First, you need to enable the AXL SOAP interface in CUCM
It may be enabled already but it is easy to check and easy to do.
Go to Unified Serviceability in CUCM. Select Tools > Service Activation from the menu.
Check the “Cisco AXL Web Service” if it is unchecked and submit.
next we’ll need a user with the right access control to use AXL (or for larger deployments, one user per CUCM Publisher)
- In CUCM Administration, go to “User Management > User Settings > Role” and Add a new role called “AXL Service User”
(Note in some older versions the “User Settings” submenu isn’t there and these options are right under User Management).
Give the role access to the AXL Service.
- Now create an “Access Control Group” (or in some older versions an “Access Group”).
Go to User Management > User Settings > Access Control Groups, and add a new one called “AXL Service Access Control” (or whatever you like really)
After you create it you’ll notice an exclamation point icon in the “roles” column. Click that and it will lead to a page where you can associate the Role you created, with the Access Control Group.
- Now you can create an application User, and assign them this group/role appropriately.
Next we will install the SA_cisco_cdr_axl app if you haven’t already.
- Log into Splunk
- get to the “Manage Apps” page – either using the Apps menu at the top left of most pages in Splunk, or by going back to the “Launcher” app and clicking manage apps at the bottom left.
- Search for Cisco AXL and you’ll see our app. You should be able to just click “Install” and it will prompt you to restart Splunk after. If you see the app from that page but you dont seem to be able to Install it, please contact us.
- ALTERNATIVE: If your Splunk admins have locked down your instance such that it can’t talk to Splunkbase, then you can download the tar.gz direct from Splunkbase, save it locally. Then in that same “Manage Apps” page you’ll see an “Install App From File” button. Click that and follow the prompts.
- You will also need to install the wsdl file as well as two other crucial files from Cisco that our app needs to connect to the service. You can follow the instructions here: https://developer.cisco.com/docs/axl/#!download-the-axl-wsdl
And the files should be placed in the “bin” subdirectory of the SA_cisco_cdr_axl app.
Next we will enter the same credentials into the AXL App
Navigate in the app’s navigation menu to “Enter Credentials”. Enter the publisher host, the port (generally 8443) and the username and password for our AXL user. Submit the form.
Run a search to test whether you’re up and running
From the AXL app within Splunk, click “Search” from the app navigation. Now run this search:
| ciscoaxl listPhone name="SEP%" columns="name,description"
| eval src_mac=substr(name,4,2)+":"+substr(name,6,2)+":"+substr(name,8,2)+":"+substr(name,10,2)+":"+substr(name,12,2)+":"+substr(name,14,2)
It may take a minute to complete, but it should return a full list of all of your hardphones. NOTE IF YOUR CUCM DEPLOYMENT IS ENORMOUS you may want to test by changing “SEP%” to a more narrowly defined prefix of mac addresses.
Setting up the actual alert to populate your Devices lookup over in the Cisco CDR app.
At this point it is actually best to contact us still. HOWEVER over in the cisco_cdr app you might notice that there’s a macro you might never have noticed that you call like this:
That will generate a massive list of all possible device names from your entire CUCM deployment. The general idea is that the rows coming out of that big search, can be written into the devices.csv lookup verbatim, and you can schedule such a search to run every night to regenerate the list from scratch.
If you have any comments at all about the documentation, please send it in to firstname.lastname@example.org.