Creating New Device Types

The setup

We provide a reasonable coverage of device types, but we can’t know them all. Did you know that you can edit existing names or add new ones?

Let’s jump right into an example of creating a new device type.

First Step – Find your devices

Suppose you have a situation where there are some Alpine Horns that you have connected to CallManager. (I’ll bet you can hear me now!)

Also suppose they are all showing up with a device name that starts with AN.

Unfortunately, they do not show up with a dest_​device_​type of ​“alpenhorn.” Whatever are we to do?

(Note, please see the disclaimers at the end of this blog entry!)

Second step – Create a new field transformation

Our first task is to create the field transformation.

1. Click Settings -> fields -> field transformations
2. Search for device to make it easier to find our existing device transforms
3. Let’s pick cisco-cdr-destjabberphone as our sample to clone to our new one
   • So find that line, and click Clone on the right.
4. Give it a good name
   • I’d recommend sticking with a naming convention not too far from our own to keep it consistent
   • cisco-cdr-custom-dest-alphorn
5. Leave the type as regex-based
6. Adjust the regular expression to match your new string
   • You can see that it’s currently ^(CSF\w+), which matches items like CSFblahblah123blah
   • Change it to ^(AN\w+) so that it will match items like ANblahblah123blah
7. Adjust the format to be the new name you want
   • Again, if you followed along precisely, it should already say destJabberDevice::$1 dest_device_type::jabber
   • That sets TWO fields. destJabberDevice is set to the entire original name ($1). dest_device_type is set to the string jabber
   • Change only the second to dest_device_type::alpenhorn
   • Also note if you just HAVE to use spaces, surround it with quotes. But please don’t do this, it’ll work better with underscores!
8. Leave the source key alone.
9. Compare the screenshot just below, and if it looks OK, click Save.

When finished, you’ll have something like this:

After that you should have a new field transform called cisco-cdr-custom-dest-alphorn. Find it and, in order to let everyone partake of alphorn naming goodness, change it’s permissions so everyone who is using the CDR app can read it:

• Click Permissions
• Change it to shared in ​“This app only (cisco_​cdr)”
• Give everyone read permission
• Click Save.

Special note

You will very, very likely want to repeat the above steps, starting with cisco-cdr-origjabberphone, to make the originating side transform, too!

Third step – Create a new field extraction

Now that we have the transform, we can assign it to where we need it to be seen by creating an extraction that references that transform.

• Click settings -> fields -> field extractions
• Click Add New
• Name it cisco-cdr-custom-dest-alphorn
• Set the Apply To to a sourcetype of cucm_​cdr
  • This tells Splunk to apply this to anything of that sourcetype
• Change the type to Uses transform
• Paste into the Extraction/​Transform the name of the transform we created earlier (which we keep using the same name, so this is easy)
  • cisco-cdr-custom-dest-alphorn
• Confirm it looks like the screenshot below, then click Save.

The result:

After that you should have a new field extraction called cucm_​cdr : REPORT-cisco-cdr-custom-dest-alphorn. When you find it we need to fix permissions again, much like the last time

• Click Permissions
• Change it to shared in ​“This app only (cisco_​cdr)”
• Give everyone read permission
• Click Save.

Special note

You will very, very likely want to repeat the above steps and create a cisco-cdr-custom-orig-alphorn to make the originating side transform, too!

Test, and enjoy the alphorns!

Disclaimer ….

I am pretty sure that Alpine Horns are NOT registered under Cisco CallManager as devices that start with ​“AN”, so you should only take this as an example, not as truth.

Also note that I cannot find a canonical way to spell Alphorn/​Alpenhorn/​Alpine Horn so I mixed it up a little to be inclusive!