NOTE: The video forgets to mention that all of this work is done at Search time, meaning you don’t have to get it all perfect as the data is indexed, and it’s no problem to add and edit and improve this day by day.
Hi. I’m Nick at Sideview and this is a quick overview video of our “Sites and Groups” features for our Splunk app product, “Cisco CDR Reporting and Analytics”.
So, this video assumes that you’re familiar with our product. That probably you know how to set it up, and you’re looking to do something a little more sophisticated, around Locations and Users and Groups.
You may have noticed under the setup menu, there’s an item for “Define Sites” as well as an item for “Define Groups”. So I’m going to talk about what those mean, why you should set them up, how you would set them up. First of all, what do they mean.
Sites is really a part of our “Location Fields”. Let me quickly edit our fields. Put gateway away. We can use this link up here, to “reset fields to default plus location and quality”. And then I’m going to take the quality and the gateway fields away. Now we have “to” and “from”. I’m also going to put the word “site” up here in the keyword filter. You can see this brings us 3 fields, destSite, origSite, and site. I’m going to add all of these for now. Let’s take away cause_description, take away originalCalledPartyNumber. Let’s see what we get.
How the Sites Lookup Works
So, in cases where the app is able to actually parse out the DN, it’s able to extract country code, area code, and exchange. And you can see for this call here and this callingPartyNumber, it has figured out that this is a number in Novato California. And on other calls, let’s just randomly skip down to this call where the calling party number begins with the letter “b”. This as you may know is a bridge number. This is not something that the app can parse. There’s no DN here. But nonetheless it has figured out that this is from Houston. This is the Sites feature at work. When the DN parsing fails, it falls back to looking up the IP Address of that device in our Sites lookup. the Sites lookup is not just a big flat list of 8 million IP Addresses. It’s a list of subnets expressed in CIDR notation. This allows the app to use the DN parsing when it can, and fall it back to office location by subnet when it can’t. So you have a field for originating site called origSite here, a field for destination site, destSite, a field called “site” that just gives you the union of those two other fields, and then “from” and “to”.
Notice that origSite and destSite, they’re always populated. It may… for like gateway devices, be a little strange. And that’s why the Browse page really tries to use the best of both worlds and present those “from” and “to” fields.
Setting up the Sites Lookup
Let’s quickly show what the “define sites” page actually looks like. The Sites lookup is just a glorified CSV that has a number of fields in it. I’m going to just very quickly open it up. “subnet”, “location”, “lat” and “long”. You don’t have to use lat and long if you don’t feel like it. It’s there for future features, occasionally people will throw them in there. Subnet and location are the important ones. So you can use this UI as well. You can use this UI to upload an entirely new CSV locally, you can use this tab here to edit and delete sites you already have, you can use this tab here to add a new site. There’s also a little tab here called “Find sites to add”, this is just to make it easier to find ones you missed. And if you have questions about all this, hopefully they’re answered on this “About” tab.
So that, is it for Sites. Let’s go back and talk about Groups.
Let’s go back to the Browse Calls page. Groups is not a part of location, groups is really a part of “people” and “users” and “identities”. There are the “unicodeLoginUserId” fields in the core CDR. There is the callingPartyUnicodeLoginUserID field and then there’s the finalCalledPartyUnicodeLoginUserID field. Aside from having incredibly long field names, they’re not the most reliable fields. Depending on how your callmanager is set up, they may or may not be fully populated, or populated at all. So as you saw, there’s a “Setup Groups” entry under Setup. But let’s talk about what it means. So let’s take away our Site fields and our “from” and “to”, and let’s search for the word “Name” up here. You can see we have callingPartyName, finalCalledPartyName, and originalCalledPartyName. Let me add these. I’m also going to add in “group”. As you might guess, the groups lookup maps numbers to names, groups and subgroups. In my testdata here, I don’t have it fully populated. In production you would have it fully populated. So let’s fake it. Here I’ve searched for callingPartyNumber=* to ensure that I have at least some data.
How the Groups Lookup Works.
What this lookup does, is very simple. It’s again a big glorified CSV mapping numbers, both extensions AND DN’s, (so beware you might have to put the same person in there twice), mapping those to names, groups and subgroups. Here let’s get the callingParty fields together. And you get the picture, there’s ones for originalCalledParty and finalCalledParty as well…
So now that these fields exist, you can as you see, search for them up here. in your filtering fields. So I can do for example callingPartyGroup=”sales”. Is there sales? Let’s say support instead, I’m not sure if I created a sales group here in this data. And now I can click “graph calls over time” and kick myself off into the wide world of call reporting. I can look at utilization patterns for this group, I can look at whatever I want. Or I can simply enter a few more arguments in here and then create a search, create a dashboard panel, create an alert based on this right here.
Setting up the Groups Lookup
Last but not least, how do I set up the Groups lookup? Again it’s under “setup > Define Groups”. Unlike the Sites lookup however, this page just tells you how to make a giant CSV file. It does give you a link to the Lookup Updater over in “Sideview Utils”, and you can use that. But, typically this is a much larger lookup than the Sites lookup, and the means that our customers use to generate it, are usually a little more idiosyncratic. You might be able to export it from Callmanager, you might be able to get it from devicePool information, you might be able to get it from Active Directory. When in doubt, contact us, we can help. At the end of the day you’re just making a big lookup with “number”, “name”, “group” and “subgroup” and putting it in a certain place.
So thats it. That was our overview of Sites and Groups. I hope you enjoyed watching this, and please watch our other videos.
If you have any comments at all about the documentation, please send it in to email@example.com.