Cisco CDR Reporting & Analytics | Installation Notes
If you have Splunk admins, make friends with them if you haven’t already. They can probably do this in their sleep. Even if it’s just you, these steps should only take a couple of minutes.
If you or your Splunk admins have a preferred way of creating indexes, just do that and get an index called “cisco_cdr”. If you do not, follow the instructions below.
Once the index is created, continue installing the two Sideview apps. You don’t need to be a Splunk expert to do this.
Note : If Browse More Apps does not work, for instance, because you are on an air-gapped network or if Splunkbase integration is disabled. That’s fine. Just go to the Splunkbase page for Canary and download it as a a .tgz file, then do the same for Cisco CDR Reporting and Analytics. Assuming your account is a Splunk admin, you can install them by going to the Manage Apps page and clicking Install App From File.
Note : If instead of Install it says View on Splunkbase, this means your Splunk user account does not have the ability to install new apps. Engage the help of your local Splunk admin team.
Note : If you’re using Splunk Cloud and it says you cannot install our apps, contact us, because something is wrong. Our apps are approved for Splunk Cloud, so we will investigate and reach out to the Cloud folks and get you going.
If you used a custom index name intead of “cisco_cdr”, you’ll need to go to Splunk’s Settings menu > Advanced Search > Search macros. Find the macro named “custom_index” and edit it to reflect your index name.
You should now have both the Canary and Cisco CDR Reporting and Analytics apps installed. Don’t worry that the Cisco CDR landing page complains that you have no data yet, the next step is to enable the data collection system.
There are many ways to deploy, configure and update the Splunk Universal Forwarder. Here we cover a variety of the more advanced ways to handle updating the TA for Cisco CDR Reporting and Analytics.