixed a bug in Browse Extensions where extensions that matched multiple rows
in the Groups lookup would not appear in the results at all NOTE: in
general having extensions match multiple rows in the Groups lookup is not
fully supported and despite this fix, will still cause a number of problems
elsewhere.
Fixed a bug in Device Detail where calls with null values for any of the
three party fields would not be included in totals.
Fixed a bug in Device Detail where drilldown clicks on the chart to view
individual calls, would not show any call legs where any of the party
numbers were blank.
Fixed a bug in the Site Detail view, where changes to the Site pulldowns
would reset the selected timerange to whatever timerange the Browse Sites
page had originally had.
Fixed a bug where every time the homepage loaded, it would re-insert a row
into the clusters lookup, telling the user to visit the Clusters page under
setup.
Removed “call types” and the “scan only the 1000 most recent” calls from
Browse Devices.
Removed “gateway” from the device type pulldown in Browse Devices.
across all pages that have it, we reworded the “count only the 1000 most
recent matching records” pulldown’s labels to say “scan only the 1000 most
recent call legs” to more accurately describe how it works.
Added a custom search command dnparse that may one day replace the scripted
lookup “parse_phone_numbers”. However in our testing the performance lags
behind the existing scripted-lookup so the app continues to use the latter.
Added a check to Browse Calls, for if users put a “*” into the number field.
Prior to this change they’d actually get considerably worse performance as
a result. Now it will be the same as if they’d entered nothing.
A small change to the code running lookup editors for Sites and Groups – if
a user edited an individual row previously, empty fields like subgroup would
be encoded as emptystring values. Now they are proper nulls.
For customers who have already set up the TA_ciscoaxl app, there is now a
hidden view called setup_devices that allows them to use Cisco AXL to
populate a new “devices” lookup automatically and make its fields available
within the Browse and Report views.

Version 4.1.7 (December 6^th, 2017)

Fixed a bug in the Gateway Utilization page where the counts would be
doubled if tandem calls were selected. This bug was unfortunately
introduced by our changes in 4.1.4.
Changed the behavior of the “site” field generated by the ‘get_sites‘ macro.
Now if the origination and destination sites are the same, the site field
has only the one value, ie “Oakland”. Previously the site field would have
a multivalue value, ie [“Oakland”,”Oakland”].
Added a “split by site” option to the Call Concurrency page.
Fixed a problem in “Setup > Sites”, where the “find more sites to add” tool
did not work properly.
on the 911_calls page, the copy about enabling/disabling the alert has been
updated to match UI changes in Splunk 7.0.

Version 4.1.6 (November 3^rd, 2017)

Fixed a bug around the advanced Sites lookup customization introduced in
4.1.5, where if you used the new feature, call_detail, sites and
site_detail pages then wouldn’t extract the sites from the right IP fields.
Introduced a hidden view called “user_activity” that local administrator
users can use to see which of their local users are using which apps and
dashboards, and what kinds of searches they’re running there.
Fixed a bug introduced into the Gateway Utilization page in 4.1.4 where
if you only had one call type selected it would give an error and not run.
Changed the Cluster pulldown on the Browse Calls page to a multiselect
checkbox pulldown control, so users can select more than one at a time.
Fixed a bug where some conditional messaging on the Extension Detail no
longer worked. If you navigated to the page manually the messaging now
tells you that you need to enter an extension or DN before the page will
do anything.

Version 4.1.5 (August 29^th, 2017)

Improved our concurrency calculation, which essentially wasn’t accounting
for a number of seconds at the end of each call equal to the difference
between the origination and connect times.
Gave the “number” text fields support for hyphenated ranges of numbers like
1000 – 1020 for users who want to search for all calls involving a whole
range of extensions. (Note this required removing a minor feature added
in 4.1.4 whereby you could paste in DN’s with hyphens in them and it would
strip out the hyphens as a convenience.)
Made a small change to our location lookup to remove the seldom-used
*AreaDescription fields, that was able to give us a 10x speed improvement
in search performance when any of the other location fields are needed.
Added an advanced customization setting to allow admins to alter how the
sites lookup works. By default the origIpAddr and destIpAddr fields are
the ones used, but you can now change this to use other ipAddr fields like
origMediaTransportAddress_IP, destMediaTransportAddress_IP

Version 4.1.4 (July 31^st, 2017)

Fixed some incorrect charting results in the Call Concurrency and Gateway
Utilization tool if you were analyzing tandem calls and/or SIP trunk calls.
Fixed a problem where the 911_calls alert that the app ships with, does
not extract or display the originating Site field.
Added a README file at the root of the app to help catch users who do not
follow the install docs closely.
Added a simple feature to remove hyphen characters on paste, if a user ever
pastes them into the “number” fields.
Fixed a problem in the geolocation lookup that broke the value of the
*AreaDescription fields.
Improved the geolocation lookup to present city names in consistent title
case (previously cities were sometimes upper case, sometimes title case.)
Added the ability for administrators to define in conf, what field list
should be set when end-users click “reset to default fields” in the Browse
Calls page’s Field Picker.
Added a copy of the core props.conf and transforms.conf stanzas from our
Cisco IOS Voice Gateway app, so prospects looking to stitch together
disparage chains of Callmanager call legs via the voice gateway logs no
longer have to set up the separate voice gateway app.

Version 4.1.3 (July 11^th, 2017)

Updated the libphonenumbers code ( daviddrysdale/python-phonenumbers ) that
does most of the work around extracting location info from DN’s.
Updated the “npa-nxx-lata-clli-ocn-location” lookup.
the ‘custom_index‘ macro now defaults to index=”cisco_cdr” instead of
index=”main”.
Addressed an issue where the fields table on the homepage took a very long
time to load.
Fixed a bug in the 911 calls page, where it wasn’t including the originating
Site.
added a “see full search syntax” link to the 911 calls page, and formatted
the duration field as 00:00:00 instead of integer number of seconds.

Version 4.1.2 (May 26^th, 2017)

Improved behavior out of the box for the scripted lookup that is responsible
for creating the many geolocation fields like countryCode, areaCode.
offnet prefixes of “99” are now supported out of the box, and non-numeric
values no longer result in error messages written to the output fields.
If users set up the Sites lookup such that all internal calling parties are
mapped to sites and thus to lat/long values, that plus the DN parsing code
can now reliably geolocate virtually all calling parties across all calls.
Fixed bugs in how the filtering fields and pulldowns were working in Browse
Devices.
Fixed a bug with Splunk 6.6, where a diagnostic search run by the app’s Home
Page would fail with an error saying “headerextraction config [HTTP 401]
Client is not authenticated.”
Fixed a regression in Splunk 6.6 where Splunk’s problematic default behavior
returned whereby it sends all “saved report” links to splunk’s generic
report view. Now this is fixed again, and all saved report links load the
given report in the appropriate view in the app.

Version 4.1.1 (April 12^th, 2017)

Fixed a problem with the internal_device_type and device_type fields where
for internal calls they would only pick up the values from the orig* side.
Added new device_type value of “ccg” to pick up call-control-group devices
from device names in the form CCG_1211, CCG-1940
Fixed a bug in the field picker within Browse Extensions. where if you did
not select “incoming” or “outgoing” or “internal” as fields, the
corresponding “duration” fields would not be calculated either.
Fixed a bug in Browse Extensions where if a given number appeared sometimes
with one unicodeLoginUserID value, and sometimes with another (or none) that
there would be one row for each such combination, rather than just one row
for each number.
Workaround for a rare bug in Splunk 6.2 (possibly in subsequent Splunk
versions but not in 6.5). The bug was that if you had any negative integer
values of the CMR “duration” field, and you had both a CMR field and the
duration field selected in your field picker, searches in Browse Calls
would fail with the cryptic error “invalid number”.
the “Define Sites” and “Define Groups” pages now have significantly more
useful functionality within the “Find Sites to add” tab, and the “Find
Extensions to add” tabs, respectively.

Version 4.1 (February 21^st, 2017)

Added new view “Browse Extensions/DN’s” and its associated detail view.
This can be used for a variety of use cases around call volume reports
to and from internal parties and groups. Note that this replaces the older
and simpler “Browse Phone Numbers” page and “Phone Number Detail” which
have been removed.
Made a change to the default 911_calls alert to workaround a problem where
the server would send an email every few *seconds* once a 911 call went
out, instead of only one email per call as expected.
Fixing the Concurrent Calls report so that the dropped calls panel also has
a “view results” link, so as to make it easier to save as an alert.
Performance improvements to the Concurrent Calls report.
Removed all the old “example” savedsearches because they have all since been
replaced by better examples in the field gallery table.

Version 4.0.7 (January 25^th 2017)

Added a new page for 911 calls, under “Browse”. There is an associated
savedsearch that can be easily turned into a realtime alert.
Added a safeguard so that if the deployment is from a version where the
CMR data also has a “duration” field, that this will be reflected as a
field called “cmr_duration”, rather than appearing as confusing second
and third values for “duration” in the Browse Calls table.
Added some logic for the huntPilotDN field for the cases when the field is
undefined in the raw CDR. Specifically if calledPartyPatternUsage is “7”,
then the app now infers correctly that finalCalledPartyNumber represents
the huntPilotDN (as per cisco docs).
Added lookup for patternUsage, creating new fields
calledPartyPatternUsageDescription and calledPartyPatternUsageName
added lookup for mobileCallTypes to identify mobility features invoked,
creating the new field mobilityFeature
Added lookup for routing reasons, creating the new fields
lastRedirectingRoutingReasonName, origRoutingReasonName, and
currentRoutingReasonName
Added all fields mentioned above to field gallery, plus more than 70
additional fields.
Reworked the field gallery on the homepage to give it additional filtering
and search controls. You can now choose to see 1) fields present in raw CDR
vs those added by the app. 2) fields that are in your indexed data vs not.
There is also now a search field that you can use to match any entered
search string against field name and description text.

Version 4.0.6 (November 11^th, 2016)

Removed 2 unused calculated fields in props.conf that were triggering
CalcFieldProcessor WARNS in splunkd.log
Performance optimizations on the scripted lookup that parses country code,
area code and exchange out of DN’s.
Parametrization of the scripted lookup for DN’s to support customers who
have unusual dialing prefixes for outside lines.
Many improvements to the “Define Groups” documentation.
A bugfix to the system that checks whether the Sideview Utils app is
not installed at all. Now a better error message displays instead of a
simple but confusing alert.
Fixed a bug where if you specified a Groups lookup with the number, name
and group fields but omitted the subgroup field, then every time the app’s
homepage was loaded, the lookup would get obliterated.

Version 4.0.5 (September 23^rd, 2016)

Reversed the order of the raw call legs table in Call Detail. Although
this makes it inconsistent with Browse Calls, we all seem to still
expect the first leg to be first and last leg to be last.
Added a gantt-style visualization of the N call legs to Call Detail. This
visualization only appears for calls with more than one leg.
Added new fields callingPartyLATA, callingPartyOCN, callingPartyCompanyType
and the corresponding fields for finalCalledParty.
Restored some important messaging on the Create Data Inputs page, that
warns the user that when they submit the form to create the data input, the
files being indexed will be at the same time deleted from the filesystem.
Added new field duration_elapsed. This field value will contain the number
of seconds between the connectTime of the earliest call leg to connect, to
the disconnectTime of the last call leg to disconnect. This field can be
used in General Report and Browse Calls, but not yet in Call Detail.
Renamed total_duration field (introduced in 4.0.2) to duration_total so that
it will always appear alphabetically next to duration and duration_elapsed
The “legs” field (introduced in 4.0.2) will now appear in field lists
throughout the product.

Version 4.0.4 (July 20^th, 2016)

Replaced the FlashChart modules used throughout the app with JSChart
modules. (Splunk’s FlashChart module has developed some bugs in certain
browsers and flash plugins whereas JSChart’s once-problematic axis labels
are now much improved.)
Added a few missing fields to the field_gallery so they will appear not
only in the report gallery but also in reporting pulldowns and field
pickers. – fields are finalCalledPartyCity, finalCalledPartyState,
finalCalledPartyZip, originalCalledPartyGroup, originalCalledPartyName,
and originalCalledPartySubgroup
Bug fixed in the data input wizard’s error detection. Previously if your
directory already had a data input but it also had no files therein, you
would get the warning about no files, not the more important warning about
the previously existing input.
Added interactivity to the Call Concurrency page so that you can now click
the main call concurrency chart and see a second chart below showing you
the call concurrency within that much shorter time range.
Fixed a bug in Gateway Detail where the first chart didn’t load.
Fixed a bug where 2 seldom used fields from the CMR, directoryNum and
directoryNumPartition were erroneously listed in the app as directoryNumber
and directoryNumberPartition. This caused them to not work in field
pickers and reporting pulldowns.
Fixed a bug that prevented any of the City, State and Zip fields from being
used in General Report.

Version 4.0.3 (April 26^th 2016)

Fixed a bug in the Data Input wizard where on windows it would fail to
detect pre-existing data inputs if the casing of the path you entered
didn’t match exactly.
Fixed a bug in the Data Input Wizard where if you had more than 30 existing
data inputs on a standalone indexer, it might not detect that you were
about to create a data input on files that are already being indexed by an
existing data input.
Sinkhole inputs created by the data input wizard will now set crcSalt to
“” to avoid all bugs and catch-22’s around initCrcLength being
too low or too high.
To help existing customers index data that has been orphaned on the
filesystem by initCrcLength catch-22’s, initCrcLength has been lowered
to 1500 for cdr and 1000 for cmr.
Added max_days_ago=365 to sourcetype config to make it easier to index
archived data.
There is a new field called “number” that is the union of callingPartyNumber
originalCalledPartyNumber and finalCalledPartyNumber
the “callId” field is now created automatically instead of extracted by the
UI explicitly using the app’s ‘get_call_id‘ macro. This is just to simplify
some underlying search syntax and has no other significant effect.
Workaround for a bug in Splunk 6.4, whereby our preexisting patch to
workaround a *separate* bug in the Splunk Navigation bar, now has to be
wrapped in a require call. (see dashboard.js)
Replaced the lookup config to generate originalCalledPartyName,
originalCalledPartyGroup and originalCalledPartySubgroup, which had been
removed with the thought that it was never interesting.
added new field “name” that is the union of callingPartyName,
originalCalledPartyName, and finalCalledPartyName
> added new field “group” that is the union of callingPartyGroup,
originalCalledPartyGroup and finalCalledPartyGroup
added new field “subgroup” that is the union of callingPartySubgroup,
originalCalledPartySubgroup and finalCalledPartySubgroup
Fixed a bug in Browse calls where if you were not actually searching for
a particular IP address field, but you had that field in your field list,
and you didn’t have the location or sites field active, and you were on a
CUCM that stores ip’s as long integers, you’d see the unconverted integers
in your Browse results.
Fixed a bug where if you were using the “advanced” field in Browse Calls,
the app would not realize it had to carry along those field names and run
any required SPL extractions for thoe fields in your expression.
Added/Modified the ip_addr “field” to now be available in the app UI, and
hold the union of all the various IP address fields.

Version 4.0.2 (March 11^th, 2016)

Added new field to the UI called “initialCalledParty”, “initialCallingParty”,
“terminatingCalledParty” and “terminatingCallingParty”. For multi-leg calls
these represent the appropriate parties from the initial/final call legs.
Added new field to the UI called “total_duration” that adds up the duration
values from all of a call’s individual call legs.
Added a new field to the UI called “transfers” that represents the number
of call legs within the given call that show a termination cause of “call
split”. This field is available in both Browse Calls as an additional
column, and also in the Reporting UI.
Added a new field to the UI called “legs” that simply represents how many
call legs the given call has.
Added a field called “on_hook_party”. If the last call leg was
terminated by the caller going on-hook, this is “caller”. If the last leg
was terminated by the receiver, this is “recipient”. For calls that don’t
connect the field will be null.
~30% speed improvement for General Report to only get CMR data if
one or more CMR fields are actually involved in the report.
modified the machinery that initially creates the Groups lookup, so that it
will not interfere with customer attempts to add new fields to the lookup.
Added finalCalledPartySubgroup and callingPartySubgroup to the field_gallery.
Changed the default Groups lookup to also have an optional “subgroup” field
as this field has proved useful to some customers. The field will also get
automatically added to any rows in existing customer lookups.
Fixed a bug where the raw call legs table in Call Detail view would list
the time as the last column in the table instead of the first.
Fixed a bug where the General report page would see groups fields like
callingPartyName/callingPartyGroup and think it had to run the very
expensive location extractions.
Fixed a bug in Browse Calls where if you had the “count only” pulldown set
to “all records” for your session, when you clicked into Call Detail and
then clicked the breadcrumb to get back to Browse calls it would reset to
“count only the 1000 most recent matching records”.
Fixed a small class of bugs that concerned when a single report was
filtering and/or reporting by one or more IP Address fields *and* one or
more site fields.
Fixed a bug in the Browse Calls view where “Graph calls over time” wouldn’t
pass along your selected value for the Cluster pulldown.
Optimized the DN-parsing lookup to not process originalCalledPartyNumber
since this was never being used and removing it speeds up a very
expensive lookup by about 50%.

Version 4.0.1 (February 18^th, 2016)

Browse Devices now has a sites pulldown that you can use to see only the
devices from one or more of your defined sites or locations.
Setup Sites now has a tab to help you find devices, extensions, DN’s and
Ip Addresses that are not matching any of the sites you have defined so far.
callingPartyGroup, callingPartyName, finalCalledPartyGroup and
finalCalledPartyName will now appear in all field menus without having
to wait for the daily scheduled search that finds new custom fields
Modification to the data health checks so they complete in reasonable
time on hosts with *only* legacy sourcetype data.
Fixed a regression in 4.0 where the app’s Create Data Input Wizard would
index the CMR records with the “cucm_cdr” sourcetype instead of “cucm_cmr”
Resolved a performance problem on Call Detail view which in some cases
caused the page to hang.
Fixed a problem where the links to the Splunk Admin UI would result in
‘page not found’ errors.
Deleted 6 hidden gitignore/cvsignore/svnignore files from the libphonenumbers
directory so they don’t trigger splunkbase/cloud appcert/app-vetting checks.
Fixed a bug where if you saved a report or created a dashboard panel from
the Call Concurrency and Gateway Utilization tool and then tried to re-run
that report later, it would fail to repopulate the pulldowns correctly.
(Note that reports saved prior to this fix would have to be recreated in
order to have the correct loading behavior in the UI.)
Fixed a bug in Call Detail view where if you had a field displaying in the
upper right panel and that field had multiple values, it would show only
the value from the most recent call leg instead of listing all the values.
removed “answered” and “missed” from the Browse Phone Numbers page as these
numbers as calculated were a little misleading for calls with more than
one call leg.
Fixed a bug where in the Browse calls page you couldn’t search for
duration greater or less than a particular number of seconds.
Some adjustments to the design of the save/create controls and the Edit
Fields button in the Browse Calls page.
The Browse calls page now has a “graph calls over time” link that switches
you over to the General Report page, preserving your filtering arguments.

Version 4.0 (January 27^th, 2016)

The App’s name has been changed from “Splunk for Cisco CDR” to
“Cisco CDR Reporting and Analytics”.
Changed the Data Input wizard and documentation to now create and recommend
batch aka sinkhole data inputs only. This removes the need to create
shell scripts to delete older CDR and CMR files.
Splunk’s AppBar module has been patched within this app to resolve a
problem where the module stopped using Splunk’s “@go” URL system. This had
the effect of preventing all our app’s saved reports from loading in the
proper view (ie browse or general_report). With this change, all saved
reports will once again reload back in the view in which they were saved.
Added first version of sourcetype configuration for AlternateSyslog.
Contact us for more details.
Modified one of the data health checks so that it wont be triggered by
other non-cdr sourcetypes living in the app’s index.
Added a new field “internal_device_type”, useful for doing reports around
device utilization where “gateway” isn’t a useful device-type to have.
Added a new field “site” that combines origSite and destSite, useful for
various reports split by site that need to combine both sites from inbound
and outbound parties.
Added many new sample reports for various fields.
Reorganization of the homepage to help trial users get started and also
provide simpler more functional content for paid users.
Some rounds of optimization to trim out unnecessary search language that
the reporting and Browse pages were inserting.
On the Site Detail page, removed “User busy” and “unallocated number”
from the “unusual call termination reasons” timechart.
On the Site Detail page, enabled drilldown on the “Unusual call termination
reasons” report that now takes the user directly to see the actual calls.
On the Site Detail page, enabled drilldown on the Site to Site concurrency
timechart report that takes the user directly to see all calls in
progress at that moment.

Version 3.7.1 (November 23^rd, 2015)

Fixed a regression in the “number” field in Browse Calls whereby the
resulting search would be invalid.
Corrected language in help text and health checks that referred to the file
extension on the downloaded app package as *.tar.gz rather than *.spl.

Version 3.7 (November 19^th, 2015)

In Browse Calls, the user can now edit and reorder the fields shown in the
tabular results. This supercedes the “include” pulldown which has been
removed in this release.
in the Call Detail, the user can now edit and reorder the fields shown in
the “call legs” table.
in Call Detail view “call legs” table now indicates next to a calling or
called party when that party terminated the leg by going on-hook.
in Call Detail view, the “call legs” table is now above the “other calls
to/from” panels.
When clicking the “see calls” link in General Report to peek at the calls
themselves in “Browse Calls”, if you are using a quality field or a
location field, the UI no longer warns you that the field is not active, it
instead automatically includes it in the results for you.
Fixed a bug where if Splunk indexed a given call’s legs out of time order,
the start time assigned to the call by the app might actually be the time
for one of the subsequent call legs. This problem was always there to a
certain extent but is a lot more common in Splunk 6.3 due to an
undocumented SPL behavior change.
NOTE: this problem also causes a bug where the drilldown from Browse Calls
to Call Detail view results in Call Detail view loading empty.
An optimization around the ‘call types’ pulldown – if all 4 types are
selected and there are no other searchterms it now skips running any
subsearch thus speeding up these cases significantly.
Browse Calls page now lists multiple duration values for multi-leg calls.
“sites_lookup” macro renamed to “get_sites” for consistency.
Fixed a problem on Site Detail page where the “only 10000 events” pulldown
was being ignored.
Some minor improvements for users who find themselves searching for raw cdr
events in the search page — added a Workflow action to get to Call Detail
and a better default selected field list.
Changed how the various default device type extractions were configured so
that now they can be edited from the Splunk Admin UI without throwing an
erroneous error on submit.
Relaxed a Health Check that was looking for issues around indexed headers,
such that it no longer searches other Splunk indexes as well.
Added entries to the help table for the fields around sites and also around
the “to”, “from” and “quality” columns on the Browse Calls page.

Version 3.6 (October 6^th, 2015)

Reworked the base events macros to workaround sporadic bug in 6.2 on
windows where type and eventtype fields stop working properly in search.
Fixed a problem on Call Detail page where calls involving extremely common
calling or receiving parties were triggering extremely expensive and slow
searches on the “other calls to/from” panels.
Updated General Report to include the site and subnet fields (destSite,
origSite, destCidr and origCidr) in the reporting pulldowns.
Updated Browse Calls to work properly and give appropriate warnings if the
user uses site and subnet fields in the “misc search terms” box.
Updated Sideview Utils required version to pick up an improvement around
CheckboxPulldown having its options deselected by default. This resolves
a problem where the show location/quality pulldowns would reset themselves.
Added 5 new lookups to create readable description fields for the 5
“onBehalfOf” fields in UCM CDR.

Version 3.5.4 (Aug 14^th, 2015)

Added the Sizing Calculator page.
Devices listed on Call Detail pages are now linked to Device Detail.
lookups are now explicitly scoped to run on the search head in distributed
search.

Version 3.5.3 (May 26^th, 2015)

renamed the “report” view to “general_report” so that standard Splunk
dashboard/report interactions in 6.2 that are trying to go to the core
“report” view can work properly again.
Added a Data Health Check to catch savedsearches.conf content saved with
“report” that should be manually changed to “general_report”
Browse calls page now loads with neither “locations” nor “call quality”
selected in the “include” field. This results in much faster page loads
although users who liked the Locations on by default will now have to
turn them on manually.

Version 3.5.2 (May 21^st, 2015)

Restored a few fields inadvertently screened out of General Report’s y‑axis
pulldown
Changed fields in CSV and JSON exported from Browse Calls, so that duration
is listed in seconds (instead of [D] HH:MM:SS), and to make timeformat
more standard.
Added key pages and resources for “Site Detail” and “Setup Sites” pages
which had been accidentally excluded from the trial download.

Version 3.5.1 (May 7^th, 2015)

Fixed behavior when multiple extensions were entered comma-separated in the
“number” fields. Now calls will be matched whose call legs contain any of
the given extensions, rather than all of them.
Added a setup view for the user to define their sites and offices based on
ip addresses, specifically by subnets given in CIDR notation.
Added “Browse Sites” view and a detail view that shows site-to-site
concurrency information.
Reversed order of orig_and dest_gateway fields in Browse Calls.
Added index-time transform so that the useless “INTEGER,INTEGER..” headers
are no longer indexed.
In General Report, it is no longer possible to create nonsensical
combinations of options such as “distinct count of duration” or
“sum of orig_gateway”.

Version 3.5 (April 7^th, 2015)

Charting Pulldowns to select fields now load much faster in reports.
When duration is displayed in Browse Calls and Call Detail views, it now
appears formatted as “00:17:30” rather than as a raw number of seconds.
the ‘see search syntax’ links now use the default search view rather
than the app’s custom “charting” view.
Call Detail view loads much faster because its searches are restricted
to the times the call legs occurred, plus an extra day on either side.
This makes the “other calls to/from” tables much faster to render.
The “other calls to/from” searches on Call Detail view are further sped up
by no longer retrieving and collating CMR data.
Fixed a rare bug whereby calls that had null values for the
“dateTimeDisconnect” field would not render properly in the Call Detail view.
on Call Detail view, removed null non-CMR fields that were showing up in
the “Call quality information (CMR)” section.
Changed to consistently follow Cisco’s definitions of numberPacketsLost.
As of this release numberOfPacketsSent – numberOfPacketsReceived will not
necessarily equal numberPacketsLost because the latter doesn’t include
late packets or duplicates.

Version 3.4.6 (February 16^th, 2015)

Fixed a regression in the Browse Calls page where if you filtered by an
extension or DN, you would only see call information from the subset of
call legs that contained that DN.
added device_name and ip_addr fields that for each call leg, are the union
of the corresponding orig* and dest* fields.
Improved logging in the data input setup wizard.
Fixed a critical bug in the data input wizard where, for single-indexer
mode, if you happened to not create an index with the default name
“cisco_cdr”, the setup page would fail to load properly.
Fixed a bug where Call Detail view would not render certain times properly
for calls that had more than one call leg.
multiple calling and called parties listed in Call Detail view are listed
in the order in which they appeared, (no longer sorted numerically).
Fixed a bug in Gateway Detail view where the drilldowns from a given Call
Release description over to Browse Calls always returned zero results.

Version 3.4.5 (February 4^th, 2015)

Fixed a bug where users without administrative privileges would get a
strange error message at the top of the app homepage. “Client is not
authorized to perform the requested action”.
Fixed a bug where very large groups files would get truncated to
10,000 rows when an admin user hit the homepage.

Version 3.4.4 (January 29^th, 2015)

Fixed a bug in the data health check detection, whereby the check for the
custom_index macro was not restricted to just the local search head.
Packaged a “TA_cisco_cdr” app within the main app. This app is now the
recommended app to push out to indexing and forwarding tiers.
App is now aware of the user’s geographical locale when rendering times and
dates. eg if you have “en-GB” in the locale portion of your URL, you will
get dates rendered as “dd/mm/yyyy” instead of “mm/dd/yyyy”.
Fixed a bug introduced in 3.4.1 to the Concurrent Calls and Gateway
Utilization tool, where the granularity accidentally was lowered to Splunk’s
default granularity for timecharts.
Edited the Data Input Setup flow so that it now also gives full setup
instructions for distributed deployments.

Version 3.4.3 (December 18^th, 2014)

Fixed a bug in the data input setup wizard where the custom_index macro
would get set to “index=”main” erroneously.
Improved handling in the data input setup wizard if the end-user enters
the path with some slashes or backslashes that are not appropriate for
their platform, or if they leave a trailing slash on the directory.

Version 3.4.2 (December 15^th, 2014)

Fixed a bug where if you used them as filtering search terms, the
device_type, and *_device_type fields would not work reliably.

Version 3.4.1 (December 12^th, 2014)

Corrected a small but longstanding known error in the Concurrent Calls and
Gateway Utilization tool. where the concurrency displayed towards the
right side of the chart would be a small delta higher than the actual
concurrency.
Added “device_type” as a field in the app, and also as a field in the
Concurrent Calls and Gateway Utilization tool.
The interactive chart of calls over time shown on the Phone Number Detail
page is now split by type (ie outgoing / incoming / internal)
Improved out of the box extractions for device types like uccx unity-vm.
Added device_type as a field in the Browse Devices page.

Version 3.4 (November 24^th, 2014)

Built a new Data Input Wizard to both simplify the setup experience and
keep users away from the confusingly different admin sections in 6.2 vs
6.1 vs 6.0 vs 5.0 Splunk versions.

Version 3.3.2 (November 10^th, 2014)

Fixed a bug that affected both Browse Devices and Device Detail, where in
deployments with no unicodeLoginUserId values, key tables would be blank.
Fixed a bug where in the Browse Calls page the from/to fields were sometimes
empty. This only affected version 3.3.1.

Version 3.3.1 (November 5^th, 2014)

Fixed the dependency error detection so that once again helpful errors are
displayed for instance if the Sideview Utils app is not installed.
Fixed a bug introduced in 3.3 where in the Browse Calls page if you set the
“count only the” Pulldown to “all records”, it would only retrieve 10.
Back by popular demand, Browse Calls now has a “cluster” pulldown again.
Improved a number of cases where location fields weren’t being added.
Fixed a bug in Browse Calls, where if terms in “other search terms”
applied to different call legs, those calls would not be returned.
Fixed a bug introduced by Splunk 6.2 where the textfield in the app’s
Charting view was only a single line and could not be enlarged.

Version 3.3 (September 24^th, 2014)

In the “number” field in Browse Calls or General Report, you are no longer
limited to a single number or wildcarded prefix. You can now enter space-
or comma-separated numbers or extensions.
Replaced the 2 release code description fields displayed in Browse Calls
with our single overall release code field.
Optimizations to increase reporting speed if call types are selected.
Call type element on Browse Calls is now a checkbox pulldown.
Call Detail view now includes at the bottom the complete set of call quality
field values from the CMRs.
Browse Calls now allows you to optionally see and search on location data
like city,state,country as well as call quality data.
Cleaned up geolocated city names to be consistently title-cased.
When clicking “see calls” from reports that use either location or call
quality fields, the relevant extra fields will be enabled in Browse Calls.
When clicking from Browse Calls into Call Detail and then using the
breadcrumb link to return, now the user’s filtering selections are retained.
If when a report loads, there are no matching calls at all, the fields and
charting pulldowns disappear and you get a message saying that no calls were
matched. Formerly the pulldowns would load in an unusable state.

Version 3.2.1 (July 31^st, 2014)

Interaction and usability improvements to the Device Detail page.
Improved fields displayed by default on Call Detail page.

Version 3.2 (July 29^th, 2014)

Improved sample reports that ship for the call quality fields.
Added first version of Browse Devices and Device Detail drilldown.
Fixed a bug in the charting view where if a user saved a report here it
would not run correctly later when run from manager or from the app menu.
country code, area code, exchange and geographical location now appear as
core fields in the reporting interface.
Homepage fields and sample reports table rewritten to workaround rendering
problems seen on some customer installs.
Ongoing improvements and additions to sample reports listed on home page.

Version 3.1.5 (April 2^nd, 2014)

Patched a problem in the underlying Splunk search language whereby certain
fields like ‘duration’ would sometimes disappear from the fields pulldowns
on Splunk 6.
fixed our field seconds_until_answered so it can never come out negative.
Found and fixed some mistakes in some of our sample reports.
Added new fields cause and cause_description that will be whichever
of origCause and destCause is nonzero. Thus cause_description is the
overall termination error for the call, regardless of which side ended it.
Added a “duration_in_minutes” field.

Version 3.1.4 (March 31^st, 2014)

Added a new setup page that talks about the need to create a script
that periodically deletes files older than 3 days from the monitored
directory.
Added a check to the Data Health Checks page that looks for significant
indexing lag.
Fixed a regression in the Browse Phone Numbers page where numbers entered
into the “number” field would not filter the results.

Version 3.1.3 (March 20 2014)

Fixed a bug whereby phones making outbound calls through sip
trunks would get misinterpreted as gateways.
Fixed a recent bug where CMR fields had stopped appearing in
the list of fields in the Report Builder.

Version 3.1.2 (March 19 2014)

Added call-type and gateway pulldowns to the Busy Hour Calculator
Added a “per gateway” mode to the Busy Hour Calculator
Renamed Gateway Utilization page to “Call Concurrency and Gateway
Utilization”
Added a type pulldown to Gateway Utilization report thus allowing
the report to be run on any combination of incoming/outgoing/internal
or tandem calls.
Added a multiselect pulldown to Gateway Utilization report allowing the
report to be run over specific gateways when relevant.

Version 3.1.1 (February 17 2014)

Added a simple Busy Hour Calculator page where you specify a timerange
and it gives you the BHT in Erlangs.
Improved design and behavior around the “See calls” link in reports.
Fixed app icon display problems in Splunk 6
Version 3.1 (February 11, 2014)
Added a concurrency reporting interface, that you can use to analyze
concurrent inbound calls and outbound calls split by gateway.
Fixed a bug in the system that generates AutoHeader field extraction rules
where FIELDS and DELIMS keys would be outputted in lowercase.
Fixed a bug in the homepage report gallery where complex reports whose
search language involved quote characters would not run properly.
Added a new calculated field called “seconds_until_answered”. This field is
defined only for calls where call_answerable=1 and call_answered=1
Added 2 new calculated fields hour_of_day and day_of_week.
Fixed a bug where the selected cluster wasn’t passed if you drilled down
on a table row in the Report page.
Added international country code, areacode, and exchange fields to the
Example Report table on the homepage.
Added a “call type” pulldown to the browse and report pages that allows
you to easily restrict to just incoming/outgoing and internal calls.
Added a “See calls” link to the report page that allows you to go from
filtering and reporting and drilling down in the Report page, to quickly
browsing and investigating the underlying space of calls.

Version 3.0 (November 8^th 2013)

Added a new view “Browse Phone Numbers”, by which you can browse phone
numbers of inbound callers as well as internal Extensions and DN’s.
Added a new wizard and new sourcetype configurations to not only allow
out of the box indexing with Splunk forwarding and distributed search,
but to set indexing properties through a wizard UI.
Added lots of error detection to streamline user experience around
common misconfigurations.
Added new fields to differentiate hardphones vs jabberphones vs softphones.
Added new fields to differentiate video calls from audio calls.
Added new field “type” to denote call type – incoming, outgoing, internal
and tandem.
Added first version of scripted lookup to parse country code, area code
and geographic locales, along with US lookups to zipcodes and lat/long

Version 2.4.2 (July 26 2013)

Fixed a bug in ‘browse gateways’ where the page was not incorporating any
terms the user might have typed into “misc search terms”

Version 2.4.1 (July 8 2013)

Improved gateway field extractions to extract dest_gateway and orig_gateway
fields for non-MGCP gateways. Added new fields called dest_mgcp_gateway
and orig_mgcp_gateway that are only populated when appropriate.
Added a new ‘gateway type’ Pulldown to the Browse Gateways page.

Version 2.4 (April 10 2013)

changed required Splunk version to 5.0
Updated report builder to use splunk’s new fieldsummary command, as this
very significantly improves performance in the reporting interface.
Added new gallery table discussing each field in the CDR and CMR data
along with docs and example reports for each.
reworked all varVQMetrics and gateway field extractions to happen
automatically so as to simplify the underlying search language.

Version 2.3.1 (March 26 2013)

fixed a bug in the reporting interface where you could not search for
fields values in CDR or CMR and then report on fields from the other.

Version 2.3 (March 8 2013)

added “get_gateway_fields” macro
added Browse Gateways page
added Gateway Detail page
added MLQK and other advanced quality metrics as field options in reports.
made MLQK and other advanced quality metrics available in call_detail view.

Version 2.2.2 (December 4 2012)

Switched to Table module so as to allow hiding the clusterId/callManagerId/
CallID fields on all detail tables.
Fixed a bug where the UI would sometimes ignore Extensions entered in forms.
Added duration to the default field list on detail tables.
Added ability to tab between table and chart and both in report view.
Greatly improved the time to render the fields pulldowns in report view.

Version 2.2.1 (November 1 2012)

Improved the initial install experience to transparently create the groups
and clusters lookup when they are initially absent.

Version 2.2 (October 30 2012)

Completely reworked the setup flow and the installation process.
Updated the app to workaround issues in Splunk 5.0 around saved search names
in “@go” URLs. This app now requires at least Sideview Utils 2.2.4.
See release notes for Sideview Utils 2.2.4.

Version 2.1.1 (September 28 2012)

fixed a bug in the report view where if you used one of the IpAddr fields
as your x‑axis but didn’t use one as your split-by, you’d get an error.
improved the report view so that changing charting properties doesn’t rerun
your entire report.
Fixed ‘Call Detail’ and ‘Phone Number Detail’ views so that if users happen
to go to them directly from the menu, there is a message prompting them to
enter a CallID or Extension as appropriate.
added print button to the browse sessions view.
improved print output (only if you’re on Sideview Utils 2.0.10 and up).
removed ‘globalCallID_CallID’ from the field list because more often than
not the reports around it are confusing, and the default ‘CallID’ field is
a better field to use anyway.

Version 2.1

fixed a bug in the automatic error-detection that was detecting
misconfigured field extractions. (The logic was right, but the link it
gave you to export the csv was slightly wrong.)
added ‘see search syntax’ links to the browse view.
Updated some Pulldown params that were using older legacy param names.
Added new export, print, info functionality to browse and report views.
added better ‘save search’ functionality to browse and report views.
added ‘create dashboard’ and ‘create alert’ functionality to report view.
User interface improvements to the chart view.
Reorganized saved report and saved dashboard menus.
Removed the ‘contact us’ form.
Improved drilldown behavior in the Report Builder.

Version 2.0.1

fixed a bug where the originalCalledPartyNumber(s) did not display correctly
on the call_detail page.
fixed a bug where the other calls to/from the recipients would not always
highlight correctly.
Added a ‘sort by’ field to the report interface. It shows up only when
you’re running a non-timechart report with no split-by.
Fixed a bug in the charting view where the chart would always be visible.
Changed the MLQK example links from the homepage to go to the charting
view to be less confusing.
added the save/play/pause/finalize controls to the charting view.

Version 2.0 (May 02, 2012)

fixed a bug in some views where if you used the form fields to filter by
Extension, the filter would not be applied properly.
Fixed a bug where from the ‘browse’ view you had a menu option to save the
current report, but it didn’t work properly.
General improvements to pivoting and redirecting cleanup of the code now
that we have Sideview Utils 2.0 underneath.
Fixed a bug in the ip address conversion where IP’s whose last quad was less
than 10 didn’t get converted properly.
interaction improvements to all views.

Version 1.2.2 (Feb 17, 2012)

Had to fix a mistake in how the setup screens redirected you through the flow.

Version 1.2.1 (Feb 15, 2012)

The installation docs have been completely rewritten, *very* significantly
expanded, and mostly moved to our website. See for yourself at
https://sideviewapps.com/apps/… While the in-app
documentation has also been completely updated, it largely directs the
user to the website documentation.

Version 1.2 (Feb 02, 2012)

significant changes and rewrites to fix bugs and issues with Splunk 4.3.
significant changes and rewrites based on more search language performance
testing at high data volumes.
lots of improvements and minor bugfixes to the custom reporting view.
new simpler more usable homepage
customers can now specify a custom index during app setup.
fixed various bugs in the call_detail view, in cases where there was more
than one finalCalledPartyNumber
fixed a bug where you couldn’t actually run any reports if clusterId or
callManagerId was specified as a field.
added a cluster lookup, related wizard page to regenerate it from indexed
data, and filtering pulldowns in Browse and Report views
Fixed a bug where the automatic redirect to the qos threshold page wouldn’t
work properly.
Added a JobStatus module to both Browse and Report views, so customers can
now pause and cancel searches inline.
Added save controls to the Browse page, so it effectively becomes a “simple
call report”, operating on just the CDR data.

Version 1.1 (Jan 27, 2012)

major rewrite of browse and report views, including major changes to search
language used in macros. These changes were to workaround serious performance
problems seen in larger data sets. – added a ‘call legs’ section to the
call_detail view. – fixed a bug where the app would not warn the user
correctly when the Sideview Utils app was not installed – fixed a bug around
IP address conversions. – numerous other small fixes and improvements.

Version 1.0.9 (Nov 30, 2011)

Added functionality around a lookup that adds group names and user names into
the records. Incorporated guided setup around this feature into the existing
setup wizard. Note that this can also be used to generate reports about *all*
Extensions regardless of activity. I only added a hint about this to the app
itself, but once you get the hang of it it’s quite straightforward.

Version 1.0.8 (Oct 25, 2011)

CallManager CDR and CMR data has several fields which are IP Address values,
however it encodes these values as integers. The app now has functionality to
automatically convert the integers back into IP Addresses. Specifically, when
you use any of the ip address fields in reports, as either the ‘split-by’
field or as the x‑axis field, it will correctly display the values as IP
addresses. Also on the call_detail view, when those fields are displayed in
the rightmost panel they will appear as IP addresses now.

Version 1.0.7 (Oct 20, 2011)

added a new lookup for video codec types,
fixed a bug in “browse” and “report” views where the search filter would not
filter overall calls, but individual CDR and CMR rows. The filtered results
will make a lot more sense now to end-users.
added a new field called ‘call_connected’, which is True or False or null.
The value is derived by looking at the overall call release cause codes.
(null represents records where no call was attempted)
made a new field called callID that is the callID plus the callManagerId,
separated by a “.”
the report view’s main reporting pulldown now defaults to ‘distinct calls’
instead of dumping the user at ‘distinct count of authorizationLevel’ and
hoping they figure it out.
The flow around the contact form has been slightly improved.
added back-button and forward-button support to the “browse” view.
re-running guided setup will no longer force you to contact sideview a second time.
Upped required version of Sideview Utils to pick up other bugfixes.

Version 1.0.6 (Sep 28, 2011)

The app now includes a view for Quality of Service reporting, and the app
has a setup screen offering configurable thresholds for QoS by
numberOfPacketsLost, jitter and latency. Also the functionality whereby the
appname and app version was sent to sideviewapps.com has been completely
removed in this version. Instead during the initial app setup screens you
are asked to send us your name and a brief note.

Version 1.0.5 (Sep 19, 2011)

Fixed a problem where the reports could be misleading when you imported data
from more than one CallManager
Added initial version of a scripted lookup that will enable new
Quality-of-service reporting features. (docs and user interface will come
soon. Email me if you want to try it out now)
Rewrote and reworked the guided setup copy.

Version 1.0.4 (Sep 02, 2011)

fixed a bug on call_detail where as soon as you drilled down to any other
call you’d only see results from a single second. The call_detail view is
much more usable and interesting now.
Added ‘see search syntax’ links in various places so customers can see
how the real searches work.
Made those links take you to a new custom view that is a little more
comfortable than splunk’s normal ‘advanced charting view’.
added lookups for call release cause codes, as well as redirect reason codes.
Now those descriptions are automatically created as fields for each call.
Fixed a bug where changing some TimeRangePickers would not do anything.
Improved the error detection to not flag configurations where trivial
off-hook calls generate CDR’s.

Release Notes

Release Notes (AXL)

Release Notes

Release Notes

Related

Release Notes (AXL)

Release Notes