Create Custom Device Types

Disclaimers

• If your version of Cisco CDR is less than 7.7.1, first update to the latest version available on Splunkbase. 
  
• Your Splunk user account will need to be either in the ​“admin” role, OR you’ll have to ask your Splunk admins for a quick favor — they’ll have to give your particular role permission to write to the Cisco CDR app. (they should know what that sentence means even if you don’t).
  
• Lastly, to get the most out of this feature, you may have to learn a little about ​“regular expressions”.

What are Device Types?

The Cisco CDR app can automatically infer ​“device type” field values on each call leg, based on the device names. Many of these are defined in the app by default. EG: device names with an ​“SEP” prefix followed by a mac address are assigned a device type of ​“hardphone”.

You can also use a simple interface within the app itself to add your own custom device types. The benefits of this are a little surprising! Certainly the ability to define custom device types can be useful in and of itself for filtering. However setting one of these rules will also force the app to treat everything on that side as ​“internal”. This doesn’t mean just the devices but also party numbers, names and other extracted fields. Even on call legs where CUCM is certain that those devices are trunks or gateways and thus ​“outside”.

Quickly check if you’re having this problem

To see if you’re having this class of problem, navigate in the app to ​“Investigate Gateways/​Trunks”. Do you see devices listed there that you don’t think of as trunks or gateways and that don’t even feel like ​“outside” devices at all? If so then they represent a good custom device type to try adding.

How to try it out

1. Navigate in the app to ​“App Settings > Device Types”.
2. Click the ​“Add/​Edit Device Types” tab.
3. Note the existing ​“default device types” — you can use their regular expressions as references.
   
4. click ​“Add new”.
5. In the ​“device type” field enter the device name — perhaps ​“fax_​machine”
6. In the ​“regex” field enter a regular expression that will match the given device names. eg: “^(Fax\S+)” will catch all devices that have ​“Fax” as their first three characters.
7. Return to Investigate Calls and note that the ​“type” on those call legs has now changed.