Install Step 2, Sideview Apps

Create a new index in Splunk called ​“cisco_​cdr”

If you or your Splunk admins have a preferred way of creating indexes, just do that and get an index called ​“cisco_​cdr”. If you do not, follow the instructions below.

• Log into your Splunk instance.
• Click Settings at the top and then Indexes.
• Click the green button at the top right that says New Index.
• Provide a name. We suggest ​“cisco_​cdr”.
  NOTE: If you pick something else, make a note of it because this will come up later in these docs.
  
• In most cases, leave the other defaults alone. Change these only if you really know what you are doing (advanced folks might refer to our sizing page).
• Click Save.

Install the two required Sideview Apps

Once the index is created, continue installing the two Sideview apps. You don’t need to be a Splunk expert to do this.

• Log into Splunk. You will see Apps on the left-hand side. Click the gear icon next to that, to go to the Manage Apps page.
• Then click the Browse More Apps button. [1]
• Use the textbox in the top left to search for Canary, and when you see Sideview’s Canary app it should have a button next to it saying Install. [2]
• Click the Install button. [3]
• Next, do the same to find our Cisco CDR Reporting and Analytics app, and click Install again.
• If it asks you to restart Splunk, do so.

Note [1]: If Browse More Apps does not work, for instance, because you are on an air-gapped network or if Splunkbase integration is disabled. That’s fine. Just go to the Splunkbase page for Canary and download it as a a .tgz file, then do the same for Cisco CDR Reporting and Analytics. Assuming your account is a Splunk admin, you can install them by going to the Manage Apps page and clicking Install App From File.

Note [2]: If instead of Install it says View on Splunkbase, this means your Splunk user account does not have the ability to install new apps. Engage the help of your local Splunk admin team.

Note [3]: If you’re using Splunk Cloud and it says you cannot install our apps, contact us, because something is wrong. Our apps are approved for Splunk Cloud, so we will investigate and reach out to the Cloud folks and get you going.

If you used a custom index name

If you used a custom index name intead of ​“cisco_​cdr”, you’ll need to go to Splunk’s Settings menu > Advanced Search > Search macros. Find the macro named ​“custom_​index” and edit it to reflect your index name.

Get a trial license for the app

• Enter your email address and accept the trial license agreement on this page, and a free 90-day trial license string is emailed to you.
• To install that license, use the Apps list to navigate to the Cisco CDR Reporting and Analytics app and then go to Setup > Update License in the navigation. When that page loads paste in your license string and hit return.

You should now have both the Canary and Cisco CDR Reporting and Analytics apps installed. Don’t worry that the Cisco CDR landing page complains that you have no data yet, the next step is to enable the data collection system.