or, launch the video on Youtube

Full Transcript

Hi. I’m Nick at Sideview and this is the Getting Started Tutorial for Sideview’s Splunk app, “Cisco CDR Reporting and Analytics”.

Let’s jump right in and assume you know something about the app already. You may have even downloaded the free 90-day trial and spent the 15 or so minutes to set it up and install it and everything.

At a high level there are two main sides to the app, the “Browse” side, and the “Report” side.
Under Browse the main page is “Browse calls” and under “Report” the main page is called “General Report”.
Bear in mind that under both sides you can definitely create things that look like “reports”, and things that look like “dashboards”, so the difference is maybe more subtle than it sounds. This video is going to stick to that distinction between Browse and Report, and to talk about these two pages since they’re really the core of this app.

So let’s leave the homepage for now and go right to “Browse > Calls”.

Browse Calls and Simple Call Reports

You’ll see a lot of form fields up at the top but let’s ignore these for now. By default this is just showing us the most recent calls that have terminated. The table is showing a few columns by default. Let’s add a couple more columns and maybe take away these gateway columns. To do that we click the “Edit Fields” button over on the right.

Callmanager has a huge number of fields in the CDR and the CMR and the app adds even more bringing the total number up to about 200. This is one of the things that makes Callmanager CDR, so much fun.
You can scroll the left panel up and down here and you can see I’m not kidding. There’s quite a lot.

You can hunt in here for the fields you want, but I’m going to use a trick and actually type in the first few letters of the fields I’m looking for.

By the way there’s a big table on the homepage of all the fields. You may have noticed that and if you’re browsing for a field in a particular area but you don’t remember the exact name, you can find it there.

I know I’m looking for the MOS score, which here is called MLQK in Callmanager CDR. And also I’m going to get the quality field, which is a field the app adds that rolls up jitter, packet loss and latency, i’m also going to grab the “to” field which is a rollup of all the location information we can grab, either by parsing the DN to get things like area code, or by looking up the IP address in our sites lookup. And I’m also going to grab one more thing, callingPartyAreaCode.

You can see if I just type in “callingParty”, even for that one prefix there’s quite a lot of different fields

You can also remove fields from the right hand side by clicking on them. I’m going to click these gateway fields and make them go away.

Last but not least you can actually reorder the fields. I’m going to drag the callingPartyAreaCode field up to put it just under callingPartyNumber.

OK. Click the green “Save” button to apply our changes.

OK. Ignore the fact for now that MLQK seems to be blank for some of my calls. It’s not blank for all of them. This is actually an idiosyncracy of our test data.

So now let’s look at the text boxes and pulldowns up top.
Let’s enter an extension into the “number/ext” textfield. I’m actualy going to enter a wildcarded number here. Let’s also enter a second wildcarded number. You can enter any number of numbers or extensions here, comma-separated, wildcarded or not.

And I’m going to change the “call types” pulldown to show just incoming calls.

and I’m going to put “MLQK>0” here. This will narrow this down to calls that have some quality information, and that have a MOS score greater than zero.

Just a note. When you’re using the product and you have a point like this where you’ve entered a few filtering arguments. You may actually get zero calls shown, or at any rate fewer calls than you think should be shown. If that ever happens or when it happens, note that this pulldown here is by default set to “count only the 1000 most recent matching records”. And to make a long story short sometimes combinations of filtering here require you to jump this up to “all records. ” Notice also that this header here is saying “at least 135 calls”, which is sort of strange. That’s coupled together. If I were to set this to “all records”, it would get us a definitive number.

Try not to worry too much about getting definitive numbers here, because it makes this interface very slow, and that’s not really what this interface is for. That’s more what the general report interface is for, you know- getting definitive, hard, pretty charts.

Viewing Full Call Details

OK let’s click one of these calls just by clicking the row. You can see they highlight when I mouse over them. So let’s take this one, with the transfer.
This takes me to the Call Detail page. Note that the Call Detail page itself has two field pickers that you can play with if you want to see different fields. This field picker here controls these 8 fields. Very quickly I’ll just throw some completely random fields in here.
You can see if you have more than 10 it pages them. This can be useful. You can tweak this if you’re doing a particular kind of call investigation or if you’re interested in a particular subset of fields on a particular day or week.
Likewise this other field picker controls the columns that are displayed for these raw call legs.

Note that a lot of these things are links. You may have noticed earlier that under Browse, there’s a lot of other things you can Browse. Devices, Phone Numbers, Gateways, Sites. For each one of these there is a corresponding Detail view. So you can sort of imagine that if I click this it’s going to take us to Device Detail, as I’m mousing over these Originating Device, Destination Device links. Likewise over here on these DN’s, this is going to take us to Phone Number detail.

Anyway, there’s other information on Call Detail. Other calls to and from the calling parties, other calls to and from the called-parties. You can click these and thus sort of walk the network of calls if you’re doing extended troubleshooting.

And last but not least at the bottom, all call quality information that we have is dumped out into this table here.

Note that in these “Detail” pages there’s always a breadcrumb in the top left. You can of course jump back to “Browse Calls” using the main navigation bar and that’s how we got to it in the first place, but if you use that breadcrumb link to get back, it’s going to actually preserve those filtering arguments we were just using and that’s a very good thing.

So let’s click the “Browse” link in the breadcrumb now.

Note that all our pulldowns are set the way we had them.

Reporting

OK. That was a quick tour of the “Browse” side. Let’s check out the reporting side. To get to the reporting side you actually should almost never just click “General Report” here in the nav. The easiest way to get there is to click this hidden little blue link called “graph calls over time”.

This is going to essentially kick us sideways over from Browse Calls and into Report.
But it’s going to preserve all these arguments that we were using. It’ll preserve our timerange, whatever we were doing, it doesn’t matter.

What we’re looking at here is basically, it has given us a column chart of call counts over time for those same calls that we were just looking at.

Now there are even more form fields up top but notice that the top half of those fields are the same fields we were just looking at in Browse Calls. And Note that all the filtering values came across with us.

Now look below at the second half of the form elements.
This is sort of talking in the english language about what we’re charting. It says chart the “distinct count of” “calls” “over time” split by, and then it says “none”.

We can change these to anything we want! And that’s sort of the beauty and the terror of the General Report interface because…. what do i want to change them to? I don’t know. It takes a while to get sort of comfortable in here.

Let’s first change it to something easy. Let’s change it from “chart the distinct count of calls over time” to “sum duration over time.
You can see here in this first pulldown I have sum, average, max, min, 95th percentile. Let’s change it to Sum. And the app is somewhat smart, it knows that I couldn’t sum the thing that was selected before so it changed me over to duration. You can see it has actually greyed out the fields that it knows cannot be “summed” and it has left only the things that are numeric.
Hey duration is actually the thing I wanted to do. Note there’s another field called “duration_in_minutes” but the main duration field is in seconds.

Let’s change the “split by” pulldown from saying “none” to saying “callingPartyCity”.

These pulldowns contain a huge number of fields by the way so much like I used a shortcut in the field pickers, note that I can open the pulldown and then just type the first few characters and it’ll jump to the right value.

Let’s also change the “Stack mode” pulldown just above the chart, to say “Stacked”.
That’s stacked, that’s unstacked.

So this is showing us the same total call minutes report over time, split by the city that the call is coming in from.

Creating, Saving, Sharing, And Scheduling Reports And Dashboards

Now let’s talk about saving and creating reports and dashboards. You may have noticed these Save and Create buttons. There’s a pair of them over in the Browse side and a pair of them here.
Let’s click the big green “Create” button and we’ll do “Create Dashboard Panel”. We have to give 3 things a name – the “Search”, the “Dashboard” and also the “Dashboard Panel”.
and that’s the minimum. I’ll leave these at their defaults, to share with all other users. You can change these and tweak this to share the dashboard with only certain subsets of users, but that’s an advanced topic.

I can also add this panel to an existing dashboard and not create a new dashboard.

You can run it as a scheduled search and I’d have a few more tihngs to do, but I’m not going to do that.

So now we have created a dashboard! Tada!
You can see that there’s a bit of an idiosyncracy, a bug, a problem, a mistake. Where it turns off our stack mode. So you have to know this little trick. You have to click this little paintbrush icon and come in here and reclick “stack mode”. A couple other things are like that so you just sort of have to learn the Splunk dashboard editor system here as well as our report builder. You can add a second, third dashboard panel etc. You can drag it around. There’s nowhere else to put it now, because there’s only one panel here, but you get the idea. So I’m going to go back and, we did it.

Endless Drilldown

OK. Let’s play with this report a little more. Now that we’ve saved it and shared it and done something cool with it. As you can see we can mouse over the cities in the chart Legend. Let’s actually click one and I’m going to click “Toronto”. We can click one of these bars here, and it would zoom into that particular time and to the Toronto calls, or I can click the legend item and it’s just going to narrow down to the toronto part.

When you click anything in this interface, it’s going to do what it did here. It’s going to keep you in the reporting page. It’s going to figure out what combination fo arguments it needs to add to what combination of fields, and then it’s going to dump you back into
figure out how to adjust the filtering to zoom in on those calls, and then give you that call volume report for those calls. This is a little confusing the first time you do it but after a while you realize it’s helping you keep on doing this. You can keep on carving up this data and slicing things and drilling down.

Flipping Back To See The Calls

Last but not least, we’re going to flip this back from Report back over to the “Browse” side. remember we got from Browse over to report by clicking a link here that said “graph calls over time”. Now that we’re on the reporting side that same position has another link that says “see calls”. This in turn is your little escape hatch to switch sideways back over to browse calls, and its going preserve all those arguments you picked up in the top half. So while we were here we picked up this callingPartyCity=”Toronto” term. So I click “See calls”.

This is what I was saying before – you’re really free to flip back and forth, doing kind of ad hoc call investigations or simple call reports in Browse, and doing high level utilization reports or sanity checks over on the reporting side. You can flip back and forth between these two modes very easily and in fact that’s really a very powerful way to use the app.
So if you see something that doesn’t make sense and you’re not sure if it’s really in the data or if it’s something you don’t understand about the fields, click it! drill in! figure out what it is. This is a tool you really drive forward.

That’s it for Getting Started. There’s lots of stuff we did NOT get to, like how to setup call reports for inbound/outbound calls for different departments, for office locations etc, how to troubleshoot and report on complex call flow issues, transfer issues, how to get the app to recognize your office locations and report on those, how to run reports and alerts on 911 calls, charting and analyzing call concurrency, gateway utilization and circuit usage… site to site concurrency for internal calls, busy hour calculations, erlangs. intraday usage patterns, international calls, it just goes on and on.

This is a very “long tail” product and we fill the gaps by being able to do…. really almost any report you can imagine, that another call accounting package might not have thought of ahead of time.

I hope you’ve enjoyed this, and please watch our other videos! Have a nice day.

If you have any comments at all about the documentation, please send it in to docs@sideviewapps.com.