Cisco CDR Reporting & Analytics | Release Notes

Release Notes

Version 7.4 (May 16th2024)
  • Critical re-fixed a bug that we thought had been fixed in 7.2.1, where customers using Search Head Clustering would end up with incorrect fields in their devices lookup after updating the app and restarting.
  • Functionality In the Investigate Devices, Extensions, Gateways and Groups pages, the field picker is now updated to use the more sophisticated Edit Fields’ picker from Investigate Calls. Furthermore when reports and dashboard panels are created, the field list in use at the time is now saved into the report/​panel.
  • Functionality Investigate Devices, Extensions, Gateways and Sites pages now offer different contextual drilldown options when you click a given row. Instead of being taken to the detail view on all clicks, you can now choose between that detail view or other contextual drilldowns that bring you into other Investigate pages (using the row value as a filter on the results there).
  • Functionality When Create Dashboard Panel’ is used on any tabular results, now the resulting dashboard panel will also have a link below the table that the user can click to view the same results in the full view from which those results came.
  • Resolved a bug where calls whose total elapsed time exceeded a few hours might not get their later call legs rendered properly within the Call Detail view.
  • Fixed a bug where concurrency charts in the create new chart’ page would come out wrong if the search was filtering by any CMR fields.
  • Investigate devices, when both a) filtering by site, and also b) using include devices with zero calls’, will now show devices with zero calls, even though there is no site’ value for those devices at all. A warning is shown to the user when this occurs. 
  • Investigate devices, when both a) filtering by Cluster, and also b) using include devices with zero calls’, will now use the changes in 7.2 to correctly filter the zero-call devices by the selected cluster(s) as well. 

Version 7.3 (March 20th2024)

  • Functionality Investigate Devices and Device Detail pages now correctly handles device names that exist on more than one cluster. Likewise cluster’ and clusterId’ are optional fields and form elements as appropriate to those pages.
  • Functionality Restored the cancel” button (removed in 7.0). We have also however removed the print” button.
  • Fixed a bug in Investigate Devices where if your CDR ever had completely empty values for origDeviceName and destDeviceName the page would output an error Field deviceNumberUserTypeSite’ does not exist in the data.”
  • Removed 8.2+ style SPL comments which had crept into a few places, notably the settings” layer in the top right. This was causing problems for customers running older versions of Splunk (8.0.X and 8.1.X ).
  • Fixed a bug in Chart where if you already had the primary axis set to something other than time” and then you set the y‑axis to max” concurrency”, the primary axis would fail to reset to time” and you would get an error.
  • Investigate Extensions now has optional fields available for failed calls and also percent failed.
  • Added an optional macro customizable_​filter_​for_​deployment_​stats”. Customers can use this to more narrowly determine which calls from which devices get counted in the Your Deployment” section on the app’s landing page.
  • Added a device_​type extraction for Analog Telephone Adapter (ATA) devices.

Version 7.2.1 (February 19th2024)

  • Fixed a bug for customers who have multiple data types” loaded in the app. When a report was saved using save report”, the selected data_type(s) would not be saved correctly.
  • Fixed a problem that affected customers that use Search Head Clustering (SHC) when they updated from pre‑7.2. The bug was that the devices lookup would end up with incorrect fields loaded. This issue is fixed such that customers updating from pre‑7.2 to 7.2.1 or later will not be affected.
  • Fixed a bug for customers with multiple data_​types enabled, where dashboard panels would be created without the proper drilldown logic to set the data_​type pulldown in Investigate Calls back to the way it had been when the chart was saved..

Version 7.2 (January 31st2024)

  • Functionality The primary charts and tables on the Site Detail page now have Create dashboard panel” buttons on them, so users can easily create custom scheduled-pdf dashboards around calls to/​from particular physical locations.
  • Previously not only Investigate Calls but also Extensions, Devices and other views had functionality, where the search would pause and a resume” button would appear if any search took more than 10 seconds. This has been changed so that this functionality is now restricted to Investigate Calls.
  • The Set up data inputs” page, applicable only to standalone / single-instance deployments, has been reimplemented. This was mostly because the previous implementation used some Splunk features that are now deprecated.
  • Fixed a bug where if a user typed only an asterisk into the number’ field it would slow down the search greatly for no actual benefit.
  • Fixed a subtle bug around charts on dashboard panels. If you saved a chart with stackMode on but with no split by” field set, and then later during SimpleXML editing tried to turn on show data labels”, the presence of the stack mode key would make the labels render oddly. Now the stackMode key is only pushed to the panel if there is also a split by” field set.
  • The devices lookup now has 2 new fields: clusterId’ and lastUpdated’. The clusterId field allows the lookup to work properly for customers who have the same device name on multiple publishers. The lastUpdated field helps us manager things when customers of the AXL app have different publishers updating on different schedules. Admin Note: On restart the app will automatically run its own migration to add both missing columns to the SH’s devices lookup.

Version 7.1 (December 14th2023)

  • Functionality Along with changes in Canary 1.7, the Cisco CDR app now supports dark mode.
  • Investigate Extensions, Investigate Groups and Investigate Gateways pages now have optional fields to list total/​incoming/​outgoing/​tandem duration in minutes (as opposed to values like 08:53:44”).
  • Fixed a bug around dashboards created with our create dashboard panel” app. The app would add an XML declaration when creating new dashboards and this would work fine. However it would then trigger a bug in Splunk’s SimpleXML Editor later, where the editor would add an encoding attribute to the declaration and this attribute would cause the dashboard-level dark mode’ to never work for that dashboard.
  • Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code etc for all phone numbers worldwide.
  • Pulled new NANPA data into the npa-nxx-lata-clli-ocn-location.csv” lookup.

Version 7.0 (November 9th2023)

  • Functionality The investigate calls” page and the Chart” pages are now integrated into a single interface. Switching between these two modes is now using a more intuitive tab control. Furthermore switching between is now much faster and much more of the UI state will be preserved and jobs reused.
  • Functionality There is a new system whereby Supporting Addons can define a data type” in a conf file that essentially adds support for another telephony product or PBX, and then those records will be usable, at a minimum within Investigate Calls and Chart.
  • Functionality Action menus on field values in Investigate Calls now include options to jump into the Chart view to see call volumes for each value of the given field, or call volume over time split by the given field.
  • Functionality in the Gateways page, in the calls over time” tab, the pageable set of timecharts (one for each of the gateways), now allows you to inspect the calls with a drilldown click.
  • Fixed a bug where the setup pages for the various lookups didn’t work if any values contained double quote characters.
  • Fixed a bug in Investigate Calls where action menu options to add/​remove searchterms didn’t work if the value contained double-quote characters.
  • Fixed a bug in Site Detail where edit site details’ would pass the wrong site name as argument.
  • Fixed a bug in Device Detail in the calls over time’ tab, if split-by was set to extension/​DN’. If that was set, the inline drilldowns on the subsequent Chart rendered below, would not render the call summaries in the table below that.

Version 6.6.1 (September 7th2023)

  • Functionality Site Detail page now has a call quality’ tab.
  • Further improvements and logic fixes to the action menu options in Investigate Calls
  • Fixed a regression in 6.6. where the Chart view would always show both the chart and the table regardless of which tab was selected.
  • Fixed a bug where the action menu options for the duration field on multileg calls would not work correctly.

Version 6.6 (August 28th2023)

  • Functionality In Investigate Calls, the contextual action menus have some new and useful options on certain key fields.
  • Functionality In Investigate Calls and Chart, the data_​type” pulldown’s selected state is now saved as a per-user preference.
  • Critical Fixed a bug where the links in the app navigation bar did not work correctly when the user was still in the Simple XML Dashboard’s Edit” mode.
  • Fixed a bug in Investigate Extensions, where calls for which CUCM listed no callingPartyNumber at all, would get rolled up as a row with a blank extension. Since the other parties on the call are represented elsewhere in the rollup, these blank rows are now filtered out. 
  • The Other data sources” tab in the Device Detail page will be a little better at finding the given device name in other sourcetypes. It will also now give links to explore any ciscoguid” values found in this data.
  • Fixed a bug where entering an expression in the huntPilotDN field in Investigate Extensions would allow a few extensions into the returned results even when they had calls involving that huntPilot.
  • Performance optimization that significantly speeds up the Chart view for many simpler cases where the user is filtering by one or more numbers but has only a simple report that necessitates no intermediate stats command.

Version 6.5.3 (July 11th2023)

  • Critical Fixed a bug that affected customers who were using the callId” field, specifically as created by the get_​call_​id‘ macro. The callId” field was renamed to call_​id” in 6.5. And although callId remained as a deprecated alias in props.conf, it was not left in as an alias within the get_​call_​id‘ macro. Customers affected by this should be able to just update to this version and their existing syntax will work again.
  • The Device Detail page’s Calls over time” tab, now allows quality” as a splitby option, and lists quality” as a field in the table of calls.
  • Further improvements in search efficiency when using the number” field in Investigate Calls.
  • the new calledPartyNumber field added in 6.5 is now an index-time field. 
  • server_​name” field is now extracted more reliably for CUBE data.
  • Fixed a bug in Investigate Devices where the calls” field was always zero.
  • Fixed a bug where if you added a dashboard panel from the call concurrency page it would end up rendering as tabular data instead of as a line chart.
  • Added a create dashboard panel” button to the intraday call distribution panel on Extension Detail
  • Slightly changed the SPL used to populate the data_​types” pulldown, to protect against an unusual corner case in complex custom_​index‘ values.

Version 6.5.2 (May 17th2023)

  • Fixed a regression that greatly lowered search efficiency when using the number” field in Investigate Calls.

Version 6.5.1 (April 28th2023)

  • Fixed a bug in the Investigate Devices page, where only partial or zero results could be displayed for devices that had no device type” extraction defined.
  • Cube CDR data now has extracted fields for duration_​elapsed, duration_​total and duration_​in_​minutes, whether single leg or multileg, just like the CUCM CDR data.

Version 6.5 (April 25th2023)

  • Functionality Investigate calls now allows you to search for CUBE calls even when the call did not touch CUCM at all. As a part of this there is a new form element in the page that will only appear if you have CUBE CDR indexed, in which case it allows you to switch between seeing only CUCM calls, only CUBE calls or both.
  • Functionality Newly aliased fields. In CUBE CDR the clid and dnis fields are aliased to callingPartyNumber and calledPartyNumber and the number” field in Investigate and Chart now uses these fields. In CUCM CDR the finalCalledPartyNumber” field is now aliased to calledPartyNumber”
  • Functionality renamed field initialType to initial_​type, callId to call_​id. CUBE CDR also now has fields number, duration, data_​type, type
  • Functionality Splunk 7.3 is no longer supported, and you must run Splunk 8.0 or higher. Various messaging has been added in case administrators on older Splunk versions update the apps and miss this detail.
  • Functionality Added new fields that hold useful english-language descriptions of 16 fields. These fields have to do with protocol, precedence, video resolution, bandwidth and more. Contact us for a full field list.
  • Functionality Investigate Devices now has a Clusters pulldown. Investigate Extensions now has a general search textfield.
  • Functionality Layout improvements and bugfixes for the Summary” tab within the Device Detail page.
  • Functionality Device Detail page will now search for the device name’s presence in other sourcetypes and indexes. If any are found it gives the user links to explore that data. 
  • Functionality Layout improvements and fixes on the Site detail page.
  • Functionality Default thresholds for call quality are improved now. Also within the Define call quality thresholds” page there is now a button admins can use to reset their current thresholds to the current shipping defaults. 
  • Critical Fixed a bug in the CUBE CDR integration, where the CUBE field values included in the results in Investigate Calls were the distinct values of those fields, then somewhat repeated, rather than a simple list of the values.
  • Critical Fixed a bug in the CUBE CDR integration, where CUBE fields would only appear in the results if nothing had been entered in the number text field.
  • Critical Fixed a bug whereby the emergency calls’ alert was not actually editable in the Splunk admin UI. Also updated the instructions on Emergency calls on how to customize the alert.
  • Fixed a bug in the Call Concurrency and Gateway Utilization page, where clicking a concurrency point in the chart wouldn’t narrow down the drilldown detail to the relevant split-by value.
  • Fixed a bug that caused an error to display on the homepage erroneously if you had more than one index configured in the custom_​index‘ macro (separated by OR’s). If this was the case then the homepage would erroneously say ERROR — the index specified in the custom_​index’ macro exists but contains no data.”
  • Fixed 2 bugs affecting the Upload tab on the Define groups and extensions’ page. If you uploaded a file that had wildcarded numbers that were not all grouped at the end of the file, then when the page tried to repair the row order it would inadvertently also discard the last 3 fields resulting in an error message later. Also error messaging has been improved when uploaded CSV files contain non-utf8 characters.
  • Performance improvements on the Call Detail page, specifically using a narrower timerange of just several hours before and after the time of the call.

Version 6.4.1 (Oct 27th2022)

  • Fixed a bug in Investigate Sites where sites could be erroneously listed on more than one row.
  • Fixed a bug where a few places in the Define Sites page were truncating the lookup on disk down to 10,000 subnets.
  • Investigate Sites now has a simple site” textfield you can use to filter the list (with wildcards if necessary) if/​when an unusually large number of sites have been defined.
  • Fixed a bug in Investigate Sites that only affected customers who were using our customizable” macros to calculate sites from the mediaTransport IP’s instead of the normal call-control IP’s (This is our recommended config for customers using SME Clusters). The bug was that the Investigate Sites page would ignore the customization and calculate the sites using the origIpAddr/​destIpAddr values. This was a regression introduced in Cisco CDR 4.1.9.
  • Fixed a bug in the Call Detail view where indexing very high volumes of CUBE CDR could slow the page to a crawl. The SPL in that view has been made far more efficient, such that the page should now perform well even if you have a million or more CUBE CDR indexed per day.
  • In the Call Detail view, the panel containing the Call Quality Information has been moved up to sit just above the panels titled other calls to/​from…”
  • Added a health check to detect whether the Devices Lookup contains any device names that are listed on more than one row.
  • Fixed a bug in the Call Detail view, where the top right panel that can list any field values, could previously not display any CMR fields. Also this panel now respects the field-ordering specified by the field picker (previously it listed them alphabetically).
  • Fixed a bug where if the Canary app was missing entirely the app’s landing page loaded blank, displaying no error message about the need to install Canary.

Version 6.4 (Sept 28th2022)

  • Critical For customers using Search head Clustering (SHC), the app’s config now specifies that existing lookups on the SHC members are to be preserved in all cases, even when the deployer push was done with preserve-lookups set to false. 
  • Critical For customers using Search Head Clustering (SHC), users are now able to post lookup changes from the Setup” screens, instead of being told to make their lookup changes on the Deployer.
  • Functionality Form fields have been reordered across the various Investigate pages to improve consistency from page to page.
  • Fixed a bug in the Device Detail page. If users were in its Calls over time” tab and attempted to drill down on one of the displayed calls it would not work. Now clicking those table rows leads to the Call Detail view and the call is displayed correctly there.
  • Fixed a bug in the Investigate Groups page, where you can now tell it to include groups/​extensions with zero calls, and also at the same time use the number” field to filter. The matching will then occur as expected on both the extensions with calls” and also the extensions with no calls” sides.
  • Improved a core health check to detect whether the index specified in the custom_​index” macro actually exists.
  • Reworked some health checks to reduce error messages if the user’s role has unusually restricted capabilities or permissions.

Version 6.3.9 (June 24th2022)

  • Worked around a problem in Splunk that was dragging down performance in the Call Concurrency and Gateway Utilization page. Searches in that page are now approximately 6x faster and run with far fewer resources used. 

Version 6.3.8 (June 1st2022)

  • Critical – Fixed a bug in the app’s migration code where users upgrading from versions older than 6.3.5 would end up with an incorrect and unusable call_​quality_​thresholds lookup. This version and going forward will not create that problem and will moreover repair that damage when it sees it on disk.
  • Fixed a bug around uploading new csv lookup files in the Setup pages, specifically when using SHC (Search-Head Clustering). Prior to this release the upload would fail for admin users who had the capabilty list_​search_​head_​clustering, but succeed for users lacking that capability, leading to an inconsistent state on the SHC. This is now fixed and all users will get the message that they cannot upload new CSV files when using SHC.
  • Fixed a bug that affected customers who used SHC, and also Cloud customers on Victoria stacks, where after an upgrade searches would fail with an error about the codec_​types lookup. The root cause is that Splunk will in these architectures erroneously retain the previous version of the codec_​types lookup across an app update. The new version of that file in the app is now simply renamed to workaround these bugs in SHC and Victoria.
  • Fixed a bug where if non-admin users were in core Splunk views or simpleXML dashboards, certain navigation elements in the app navbar would not work.
  • Fixed a bug in the setup pages where the edit” tabs allowed you to delete the last row of a lookup, putting the lookup into a problematic state.
  • Fixed some of our health checks to make them not generate false-positives in the Monitoring Console’s health checks page.

Version 6.3.7 (May 10th2022)

  • Critical – Fixed a regression introduced in 6.3.6 that prevented the Chart view’s over nothing” mode from working properly.
  • Improvements to the Example Call Quality Dashboard to make the searches consistently screen out zero duration calls and calls that never connected.

Version 6.3.6 (May 6th2022)

  • Critical – Fixed a bug where downloading the devices.csv from the Setup > Define Devices page, would give you a copy of the csv that was missing the required axlHost and axlPort columns. 
  • Fixed a bug where the Call quality information (CMR)” panel on the Call Detail page did not actually report the new quality” field.
  • Added health checks to catch cases where after an app upgrade there can potentially still be scheduled searches regenerating the devices lookup or the groups lookup with columns matching the previous version’s columns for that lookup.
  • When you use Save Report” or Create Dashboard Panel” the newly created report or dashboard will now be in the Saved Reports” or Saved Dashboards” menu right away. Previously the newly created item would not be in the menu until the page had been refreshed. Note to get the new behavior you also need Canary 
  • Dashboard panels created by the app now have the version=”1.1″ attribute, to prevent warnings from being displayed by Splunk.

Version 6.3.5 (April 1st2022)

  • Critical – Fixed a bug in the Call Detail page affecting multileg calls where the top right panel would only show field values from one of the N call legs. The panel now shows all values from all legs.
  • Functionality – huntPilotName, huntPilotGroup, huntPilotSubgroup fields now populate with information based on the groups lookup, so you can use groups with hunt pilots just like you can with other numbers.
  • Functionality – The field that the app creates as our normalized overall measure of call quality was renamed. Instead of the old confusing name qos” the field is now named quality”. Note that customers that populated the old call_​quality_​to_​qos lookup will get their changes migrated to the new call_quality_thresholds.csv lookup automatically when Splunk restarts after the version upgrade.
  • Fixed a bug where CMR events could fail to get timestamps extracted properly if the directoryNumber” field began with a “+” sign. For reasons unknown this seems to be rare – normally even when the party numbers in CDR are prefixed with “+”, the directoryNumber in the CMR is not.
  • Fixed a bug in the Investigate Groups page where anything entered in the huntPilotDN textfield resulted in no results found’. The field now works as expected to filter the group statistics down to the calls whose huntPilotDN values match the expression.
  • Pulled new NANPA data into the npa-nxx-lata-clli-ocn-location.csv” lookup.

Version 6.3.4 (March 10th2022)

  • Functionality – the Investigate Sites page now has a control to filter by Cluster.
    It also now has options to pick whether it should a) count calls with zero duration, and b) show rows for sites that have no calls at all in the given timerange.
  • Fixed a minor bug on the app homepage where the Learn more about the product” panel would become invisible if any critical health checks failed.
  • Fixed a bug where users still running Splunk Enterprise 7.3 would be redirected to the homepage if they clicked links in the app’s Navigation Bar while within SimpleXML dashboards or core Splunk pages.
  • Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code etc for all phone numbers worldwide.

Version 6.3.3 (February 11th2022)

  • Fixed a problem in 6.3.2 that prevented 2 new panels on the homepage from loading correctly
  • In Explore new reports” on the landing page there is now improved messaging when a particular report detects that an optional component that it requires, still needs to be set up.

Version 6.3.2 (February 9th2022)

  • The graph calls over time” link from Investigate Calls, as well as the see calls” link from the Chart view, no longer open in a new tab/​window. For some users with very low quotas for disk usage in /​var/​run/​dispatch the old behavior made it easier to run out of disk there and prevented them from running more searches until some TTL’s expired.
  • Minor fixes to a few of the app’s health checks in checklist.conf

Version 6.3.1 (February 7th2022)

  • Reworked the Your Deployment” panel on the new app homepage to run in far less time and with fewer resources used.
  • Fixed a bug where if you navigated to the Search” view and from there to the Example Call Quality Dashboard, you would end up on the wrong URL and a 404 error.
  • Fixed a minor bug where many reports in Explore New Reports” were misidentified as hub and spoke views”

Version 6.3 (February 4th2022)

  • Functionality – The app landing page has been redesigned to help new users learn how to use the app more effectively, as well as to give experienced users more useful jumping off points.
  • Functionality – There is a new Setup page that allows you to customize the thresholds on the call quality statistics that are mapped to the four categorical qos” values (good, acceptable, fair, poor).
  • Functionality – On calls that go through both CUCM and CUBE, for which the CDR from both sides is indexed, the Call Detail view will now also present the rows from the CUBE side, in both the table and the gantt chart.
  • Functionality – There is a new call quality dashboard” containing a number of out-of-the-box examples of interactive charts pertaining to call quality. The page allows users to easily select a chart they like, to customize it in the Chart view and then add it to their own dashboards.
  • Functionality – Added new fields, audio_​codec, video_​codec as well as origAudioBandwidth, destAudioBandwidth, origVideoBandwidth and destVideoBandwidth.
  • Functionality – The Navigation has been reorganized and some key items have been renamed. eg: Browse Calls” is now Investigate Calls”, and the saved dashboards menu is now at the top level of the nav.
  • Fixed a bug where Browse Extensions would show wrong numbers dialed if count calls with zero duration” was checked.
  • On each restart, if clusters.csv does not contain any clusters seen in the last 14d worth of indexed CDR data, those clusters will be added as new rows lookup. Formerly this check would only happen on the very first restart after install, with the problem being that no data might be indexed indexed at that time.
  • Fixed a problem where if you were viewing both CUBE CDR and UCM CDR in Investigate Calls (formerly Browse Calls), any use of the number” field would inadvertently screen out all CUBE fields from your results
  • Fixed a regression introduced in 6.0.5 where users on Splunk 7.X could no longer upload lookup files in the Setup pages.
  • Fixed a bug in Call Detail where the gantt chart could in some cases display strange points in time from many months ago, relating to calls that happened to have the exact same callIds on the same CM node and cluster. 
  • Fixed a bug in Call Detail pages when displaying multileg calls, where if the parties were the same on two or more legs, only one of them would be shown in the Gantt chart
  • Fixed a bug in the Site Detail page, in the Unusual call termination reasons” panel, where the chart drilldown to Investigate Calls (formerly Browse Calls) would not pick up the given cause_​description searchterm.

Version 6.2.2 (January 7th2022)

  • Critical – Fixed a bug that prevented users from adding dashboard panels to dashboards that had been shared at the app level.
  • Fixed a bug where multileg calls that had legs dateTimeConnect=”0″ would have their legs sorted incorrectly.
  • Fixed a bug on the Extension Detail page. If you set a huntPilot filter and/​or interact with the time_​of_​day chart to filter the calls displayed and then click investigate calls”, now when you get taken to the Browse calls” page it includes the extra huntPilot and time_​of_​day filters.
  • Fixed a bug where clicking elements in certain charts on the Site/​Extension/​Device Detail pages would not work correctly when run in the Canary UI.
  • Fixed a regression where in the Browse Devices the devices with no device_​type assigned” filtering option stopped working.
  • The Canary app is now required even for users still running Splunk Enterprise 7.3

Version 6.2.1 (December 10th2021)

  • Critical – Fixed a bug where the qos” field would fail with an error if you were using distributed search.
  • Multileg calls are now displayed consistently in the correct order, with logic for various cornercases where calls have multiple legs connecting during the same second.
  • Fixed a bug where Extension Detail view was showing a table of raw call legs without collecting the legs up into possibly multileg call rows.
  • Fixed a bug in the Browse Devices page where fields from the devices lookup would only be added if the option to show devices with zero calls” was selected. Also fixed a bug where the show devices with zero calls” option would not show those devices if you also had a subset of the device_​types selected.
  • Fixed a bug whenever the concurrency” field was used, and a split-by field was in use that happened to be null-valued, where Splunk would display a strange error message: Failed to parse templatized search for field max_​concurrency: ‘”.
  • Users running Splunk with the Free license can now update the Cisco CDR app’s license string in the UI without any error.
  • CIPC devices are now given device_​type field values of ipcommunicator” instead of softphone”.

Version 6.2 (November 11th2021)

  • Functionality – When you use the Create Dashboard Panel” buttons in the General Report page to create dashboard panels, the resulting panels now have working drilldown interactions that send the user to the matching calls in the Browse Calls page. Likewise, creating panels from Browse Calls creates drilldown to Call Detail, and creating panels from other Browse views creates drilldown to the corresponding Detail views.
  • Functionality – When you use the Create Dashboard Panel” buttons, it now creates the panel with the correct visualization, chart type, and stack mode.
  • Functionality – General Report now allows you to select no over” field at all, so your search results can be a single statistic. Note that you still have the option to set a split-by field, in which case your search results would be a single row with multiple columns.
  • Critical – Fixed a longstanding bug in the Canary UI where for many of the links in the app navigation bar, if you clicked those links while you were editing a Simple XML view you would get taken to an incorrect URL and a 404 error.


Fixed a bug in General Report where if you tried to take a call volume report with no filtering, and split it by a CMR field, the CMR values would all be null. Dashboard panels created via the Create Dashboard Panel” layers now have inline searches rather than separate referenced saved searches. Note that users who preferred it the old way can still use this functionality but then use Splunk’s Simple XML Editor, click the magnifying glass icon, and choose Convert to Report”.Fixes for when we are running in the old 7.X UI instead of in the Canary UI, where erroneous error messages no longer appear at the top of the pageDevices lookup now has 2 new fields – axlHost” and axlPort.” These are created by the Supporting Addon for AXL, and represent the CUCM node that the device information was pulled from. Fixed a bug in the Setup Groups/​Devices/​Sites page, where if the user lacked the output_​file” capability, they would see no error when they attempted to create/​edit or delete elements from the lookup using the app’s UI

Version 6.1 (October 6th2021)

  • Critical – Fixed a bug where the download” tab within the Setup Devices page would give you a csv file that was missing three required fields – className, subClassname, and directoryNumber.
  • Functionality – Addition of many links in the context menus in Browse Calls that appear on gateway/​site/​device fields and that lead to the relevant detail pages.
  • Functionality – The Setup Clusters page now allows admins to download/​upload the current cluster list as a csv file.
  • Functionality – The huntPilotDN field is now looked up against the groups lookup, and if present there are now fields created for huntPilotName, huntPilotGroup, huntPilotSubgroup
  • Functionality – Added a new field ring_​time” that is simply calculated from the origination/​connect/​disconnect timestamps.
  • Functionality – Browse Groups page now has a control to select a single UCM cluster or a subset of UCM clusters, and the selected value is passed on in subsequent drilldowns to Browse Extensions and Browse Calls.
  • Fixed a bug when running on Splunk Enterprise in 7.X, in the old (non-Canary) user interface, where the Browse Devices page wouldn’t load properly.
  • Fixed a bug where sometimes on the Call Detail page, legs with the same origination timestamp but different dateTimeConnect values would be displayed in the wrong sort order.
  • Added a cidr” field that if populated, will hold the matching subnets that were used to match the call leg’s origSite and/​or destSite values. This is really just a convenience, as it was already present as origCidr and destCidr
  • Fixed a bug in General Report where if you picked max(concurrency),” then with certain split by” fields selected the report would run as though no split-by field was selected. Since we have no reasonable way to run the report still those split-by options are now disabled when concurrency is selected.
  • Fixed a bug where the setup data inputs” page (only used for standalone onprem deployments) was not displaying some unexpected error messages when run in python3.
  • NOTE: The required minimum version of Splunk Enterprise / Cloud has been changed from 7.2 to 7.3.

Version 6.0.8 (August 25th2021)

  • Functionality – Improvements to the Browse Gateways and Gateway Detail pages.
    1. Added a Clusters pulldown which filters both the selectable options in the gateway pulldown and also the gateways that are listed in the main results.
    2. cluster” is now an optional field in the field picker.
    3. If there are any gateway names that are repeated across clusters, each will now get its own row with separate rollup stats in the report.
    4. There is new contextual messaging to reduce confusion if this happens when the cluster’ field is not selected as visible.
    5. Gateway Detail page now has a field for cluster which is populated by the drilldown from Browse Gateways.
  • Functionality – Added a new prototype feature in the form of a field qos” that can have values of good, fair, acceptable, or poor. The values are calculated from any CMR quality stats with customizable thresholds defined in lookups/call_quality_to_qos.csv”.
  • Functionality – Added a contextual message to the Browse Calls page, that only shows if get only” is not set to all records” and the user has entered some search filters” in the last form field. If the case is detected, the message suggests trying again with the get only” field set to all records”.
  • Improved the call_​failed field so that calls with cause_description=”User busy” are no longer counted as failed calls.
  • Added a time range control to the Setup Clusters page so the administrator can pick how far back to look for clusters to put in the lookup.
  • Added sourcetype cucm-kiwi-syslog’, which should be able to parse Cisco UCM Alarms coming in via Kiwi Syslog server on Windows.
  • Improved search performance in the specific case when users are in the Call Detail or Extension Detail views and they click on one of the calls shown in the call tables. Formerly, the clicks sent no timerange bounds to the following pages, and on some very large Splunk deployments even with the globally unique callId as a search term, it would result in very long page load times.
  • Fixed a bug on the Browse Groups page where any selection in the subgroup” pulldown would produce zero results.
  • Browse Groups will now display the actual subgroups of the calls matched if there are fewer than 6. If there are 6 or more it will give only the number, eg: “(8 subgroups included)”.
  • Fixed a bug where if you went to Call Detail or Extension Detail directly, ie not by following a drilldown link, the logic that displayed contextual help messaging there was not working in the Canary UI
  • Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code, etc for all phone numbers worldwide.
  • Pulled new NANPA data into the npa-nxx-lata-clli-ocn-location.csv” lookup.
  • Removed deprecated sourcetype cucm_​alternate_​syslog”

Version 6.0.7 (August 5th2021)

  • Functionality – Added a new field internal_​party_​number” that holds all of the calling/​called party numbers on the internal side of the call legs
  • Fixed a bug where using the number” field in the Browse Extensions page would return results that didn’t include incoming call counts.
  • Fixed a minor but longstanding usability problem in General Report where if you set the over” field to a field that is already set as your split by” field you would get a confusing error saying that you could not set both pulldowns to the same value. Now the UI just quietly considers the selection of the over” field to supersede the split-by field and it resets the split-by to “(none)”.
  • Fixed a bug in the Extension Detail view, where if you used the investigate these calls” link in the bottom left panel it would send you to Browse Calls but without the arguments set quite right so that it only showed calls *from* the given extension and included no calls to it.
  • Changed Browse Devices and Browse Extensions pages so that devices that have not made any calls at all are listed with the call counts set to 0”. Most notable about this change is that you can then sort on calls” to find the zeros, or use a simple search term of calls=0
  • The Emergency Calls page now has an export link on the right-hand side that when clicked will download the results as CSV and open them in Excel.

Version 6.0.6 (August 3rd2021)

  • Critical – Fixed a rare bug introduced in 6.0.5 as a part of the General Report optimizations. If you specified party numbers both in the number field and in the search terms field, the results would inadvertently filter out results where the party numbers were on different legs.
  • Fixed a bug where if you included only a single “*” character in certain fields in Browse Extensions and Browse Devices, the argument would get ignored. Most notably the hunt pilot field in Browse Extensions, ie to narrow to only calls with huntPilot involvement.

Version 6.0.5 (July 12th2021)

  • Functionality – Significant optimizations to increase search speed and efficiency in General Report. This wont apply to reports with complex filtering and with unusual primary fields or splitby fields however many of the most common reports will see a significant increase in speed and a significant drop in resource usage.
  • Functionality – Browse Calls now has links from party numbers directly to the Extension Detail page.
  • Functionality – Improved design and functionality on the Extension Detail page. Added an intraday chart. Fixed some issues in the drilldown interactions within the page.
  • Functionality – If the devices lookup has been populated, either manually or by setting up our Supporting AXL App, then all of the device fields can be used for filtering and searching and grouping, *without* their orig* and dest* prefixes. For instance, you can now run a report over productName” instead of having to run separate reports for over origProductName” and over destProductName”.
  • Functionality – Primarily for customers using our supporting AXL app, the devices lookup can now contain a directoryNumber” field per device. This is designed to hold the primary DN/​DiD number set in UCM for the given device. At search time this comes out as origDeviceDirectoryNumber” and destDeviceDirectoryNumber” as appropriate, as well as a third field containing the union of both those values, deviceDirectoryNumber”.
  • Functionality – Added a new field internal_​device_​name” that combines the origDeviceName and destDeviceName fields but excludes device names. This is very useful as a group-by or split-by field in General Report.
  • Fixed a problem that would sometimes cause users to end up on URL’s with an extra slash at the root.
  • Fixed a bug where if SplunkWeb was listening on a different port than the browser was talking to, some of the Setup pages like Setup Sites, would fail with an error when you tried to make changes to that config.
  • Fixed a bug where CUBE fields were appearing as options in the Browse Calls page’s field picker even if you had no CUBE data indexed.
  • Fixed a bug where the Devices page would not filter correctly when include devices with zero calls” was selected. The page now applies all the selected filters regardless of that setting
  • 911 calls” page is now renamed emergency calls”.
  • Fixed a bug in the Call Detail page that was causing the call legs to be sorted incorrectly and the duration field to be displayed in seconds instead of as HH:MM:SS.
  • Fixed a bug in the Gateway Detail page where the breakdown by cause_​description was displaying the count of raw records (cdr+cmr) rather than the actual count of callIds (and thus calls) which is generally slightly lower and is what users expect to see there.

Version 6.0.4 (May 11th2021)

  • Functionality – The Browse Gateways page now has an expanded field list and a field picker the user can use to display optional fields.
  • Critical – Fixed a bug on the Device Detail page where the table titled x calls to/​from this device” wasn’t displaying raw field values from call legs but instead an unintuitive summary of those fields.
  • Critical – Fixed a bug where the add new row” functionality in the Setup pages did not work properly. This bug was introduced in some changes in 6.0.
  • Fixed a relatively harmless problem in the call_​quality_​to_​qos lookup that was generating an error message from Splunk for some users.
  • Fixed a bug where the field picker on the Browse Devices page would act strangely if both a) the show devices with zero calls” option was on, and b) your timerange did not include any actual call data.
  • Removing the stacked100” option from General Report’s chart type” pulldown until Canary’s Chart module gets proper support for it.

Version 6.0.3 (April 15th2021)

  • Critical – Fixed a longstanding bug that only just came to light, where if you are using the number” field within General Report, it was impossible to build any reports on any quality fields.
  • Speed improvement on the Devices page. The device types” pulldown now populates much more quickly than before.
  • Fixed a confusing bug introduced in 6.0.2 in a particular link label case for the new action menus in Browse Calls. When you have foo=bar in the search filters, instead of getting an option to remove filter for foo=bar”, the action menu item would say just foo=bar”.
  • Devices lookup now has 2 extra fields className” and subclassName”. On upgrade, the app will automatically migrate the existing Devices lookup file to add the new columns. Note that this change is really just for users of our Supporting AXL App for Cisco CDR.

Version 6.0.2 (April 8th2021)

  • Critical – Fixed a bug where certain North American location fields like LATA, CLLI, OCN, CompanyType, Company Name, and NumberType wouldn’t populate in Browse Calls until you added one another location field to the field picker.
  • Functionality – Improved context menus in Browse Calls such that now clicking on party numbers will add the value to the number” field instead of the search filters” field. Also, the type and cluster fields now have working menus.
  • Improvements to how full DN’s are parsed such that some more common offnet prefixes will now be recognized out of the box.
  • Fixed a bug where party numbers that began with an offnet prefix of 9” followed by an area code that also began with 9 would not get any location fields populated.
  • Pulled new NANPA data into the npa-nxx-lata-clli-ocn-location.csv” lookup.
  • Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code, etc. for all phone numbers worldwide.

Version 6.0.1 (March 19th2021)

  • Critical – Fixed a bug in Call Detail where the top right panel would only ever allow you to see a subset of the fields.
  • Functionality – Browse Calls will no longer display rows for which there is only a CMR record and no CDRs. This situation can happen sometimes especially in large deployments when there are calls in progress that have generated one or more CMR, but that have NOT yet generated any CDR. Such calls would appear as a ghost call” on the first page of search results, ie with most or all fields empty. These apparently blank calls so regularly caused confusion that they’re now suppressed in that view specifically.
  • Minor changes to avoid appinspect false positives.
  • Reworked some health check searches to improve homepage load times.

Version 6 (February 24th2021)

  • Functionality – Users can now click on individual values in the Browse Calls view and a menu will appear allowing them to choose between adding a search filter for the given field=”value” term, excluding calls with field=”value” from results, or viewing the call details for the call.
  • Functionality – As with the above change to Browse Calls, clicks on charts in General Report now trigger context menus with different actions
  • Functionality – Browse Devices now has better, more usable options for including or not including zero duration calls in the call counts, and also for including *all* devices or only ones that participated in a call during the time period (requires devices lookup to be set up, either manually or via our Supporting AXL app for Cisco CDR Reporting and Analytics).
  • Functionality – There is a new Browse Groups” page that presents similar statistics to Browse Extensions but at the level of distinct groups. Clicking a row gives the user the option to view the extensions in Browse Extensions or to view all the group’s calls in Browse Calls.
  • Functionality – Browse Extensions and Browse Devices pages now will remember each user’s selected fields for later.
  • Critical – Fixed a bug where errors were never displaying on the homepage to tell the user that the current installed version of Canary or Sideview Utils was too old.
  • Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code, etc. for all phone numbers worldwide.
  • Added CUBE fields to the field gallery so now field names and descriptions are available on the Home screen.
  • Fixed a bug on Call Detail where the two field picker modules on the page would each set each other’s selected field list when they set their own.
  • Fixed a bug affecting 7.X users where the Report” section in the nav would highlight erroneously when the page was loaded, and various dashboards core to the app were appearing erroneously under Saved Dashboards”

Version 5.3.9 (January 15th2021)

  • Functionality – Users running the most recent version of the Canary app will now have selected fields from their CUBE data marked with “(CUBE)” in the field picker, just as happens in the legacy Splunk and Sideview Utils UI.
  • Updating the minimum required version of Splunk required to 7.2 since Splunk has ended support for 7.0.X and 7.1.X.
  • The option to chart the data as a bar” chart is now disabled if the data is plotted over time.
  • Fixed a problem where the Define Groups page’s Edit” tab was listing the form fields in the wrong order
  • The device_​name” field that the app creates is now created at index time through an INGEST_EVAL stanza. This means that for data indexed after upgrading to 5.3.9, techniques like tstats that leverage index-time fields can be used for better device usage reports. Conversely, to support all the customers who have data indexed prior to this update, the device_​name field also continues to be extracted at search-time to preserve the functionality in normal searches and reports.
  • Fixed a minor usability bug on the homepage where if you searched for one of the field category names itself like quality”, it would not match against the category names. Now such searches will also match and return all the fields in that category.
  • Pulled new NANPA data into the npa-nxx-lata-clli-ocn-location.csv” lookup.

Version 5.3.8 (December 2nd2020)

  • Changed how the app’s homepage checks for indexed data. Formerly it used the metadata command, but since this command can be deliberately disabled for lower privilege users, that can in turn cause the check to fail erroneously. The end result was some lower-privilege users would only see a homepage telling them that they hadn’t indexed any data yet. This is fixed now and the check uses a tstats search.
  • Patched a bug that only occurs in Splunk 8.1, where some of the SPL used by the call concurrency and gateway utilization” page does something the 8.1 SPL parser doesn’t like.
  • Fixed a typo in our health check responsible for finding unusual indexing lag, that had been preventing it from running properly.
  • Fixed a minor problem where if someone was trying out the app while running only a Splunk Free license in Splunk itself, our health checks for user/​role capabilities would fail erroneously.

Version 5.3.7 (November 6th2020)

  • Fixed a bug around the ROOT_ENDPOINT key, where users could get redirected to malformed URLs that were missing a slash between the root endpoint and the locale.
  • Improved the health check for indexing lag to list the 95th percentile of the lag in the health check message directly.

Version 5.3.6 (October 29th2020)

  • Fixed a critical regression introduced in 5.3.5 that broke the app on 7.X versions of Splunk.

Version 5.3.5 (October 16th2020)

  • Fixed a problem where the app’s own license checks would fail if the Splunk server was using the root_​endpoint” key. This would result in the license check failing when Splunk was set up in a reverse proxy configuration.

Version 5.3.4 (October 6th2020)

  • Fixed a bug on the Call Detail page where the panel displaying fields from individual call legs only let you choose selected fields from a subset of the available fields
  • Browse Extensions now allows you to pick a particular subset of your UCM Clusters, in addition to filtering by group/​subgroup/​name/​number/​huntGroup etc.
  • Minor changes to our default device_​type extractions to catch some unusual cases in the field for instance where jabber device names occasionally have hyphens or other non-alphanumeric characters in them.
  • Call Detail page now has see search syntax’ links allowing you to see and troubleshoot aspects of the raw CDR events or CMR events in the default Splunk UI
  • Minor modifications to some of our health checks to reduce false positives.
  • App now ships an app.manifest file which may help various things stay on the tracks in Splunk Cloud

Version 5.3.3 (August 26th2020)

  • Resolved a longstanding bug where the devices lookup would be unexpectedly empty after an install or update.
  • The Cisco CDR app’s navigation has been subtly reworked to improve user experience if folks
    miss the step about installing the Canary app, and also to allow us to soon remove the
    dependency on Sideview Utils for users on Splunk 8 and up.
  • Several existing health check searches improved to be more robust.
  • Additional health check search created to find duplicated data.
  • Browse Devices page now has a see raw search syntax” link.
  • Browse Devices page now has an optional field called last_​seen” listing the date and time of when the device was last involved in any call.
  • Added destAudioCodec and origAudioCodec, which will have values like G711mu-law 64k” or G729”.

Version 5.3.2 (June 24th2020)

  • Hoopjumping for some less-than-ideal problems in the Splunk Cloud vetting process. This release deletes one line of python code that was already commented out. This line was causing a silent failure of Cloud Manual Vetting for several months, for an erroneous and silly reason, and Splunk’s process gives no feedback to the third party app developer at all such that we were unable to learn about this problem until recently (Thanks to the internal resource who dug into the matter and was able to tell us the details). Our apologies to all our customers and prospects who over the past few months were told erroneously that the recent releases of this app were not cloud compatible.

Version 5.3.1 (June 3rd2020)

  • Some small changes to make various Splunk tools, and thus the users of those tools, recognize that the app is python3 compatible (which it was previously too).
  • Fixed a complex but rare bug in General Report where if you 1) had a categorical group-by or split-by field set, 2) you had a numeric y‑axis field set, 3) you were using a numeric function on that y‑axis field (eg sum or avg), 4) you were analyzing multileg calls, and 5) some legs in the individual calls being analyzed actually had the same value for the group-by or split-by field, then the math would work out slightly wrong. For example if you had a lot of calls with exactly two legs, and callingPartyNumber was always the same for both legs, and you were doing sum(duration) over callingPartyNumber in General Report, the duration values would be off by a factor of 2.
  • Fixed a bug in the General Report page where fields that had no non-null values were appearing as options in the pulldowns. For most users this should lower the number of fields in the pulldowns from around 350 to more like 250.
  • Removed some field aliases that we released long ago without any announcement, that were creating a few CIM-compliant field names. We had added these as an experiment to allow admins to try integrating CUCM CDR data into their security world. Since these never attracted anyone’s attention and at this point they’re doing a little more harm than good. Also added a health check to detect anysavedsearches in the app’s context that might be referencing them after their removal.
  • Fixed a bug on the Setup Data Inputs” page when run in Canary, where the user would be unable to ever switch to the helptext for distributed setups – regardless of which kind of installation they selected in the pulldown they would only get the help text for standalone setup
  • Fixed a bug where the Gateway Utilization, when run in Canary UI, was missing its chart-type pulldown
  • Fixed a bug where the Find sites to add” tab within the Setup Sites page would not render its tabular data in Canary
  • A small change to the python that implements our licensing system that will allow us to switch over to a new license string format in the future, where the beginning and end of all license strings doesn’t look identical.

Version 5.3 (April 24th2020)

  • Fixed a bug in the General Report page’s max(concurrency)” option, whereby the code was inadvertently binning the _​time field before doing the concurrency calculations. This resulted in only a small error for sparse call data, or for very narrow time scales. However when run over larger time scales or with a very large number of shorter duration calls, the report would overcount concurrency to quite a significant degree.
  • Added some behavior to the app_​setup script, which runs when Splunk restarts and which checks for first-time-run” and migration cases, so that if splunkd runs the script before Splunkd’s REST API is actually up and running, that it waits for up to 20 seconds for the REST api to become responsive, before proceeding.
  • Changes to the license endpoint such that now any user with either the license_​edit” or edit_​sourcetypes” capability can post a new trial or full license for the Cisco CDR app (Note this is NOT the license for Splunk Enterprise itself, but the app-level licensing that the Cisco CDR app itself implements). Formerly only a user with the admin_​all_​objects’ capability was able to post a new license. Note that this uses the documented mechanism in restmap.conf passSystemAuth=True
  • Added 4 new optional fields to Browse Extensions page – video (number of video calls), audio (number of audio calls), video_​duration and audio_duration.
  • Added a new field called call_​failed” that has a value of either 0 or 1. The field has a value of 0 for all call legs that connected, AND for all call legs that failed for normal’ reasons like unallocated (unassigned) number’. Conversely it will be 1” for any call legs that failed for bad” reasons, ranging from no circuit/​channel available” to any of the very numerous other unusual cause descriptions and CCM_SIP error codes.
  • Improved the default device_​type extraction for Unity devices to include device names beginning
    with Unity”. Previously it would only match device names beginning with CiscoUM”.
  • Removed some duplicate entries from the field_gallery.
  • Fixed a bug in the Field Gallery panel on the homepage where CS_​total and SCS_​total and some other fields were not searchable.
  • Fixed a problem, where if CallManager was misreporting seconds between origination time and connection time, as concealed or severely concealed seconds, which doesn’t really make any sense, that the CS_​total and SCS_​total fields could exceed the actual duration field in seconds, which would then lead to either of the ratio fields CSR_​overall or SCSR_​overall having values greater than 1. If this ever occurs in the field now, the CS_​total and SCS_​total fields are capped at the duration_​total value, thus effectively capping the ratio fields at 1.
  • Fixed a bug in the Busy Hour Calculator page where a handful of rare gateways would get omitted from the list sometimes if you had more than 100 or 200 gateways
  • CSS cleanup and raising required Canary version to 1.2.5.

Version 5.2.7 (March 26th2020)

  • Fixed a bug in the Call Concurrency page where the drilldown on the main chart (to display a more fine grained concurrency chart within that one data point), failed with an error
  • Fixed a bug in the Call Concurrency page where the gateways pulldown would in some situations load only a partial list of your gateways
  • Fixed a bug in the Call Concurrency and Gateway Utilization page where if you had a subset of your gateways selected, and no split by” selected, the chart would not render.
  • Fixed a bug when loading the Extension Detail page in the Canary UI, where the top panel would load blank and collapsed. The layout of the information in the top panel has also been improved somewhat.

Version 5.2.6 (March 19th2020)

  • Fixed a bug where the Cisco CDR app wouldn’t accept new licenses for the app
    if the Splunk Enterprise instance was only running the Splunk Free License.
  • Fixed a regression on the Gateway Utilization page. Essentially the fix in 5.2.4
    for the unwanted types showing up” bug had a flaw in it, that not only didn’t work
    but regressed the same behavior for the gateway side. There is now unit testing covering
    this to try and make sure it never happens again.

Version 5.2.5 (March 11th2020)

  • Fixed a regression in the set up data inputs’ wizard that only affected 8.X.
    (Note this functionality is only relevant to users who have a standalone splunk
    instance on one host, with not even any forwarders involved.)
  • Improved UI messaging for the set up data inputs’ wizard so that if the user
    is not an admin user or they are, but they lack the admin-all-objects capability,
    they get an error telling them as much instead of a confusing AuthorizationFailed”
    error message.
  • Switched over to using the new restmap.conf controller for the upload csv” functionality
    for both Setup Groups and Setup Sites.
  • Some cleanup in our python logging.

Version 5.2.4 (February 28th2020)

  • Fixed a bug in the Call Concurrency and Gateway Utilization page where
    if you had a subset of your gateways selected, and no split by” selected,
    the chart would not render.
  • Fixed another bug in the same view where if you had split by set to call type”
    and you had a subset of the 4 call types selected, and you also had multileg calls
    with different call types in their legs, you could get other unwanted call types
    displayed in the chart.
  • Added new default device type extractions to set device_​type fields for TCT*,
    BOT* and TAB* devices, which are respectively jabberiphone, jabberandroid, and
  • renamed existing jabber’ device_​type extraction (based on CSF*) to
    jabberdesktop’ to more closely match its real world meaning.
  • Fixed a bug where the call_​answered field would only exist if your report was also
    referencing other related fields like call_​answerable or call_connected.
  • Fix to the add new site” and add new extension/​group” tabs of the Setup Sites
    and Setup Groups pages – now when you submit it gives you a confirmation message
    that the new row was created.
  • Fix to a bug that affected the CUBE CDR integration, when in the legacy Splunk UI.
    Prior to this release the “(CUBE)” suffix would appear only on the relevant fields
    when the layer initially loaded and if you used the text box to filter your fields the
    suffix would vanish from the CUBE fields.
  • Fixed a bug around large multileg calls in the Call Detail view where the Gantt
    chart there would only display ten call legs and the rest would be lumped into an other”
    leg that behaved strangely.
  • Fixed a bug around large multileg calls in the Call Detail view where the field picker
    panel in the top right would display multivalued fields without spaces between the values.
  • Fixed a bug around large multileg calls in the Call Detail view the main fields
    displayed in the first two panels would display duplicates and thus clutter up the display

Version 5.2.3 (January 9th2020)

  • Fixed a typo in the concurrency searches if you did not have a split-by
    field set. Improved test coverage to avoid regressions in this area in
    the future.
  • Updated python to include latest version of libphonenumbers
  • Updated the npa-nxx-lata-clli-ocn-location” lookup. This is the piece
    that allows the app to take a north american number with just areacode
    and exchange, and create fields with city, state, zip, CLLI, OCN,
    CompanyType, latitude and longitude.

Version 5.2.2 (January 2nd2020)

  • Fixed some critical problems that were introduced with 5.2.1’s new field
    extractions for gateway, device_​type and type fields. Chief among these was
    a problem where FXO ports on MGCP gateways were getting misunderstood by
    5.2.1 as calls to internal devices rather than outgoing calls.
  • Fixed a bug in the Call Concurrency and Gateway Utilization page that only
    affected tandem calls, where the concurrency numbers for those gateways
    would be undercounted.
  • Fixed an obscure bug where if you attempted to use one of the dateTime*
    field as a search term, and you used it with a comparison operator like “>”,
    on multi-leg calls, the filtering would not work.
  • Fix made to our first-time-run and migration script to make it not error
    out when run in python3 on splunk 8.

Version 5.2.1 (December 10th2019)

  • Fixed a bug in the Call Concurrency and Gateway Utilization page where if you
    narrowed the chart to just N gateways, the presence of any tandem legs in the
    calls being analyzed would drag other (unselected) gateways into your chart.
  • Added 3 extra hidden fields to the groups lookup, that are optional.
    Admins can now customize the automatic lookup statements to use these fields
    and alias them to more useful names reflecting the local use case
    requirements, and then they will begin working as filtering, reporting and
    grouping, and the setup groups’ forms will automatically include appropriate
    form elements to create/​update/​delete the values.
  • Fixed a bug in the Canary UI where General Report and a few other pages would
    sometimes get an extra Loading…” indicator stuck open even when nothing
    further was loading.
  • Improved how the type”, field is calculated from span integers to never
    recognize conference bridge devices and conductors as gateway’ devices.
    Prior to this change, the default ^CFB and CONF$$” regexes for device_​type
    conference_​bridge” were doing a lot of this work, so for many customers the
    net improvement here may be minimal or zero. On the other hand for some this
    will make a lot of tandem” call legs become incoming” or outgoing” legs
    more in line wiht expectation.
  • As with the fixes to the type” field (see above), the extraction of the
    device_​type and gateway fields has been improved.
  • Fixed a bug where calls to/​from, analog devices attached to MGCP gateways
    would get the orig/​dest gateway fields set to the MGCP gateway. This was
    misleading at best.
  • Fixed a bug where picking just incoming or internal calls, would erroneously
    filter out matching calls involving conference bridge devices, (even where we
    were previously extracting the type’ field correctly).
  • removed duplicate values from the internal_​device_​type field.
  • Fixed a bug where the origSpan and destSpan fields were marked as categorical
    instead of numeric, so you couldn’t build reports like max(origSpan).
  • Fixed a bug causing the Canary UI on 8.0 to get a switch back to the old
    splunk UI’ (This was intended only for pre 8.0 versions, and the link when
    clicked would just redirect you back to Canary UI).
  • The Browse gateways page now uses improved SPL to populate the checkbox
    pulldown for selecting which gateways you want to analyze.
    (Note: this work was mistakenly reported in the 5.1.4 release notes although
    it did not actually ship until this release).

Version 5.2 (November 5th2019)

  • To implement the upload lookup” functionality on Setup Groups and Setup
    Devices in Splunk 8 and higher, a restmap.conf controller now exists to
    replace the legacy web.conf controller, and the respective pages now POST
    to this new controller when run in the Canary UI. There is also an
    improvement to how the messaging works for both success and failure cases.
  • Added a download” tab to the Define Sites” page so admins can download a
    fresh copy of the current subnets to work on it, and then reupload it later.
  • MLQK values of exactly 0 are now discarded automatically. These values
    always seem to be false readings and previously they had to be filtered out
  • Fixing a bug in the Call Detail page, where if many devices were involved,
  • Fixed a misalignment of the Pager module in the Browse Devices pages.
    the layout of the page would get pushed out and break.
  • Fixed a bug that only affected the Canary UI where the page didn’t work
    due to a typo where the page invokes app’s reusable ui pattern
  • Fixed a bug that only affected the General Report and Browse Calls views
    in the Canary UI where some fields would not get their special custom SPL
    extractions/​conversions inserted automatically behind the scenes.
  • Changes to the Call Detail page to get the Field selection to work in both
    the Canary UI and the old Splunk UI.

Version 5.1.5 (October 7th2019)

  • Compatibility work for the transition from Sideview Utils to Canary.
  • Layout fixes to the Browse Gateways page.

Version 5.1.4 (September 19th2019)

  • Now when you use Create Dashboard Panel”, the current choice of
    visualization (chart vs table) as well as chartType and stackMode if
    relevant, are passed along and saved into the final dashboard XML.
  • Fixed a problem where CallManager misreports inbound calls to UCXNSubscriber
    devices as though the device was a gateway and the leg a tandem leg.
  • Added a new field called bh_​type” to the app whose value denotes whether
    the origination time of the call is during business_​hours” or off_​hours”.
  • Added fields to Browse Extensions that are unchecked by default that show
    business_​hours” and off_​hours” call counts, as well as
    business_​hours_​duration” and off_​hours_​duration”.
  • Added proper logic to detect whether the Canary app is installed and if so
    to switch to rendering the current page in the Canary UI instead of the
    Advanced XML UI. Also text and links about Canary (currently in beta).
  • Fixed a bug in General Report when doing a max” concurrency” report,
    where if you weren’t using a splitby field, the legend would say 1” instead
    of max(concurrency)”.
  • Fixed a bug where if you used the Setup Clusters” page to generate your
    clusters lookup, it would write the clusterLocale values as “”, which would
    prevent the location lookup from running and thus you would not get any
    location fields like area code, exchange, country, lat/​long etc.

Version 5.1.3 (August 26th2019)

  • Converted the encoding of a number of static file-based lookups from ascii
    to UTF8 to allow customers to more easily translate the english language
    content there into a local language.
  • Added a key to server.conf so that when admins update the sideview license
    on any Clustered Search Head, that license change will be propagated to the
    other SHC members.
  • Improvements to the app_​setup/​migration script so that it better handles
    unexpected cases where the clusters/​devices/​groups/​cidr lookups on disk
    are found to be empty. It will now detect this case and attempt to replace
    the contents of the file with the corresponding *.default.csv file.
  • Tightened the regex that matches the SEP prefix for hardphones to eliminate
    false positives on other devices whose names happen to have those first few
    letters. Now it looks further for 12 subsequent characters of hex.
  • Fixed a subtle problem in the Call Concurrency and Gateway Utilization page.
    CallManager sometimes marks call legs canonically as outgoing or incoming
    even when the destDevice or origDevice listed is clearly a hardphone or conf
    bridge. Since gateway extractions all fail for these devicenames, the page
    when splitting by gateway” would end up with NULL” as a legend item.
    These have now been filtered out.
  • The gateways pulldown in the Gateway Utilization page will now return much
    faster, and will contain the canonical list of gateways for the given time
    range even if there are hundreds of gateways across 100K+ call legs.
  • Search optimization is disabled now for any user or view using our
    get_​locations‘ macro, as we have seen SPL optimization mangle the lookup
    command for the external lookup.
  • Fixed a bug in General Report where if sourcetype” was a field you were
    analyzing, the UI wouldn’t realize it should try to pull any CMR and CUBE
    records into the analysis as well.

Version 5.1.2 (July 19th2019)

  • Fixed a bug where when using max(concurrency) in the General Report view,
    your bins” setting would be ignored and a default bins ceiling of 400
    would get used instead.
  • Fixed a bug in Browse Extensions, and Browse Devices, where if you entered
    values into a text field and then without changing anything else clicked
    the submit button instead of hitting the enter key, the values you entered
    would be ignored.

Version 5.1.1 (July 11th2019)

  • Made a change so that if the Splunk instance is a Search Head Cluster and
    someone tries to post a new license string into the Update License page,
    it takes no action and gives them a helpful error.
  • Snuck in a semi-secret feature whereby concurrency reports can be done in a
    limited fashion within General Report and Browse Calls.
  • Updated the npa-nxx-lata-clli-ocn-location” lookup.
  • Updated python to include latest version of libphonenumbers

Version 5.1 (June 10th2019)

  • Major improvements to both functionality and usability of the Browse
    Devices page.
  • Devices lookup now can hold an additional column productName”. When
    present this creates fields origProductName and destProductName.
  • Device Detail page now has an additional tab that displays additional
    summary details like unicodeLoginUserId values and numbers associated with
    the device, as well as any values that our SA_​cisco_​cdr_​axl app may have
    pulled from CallManager via AXL.

Version 5.0.10 (May 14th2019)

  • Removed the CSR and SCSR field from the field gallery because we realized
    that these fields don’t actually exist in the CMR itself yet.
  • Added CS_​total and SCS_​total as new fields on the calls, which are the
    total seconds of concealed speech and the total seconds of severely
    concealed speech, across ALL CMR associated with the given call.
  • Added CSR_​overall and SCSR_​overall fields, which are respectively the
    CS_​total/​duration_​total, and SCS_​total/​duration_​total.
    As such these represent reliable concealed speech ratio metrics for any
    devices reporting CS and SCS.
  • Fixing a bug in the transfers and legs fields, where if you used them
    as a split-by field in reporting, they would get very significantly
    overcounted, as represented by the range numbers in the legend for the
    split by values.
  • Call Detail view now displays the time of any CMR that are present, either
    by listing the value of its dateTimeStamp field or failing that, presenting
    the time that the record was indexed by Splunk.
  • Fixed a bug where refreshing the browser manually on General Report pages
    could reset your y‑axis field unexpectedly.
  • Fixed some formatting problems in field_gallery.csv which were causing
    General Report to treat some fields incorrectly as categorical or numeric.
  • Changed the Update License page so it no longer attempts to preload the
    textfield with the existing license string – instead now the raw string is
    displayed in the table below.
  • Fixed a bug in Browse Extensions where Show – Include numbers with zero
    calls” would return two rows for some numbers in the results.
  • Fixed a bug where the devices lookup (rarely used, somewhat secret feature)
    which is technically allowed to have null values in most of its fields,
    would get some null values filled with PLACEHOLDER” on Splunk restart.
  • Added migration to make the field names within the devices lookup
    consistently cased.
  • added new fields that can be pulled from the optional devices lookup.
  • Device Detail and Extension Detail pages now have links under key panels
    that show calls, to investigate these same calls over in Browse Calls.
  • Fixed a bug in the Browse Extensions page, where the no group” and no
    subgroup” options wouldn’t work when checked, if any other checkboxes were

Version 5.0.9 (April 12th2019)

  • Improved error messaging when underprivileged users attempt to update
    the app’s license string, and when invalid licenses are submitted.
  • Removed the embedded app TA_​cisco_​cdr, as this has now been released
    separately on Splunkbase. (NOTE – versions posted on Splunkbase never
    had the TA’s in them so this only reflects a change for users
    downloading from the Sideview website.)
  • Fixed a bug where orig_​device_​type, dest_​device_​type and device_​type
    fields would not populate correctly for non-mgcp gateway devices.
  • Implemented a small improvement for the device_​type field on individual
    call legs. If both types are the same, the field now only holds the single
    distinct value
  • Implemented a subtle fix to what the app calls its union fields”, (group,
    name, subgroup, ip_​addr and device_​type) so that in the aggregated call
    results, these fields now only list the distinct values.
  • Improved the Groups lookup’s handling of wildcarded numbers by having it
    check and correct the sort order of the lookup, so now nested wildcards
    work in the expected way without manual sorting.
  • Added Cisco’s somewhat newer redirect reason codes >300 to the app’s lookup.
  • Fixed an error in the Concurrent calls page that complained about an invalid
  • Added new default device_​type extractions for conference bridges
  • Fixed a bug where some conference bridge devices would get misidentified as
  • Changes to default.meta to make some of our content not get flagged as
    orphaned” in splunk’s reassign knowledge objects” admin UI.

Version 5.0.8 (March 12th2019)

  • Improved the to” and from” fields so that if one of the geographical
    fields like city OR state is blank, it does not fall all the way back to
    displaying only country (this can happen with wireless numbers where there
    is no city associated)
  • Raising the minimum version asserted by the app, from Splunk Enterprise 6.2
    to Splunk Enterprise 6.4, as our new license endpoint was found to be only
    compatible with 6.4 and up.
  • Fixed a bug when adding a dashboard panel to a shared dashboard not owned
    by the current user. Previously this would fail with a confusing 404 error.
  • Fixed a bug when creating a new dashboard entirely, where the dashboard
    panel creation would fail with ERROR 400 Cannot create an object with
    empty or all whitespace name”
  • When saving a new report, sharing the report with others now works properly.
  • When creating a new dashboard for new dashboard panels, the UI now prompts
    you if your desired dashboard name contains invalid characters.
  • For multileg calls, the from” and to” fields now have only the distinct
    string values from the various legs, and no longer list duplicate values.
  • Removing the interactive timeline from the top of the Browse Devices page
    as it seems a change in more recent Splunk Enterprise versions has made
    this not render properly. (if you want it back and fixed let us know)
  • Fixed a bug on the Browse Devices page where the device name filter would
    allow the device names from the non-matching device (on the other side of
    each call) to creep into the device search results.
  • Fixed a bug in the Gantt chart on Call Detail where it now renders even in
    the rare case where callingPartyNumber or finalCalledPartyNumber are blank.
  • Fixed a bug in Browse Extensions where using the name” field would filter
    to the right people but could also return other internal parties that had
    been on any multi-leg calls with them during the time range.
  • The number” field in Browse Devices now supports multiple comma-separated
    numbers, numbers with wildcards and hyphenated ranges of numbers (only up
    to a max of 50) and various combinations thereof.
  • Cosmetic CSS fixes to render popuplayers, checkbox pulldowns and buttons
    properly in the Splunk 7.3 beta.
  • Screened out some erroneous rest command warnings from the 911 calls page
    and the sites setup page.

Version 5.0.7 (March 1st2019)

  • Fixed a critical bug for Cloud users and users downloading from Splunkbase
    that effectively barred all non-admin users from the product.
  • Health checks page can now be run even when product lacks a valid license.
  • Filtered out unnecessary Successfully loaded lookup file” UI messages.
  • Added a warning to users who attempt to enter raw numeric terms into the
    search filters’ field, as this is not supported and will return 0 results.

Version 5.0.6 (February 27th2019)

  • Fixed a common problem where license strings pasted into Update License”
    would fail if they had an extra leading or trailing space character.
  • Improved the fix done in 5.0.5 around the Sideview Utils not installed”
    error case to no longer require a custom module.

Version 5.0.5 (February 19th2019)

  • on Site Detail and Gateway Detail pages, some drilldowns and links were
    linking to Browse Calls with the get only the” pulldown set to only pull
    the most recent 1000 call legs. This has been fixed so those links will set
    that pulldown to all” and so will now return expected results.
  • Implemented a workaround for a bug introduced in Splunk Enterprise 7.2.4
    itself that causes an error message to appear on the app homepage saying
    ServerSideInclude Module Error”
  • Improved the Edit Clusters page so that if Splunk fails to run our
    app_​setup script (we are still not sure why this happens sometimes), users
    can still use the Edit Clusters” page to fix the clusters lookup manually.

Version 5.0.4 (February 4th2019)

  • Fixed a bug where if you were using * as a wildcard in your groups lookup
    entries the Extension Detail page for matching numbers would fail to list
    the name, group, subgroup information.
  • Migration check added, to look for old saved reports that have ui_​edit_​view
    specified but no ui_​context. Since these will be unable to reload themselves
    in the specified view they are now migrated to load in the default splunk
    report’ view.
  • the Setup Groups page now gives users the ability to download a copy of the
    groups lookup as a csv or to open it directly in Excel.
  • Fixed a bug around the save report” buttons – the resulting reports would
    reload fine in the Sideview UI but the underlying savedsearch stanza had an
    extra search” prepended to the SPL that would make it always return 0
    results when run from core splunk interfaces and from the scheduler.

Version 5.0.3 (January 25th2019)

  • Fixed a regression introduced surprisingly long ago where if you saved a
    report and then tried to reload it from the Saved Reports” menu, it would
    not appear with the form elements selected to the right values and so the
    results would be incorrect.
  • Fixed a bug where after you saved a report or dashboard from any of the
    app’s interfaces, you would have to reload the page or navigate to a
    different page before the new report/​dashboard appeared in the Saved Report
    or Saved Dashboards menu.

Version 5.0.2 (January 17th2019)

  • Fixed a bug in the Devices page, where if you had all of the options selected
    in the sites” pulldown, then all of the sites in the table would switch to
  • Fixed a bug on Internet Explorer only that was introduced in 5.0.1, that
    prevented the product from working properly on that browser.

Version 5.0.1 (January 14th2019)

  • Fixed a problem introduced in Splunk 7.X where the TimeRangePicker control’s
    menu options lost their submenus and became instead a huge flat list.
  • Screened out a class of uninformative Successfully read lookup file”
    messages from being displayed in the UI.
  • Improved clarity of product messaging when license/​support terms expire.
  • Within General Report, the over time” option now always gives you an option
    to set the bins”, ie to set the granularity of time on the x‑axis.
  • Cisco CDR app now requires at least Sideview Utils 3.4.6.

Version 5.0 (January 11th2019)

  • The product has a new licensing mechanism. Instead of the license information
    being embedded only in the source code served from our website, you can now
    update the license by pasting your current valid license string into a page
    in the product itself.
  • Fixed a bug in the number” field in Browse Calls and General Report where
    you could quickly click into the field as the page was loading and the
    enter number()” text would get stuck in there as though it was valid input.
  • Added Field Gallery docs for SCSR and CSR fields, and a sample report.
  • Pulled new NANPA data into the npa-nxx-lata-clli-ocn-location.csv” lookup.
  • Fixed a bug that caused Browse Gateways to sometimes break a given gateway’s
    stats into two different rows.
  • updated python-phonenumbers library to latest version.

Version 4.4.3 (November 9th2018)

  • Significant performance improvements in both browse and general report
    views by simplifying and optimizing the underlying SPL.
  • Fixed a problem in the Call Detail view caused by a regression in
    Splunk 7.2 in its fields and table commands. Specifically this caused
    confusing behavior in the Call Detail page where the field values in tables
    could become misaligned and jumbled up from the field names
  • Fixed a bug where filtering using numeric fields with comparison operators
    like MLQK>0 or jitter>20 would erroneously filter out all rows with 2 or
    more call legs. (Note that technically this a workaround for a bug we
    only recently discovered in Splunk’s own search language.)
  • Fixed a bug that caused callingPartyCountry and finalCalledPartyCountry to
    often be blank.
  • Fixed a problem where users who lacked the dispatch_​rest_​to_​indexers
    capability in Splunk would get a confusing warning on some pages.
    (besides the erroneous warning no functionality was actually affected)
  • Fixes to the hidden user_​activity view (Note this view only works for users
    that can search the _​internal and _​audit indexes, typically admins only)
  • Improved the messages displayed when the app comes up and Sideview Utils
    is not installed or was removed accidentally.
  • Fixed a bug in the app_​setup script that failed to account for the devices
    lookup having a different header row that was canonical on older versions
    of the app.
  • Fixed a minor bug — when summing a numeric field on multileg calls where the
    same value gets repeated the sum would fall slightly short.
  • In General Report the stack mode” pulldown now defaults to stacked”.

Version 4.4.2 (October 10th2018)

  • Fixed a bug in the new Create Report / Create Dashboard Panel functionality
    where it would fail for non-admin users.
  • Fixed a bug where the data input setup wizard would fail if the admin” user
    had been deleted (regardless of which user you were using the wizard as).
  • Fixed a bug where non-US numbers would get not just *CountryCode and
    *AreaCode fields but also the three digit *Exchange fields created
    by mistake.

Version 4.4.1 (September 27th2018)

  • Fixed a bug where the migration applied to the clusters lookup in 4.4
    failed to properly migrate the names of the fields, leaving the lookup
    inconsistent with props.conf

Version 4.4 (September 22nd2018)

  • python script now handles the tasks around creating and migrating the
    contents of key user-editable lookup files. (Formerly this was handled
    by special config hidden on the home page that required an admin user to
    load that page once after installs and after all upgrades.)
  • Minimum version of Splunk Enterprise has changed from 6.0 to 6.2.
  • Substantially reordered and redesigned the main form field layout in Browse
    Calls and General Report.
  • Updated python to include latest version of libphonenumbers
  • Pulled new NANPA data into the npa-nxx-lata-clli-ocn-location.csv” lookup.
  • Sites lookup now *can* have subnet blocks that contain other listed subnets,
    meaning you can now put in catchalls for larger regions while carving out
    specific subnets within for other site names. Various mechanisms also now
    exist to detect when the file has incorrect sort order, and to fix it from
    within Setup Sites itself.
  • In the Gateways – Summary tab, each gateway now has a failed call count and a
    failed call percentage.
  • In the Gateways – Calls over time tab, you can now change the charts
    displayed for the gateways to be split by call success/​failure instead of
    just by call type.
  • Added a new field gateway” that represents the union of orig_​gateway and
  • Clicking see calls” from General Report will now set the see only the N
    most recent call legs” pulldown to all” to avoid common confusion there.
  • Fixed several problems where all calls to/​from non-US regions in the North
    American numbering plan would not get their actual *Country, *AreaCode,
    *Exchange, fields set correctly.
  • Added proper support for parsing IDD prefixes by locale. Clusters.csv now
    has an extra column locale”. Existing CSV’s are migrated when the homepage
    is loaded. If left blank there is a failsafe macro that sets it to US”.
  • Setup Clusters page now has a UI with which the users can edit the locale
    for each cluster.
  • Canadian states and territories are now reflected properly in the
    callingPartyState and finalCalledPartyState fields.
  • Fixed the field extractions for origUnityVMDevice and destUnityVMDevice
    which were only holding the device name up to the first hyphen char.
  • Added two new categorical fields, callingPartyNumberType and
    finalCalledPartyNumberType. eg: toll_​free”, fixed_​line”, mobile”,
    fixed_​line_​or_​mobile”, shared_​cost” etc.
  • Fixed a bug in Browse Gateways, where the click to Gateway Detail did not
    pass on the currently selected timerange.
  • Changed the Origination/​Connect/​Disconnect times listed on the Call Detail
    page to include second granularity (was formerly just to the minute).
  • Added see search syntax’ links to the Extension Detail pages.
  • Added a field called seconds_​until_​disconnect” that just measures the total
    time between the origination time and the disconnect time. This can be useful
    for analyzing inbound ring time for call legs that are not answered.
  • Browse Sites now lists the subnet_​description fields and country if those
    have been entered in the lookup.
  • Added some cosmetic CSS fixes to work with Splunk Enterprise 7.2.

Version 4.3.2 (July 31st2018)

  • Numbers entered into the groups lookup can now have asterisk characters and
    they will be treated as wildcards when matching against party numbers.
  • for US numbers, the callingPartyState and finalCalledPartyState fields now
    are the full state names instead of the two letter abbreviations. There are
    also new fields callingPartyStateAbbr and finalCalledPartyStateAbbr for the
    users who need the abbreviated values.
  • For US numbers there are new fields callingPartyCLLI, finalCalledPartyCLLI,
    callingPartyCompanyName and finalCalledPartyCompanyName.
  • Fixed the field pulldowns in General Report to properly disable fields that
    we know to be categorical when a numerical statistic (eg avg) is selected.
  • Fixed a recent regression where the reset to default fields” links
    dissappeared from the field pickers.
  • removed the all” option from the Sites pulldown on Site Detail as it didn’t
    work properly and doesn’t make sense on a page designed to give detail on
    only a single site.
  • Fixed a cosmetic bug in the TimePicker’s Calendar widget, where the next”
    button rendered in the middle of the month name.
  • Added a day_​of_​year field (integer-valued, from 1 to 366).
  • App homepage now automatically runs a subset of the health checks that we
    deem critical, so common setup failures can be found and fixed more quickly.
  • Fixed a bug in General Report where the bins” fields would often reset
    themselves to 15”.
  • Lots of new Health Checks have been added to detect common and/​or critical
    misconfigurations and error states. (See Setup > Health Checks for details)
  • Fixed a bug in the calls over time” tab within the Browse Gateways page
    where not all gateways would actually get a timechart, if you had the
    scan only” pulldown set to less than all”.
  • Fixed a bug in the calls over time” tab in Browse Gateways where the charts
    were not including stats from any incoming calls.
  • Health Checks page now groups the health checks that are considered
    Critical” in their own section at the top.

Version 4.3.1 (June 14th2018)

  • Fixed a bug where some very long but nonetheless valid international numbers
    were not getting location fields extracted.
  • Fixed a bug where 0011” was not being used as a possible IDD prefix.
    Note that this is only likely to affect users in Australia.
  • Some changes in the Setup pages for clarity and also for look and feel and
    consistency in Splunk 7.1
  • Added some initial functionality so that customers who follow our steps to
    ingest data from CUBE, will see those extra fields in Browse Calls.
  • Added a health check to make sure no entries in the Groups lookup are
    missing the number field.

Version 4.3 (May 7th2018)

  • Browse Extensions now has options to include rows for extensions with zero
    calls, as well as to include calls with zero duration in the counts.
  • Browse Extensions now has a field to specify one or more huntGroups whose
    activity you want to narrow down to. The value entered is passed to the
    Extension Detail page as well and exists as an editable field there also.
    Supports * as a wildcard, comma-separated and hyphenated range values.
  • Simplification and optimization of the SPL search syntax used by the Browse
    Extensions view. Removal of the nameGroupSubgroup” field.
  • Fixed a bug where Browse Extensions was double-counting duration of calls
    where the given party was both the original and final called party number.
  • Fixed a bug in the Devices page where selecting no site extracted” would
    not work correctly. As part of the underlying fix was in Sideview Utils,
    the required Sideview Utils version is now 3.4.2.
  • Groups lookup now has max_matches=1, meaning if a given extension is in the
    lookup twice, only the first matching row will be used.
  • Added huntPilotDN to the available fields in Browse Extensions, although it
    is off by default.
  • Added a health check to look for numbers entered more than once in the
    Groups lookup.
  • Added a simple report to the Field Gallery table, to show which pairs of
    sites tend to have low MOS scores for calls carried internally.
  • Added logic to Device, Gateway and Site Detail views, so that when the user
    clicks the breadcrumb to return to the corresponding Browse view, the
    previous selection states will be restored.
  • Fixed a bug in the health check that checks leg_​type definitions for
    unwanted overlap.
  • Removed the MAX_DAYS_AGO=365 setting, so customers adding historical data
    that is more than one year old don’t get it indexed with current clock time.
  • Gave Site Detail page a simple link you can use to see all calls in/​out of
    the given site, over on the Browse Calls page.
  • Screened out three field names from all field lists – the misspelled orig*
    and destdeviceName” fields that appears in CMR data, and the varVQMetrics
    field which is not needed because we extract each metric separately.
  • Changed the gateway checkbox pulldowns on the Gateway Utilization, and Busy
    Hour Calculator pages, to only pull 50,000 events at most, in calculating the
    list of gateways.

Version 4.2 (April 24th2018)

  • For all calls that have more than one leg, the order of those calls in the
    results on Browse Calls is now reversed. This is a change we have wanted
    to make for a long time. Formerly the first call leg was listed last and
    the last call first. We apologize for the confusion of our existing
    customers who had gotten used to it the old way.
  • Browse Gateways now has a checkbox pulldown to select any subset of gateways.
  • Improved the Browse Gateways page, to have a second tab wherein it lists
    one chart per selected gateway, of call counts over time split by type
  • There is a new field called leg_​type”. You can assign values to call legs
    simply by defining eventtypes whose names begin with leg_​type_​”. This
    enables a wide range from simple on-the-ground readability to advanced
    reporting and analytics, particularly around complex multi-leg flows.
    Docs and more product work are coming. Contact us for more details.
  • Sites lookup now has additional fields of country and subnet_​description.
    and the location” field is now renamed to site_​name”.
    The app homepage runs a simple migration that will implement these changes
    and add the new columns as necessary to existing lookup files.
  • The fields we add to represent the initial” and terminating” party number
    values, now are defined on each call leg instead of only on first and last.
  • Fixed a bug where if you used the advanced” field within General Report,
    clicking see calls” to switch to Browse Calls would fail with an error.
  • Added a new field called initialType, that for each call represents the
    type” value of the call leg with the earliest origination time.
  • Changed defaults on the 911 report, to include 9911 and to exclude calls
    that failed with Unallocated (unassigned) number”.
  • Updated the call release cause codes and video codec types lookups to add
    some entries only present in more recent CM versions.
  • Fixed a bug in Browse Calls and General Report where if you were using
    any location fields suffixed with Lat, Long or StateAbbr, and not using
    any other location fields, the values be all null.
  • Fixed the appearance of the app’s submit buttons when the app is loaded in
    Splunk 7.1.
  • Added a workaround for a bug in Splunk 7.1, where the class of
    foo NOT foo” searches that we use to power the field pickers stop working
  • Fixed cosmetic bugs in Splunk 7.1 in the Pulldown, CheckboxPulldown and
    FieldPicker modules.
  • TimeRangePicker controls on extension_​detail, site_​detail, gateway_​detail and
    device_​detail no longer default to All time.
  • Required version of Sideview Utils is now 3.4.1 (was previously 3.3.15).

Version 4.1.10 (March 26th2018)

  • Added a new default device_​type extraction for Cisco ICD queues.
  • Workaround for a bug in Splunk where the server returns UNKNOWN_VERSION” as
    the Splunk version. Prior to this release of the app, when his bug did occur
    in Splunk it made the app’s version dependency check fail, and then redirect
    every user to the homepage to tell them the Splunk version was too low.
  • Fixed a bug where gateway devices were showing up on browse devices if you
    had all device types selected (even though they’re not one of the options).

Version 4.1.9 (February 13th2018)

  • Removed the runlocal=true from all lookups so bundle replication can push the
    scripts and tables out to run at the indexers.
  • Fixed a bug in Browse Extensions where the group and subgroup pulldowns
    would never populate with any entries that had a null value for subgroup.
    (Note this bug does not occur when the row has merely emptystring” values.)
  • Greatly improved performance of the Browse Sites page by switching to a
    tstats search instead of a raw data search. Also removed the scan only the
    most recent 1000 calls”, as this became obsolete.
  • Added export buttons to two of the panels in Call Detail view, to make it
    easier for users to do deeper investigations and comparisons in Excel.
  • Added reset to default fields” and related links to the 2 Field Pickers in
    the Call Detail views.
  • Improved checklist.conf entries that check our dependencies against Splunk
    version and Sideview Utils version – they no longer erroneously say
    not applicable” when they pass.
  • There is a new mechanism implemented as a check_​single_​value” key in
    fields.conf that activates a health check. If any recent events have
    multiple values for the given field the health check will fail.
  • Cisco CDR now ships its own custom controller to allow admins to update the
    apps own file-based lookups via uploaded csv files.
    (Prior to this release, that functionality relied on the presence of the
    Lookup Updater tool in Sideview Utils.)
  • Replaced all our health checks with checklist.conf stanzas, added a custom
    testrunner to pull those stanzas into our own health check page and run them
  • Removed a number of old obsolete health checks, including the old custom
    headerextractionconfig” search command.

Version 4.1.8 (January 19th2018)

  • Removed the long-deprecated cisco_​cdr” and cisco_​cmr” sourcetypes.
  • Fixed a bug where if callingPartyNumber was null, the countryCode, areaCode
    and all location fields of finalCalledPartyNumber would also fail to extract
    and vice versa.
  • Fixed a bug in Browse Extensions where extensions that matched multiple rows
    in the Groups lookup would not appear in the results at all NOTE: in
    general having extensions match multiple rows in the Groups lookup is not
    fully supported and despite this fix, will still cause a number of problems
  • Fixed a bug in Device Detail where calls with null values for any of the
    three party fields would not be included in totals.
  • Fixed a bug in Device Detail where drilldown clicks on the chart to view
    individual calls, would not show any call legs where any of the party
    numbers were blank.
  • Fixed a bug in the Site Detail view, where changes to the Site pulldowns
    would reset the selected timerange to whatever timerange the Browse Sites
    page had originally had.
  • Fixed a bug where every time the homepage loaded, it would re-insert a row
    into the clusters lookup, telling the user to visit the Clusters page under
  • Removed call types” and the scan only the 1000 most recent” calls from
    Browse Devices.
  • Removed gateway” from the device type pulldown in Browse Devices.
  • across all pages that have it, we reworded the count only the 1000 most
    recent matching records” pulldown’s labels to say scan only the 1000 most
    recent call legs” to more accurately describe how it works.
  • Added a custom search command dnparse that may one day replace the scripted
    lookup parse_​phone_​numbers”. However in our testing the performance lags
    behind the existing scripted-lookup so the app continues to use the latter.
  • Added a check to Browse Calls, for if users put a “*” into the number field.
    Prior to this change they’d actually get considerably worse performance as
    a result. Now it will be the same as if they’d entered nothing.
  • A small change to the code running lookup editors for Sites and Groups – if
    a user edited an individual row previously, empty fields like subgroup would
    be encoded as emptystring values. Now they are proper nulls.
  • For customers who have already set up the TA_​ciscoaxl app, there is now a
    hidden view called setup_​devices that allows them to use Cisco AXL to
    populate a new devices” lookup automatically and make its fields available
    within the Browse and Report views.

Version 4.1.7 (December 6th2017)

  • Fixed a bug in the Gateway Utilization page where the counts would be
    doubled if tandem calls were selected. This bug was unfortunately
    introduced by our changes in 4.1.4.
  • Changed the behavior of the site” field generated by the get_​sites‘ macro.
    Now if the origination and destination sites are the same, the site field
    has only the one value, ie Oakland”. Previously the site field would have
    a multivalue value, ie [“Oakland”,”Oakland”].
  • Added a split by site” option to the Call Concurrency page.
  • Fixed a problem in Setup > Sites”, where the find more sites to add” tool
    did not work properly.
  • on the 911_​calls page, the copy about enabling/​disabling the alert has been
    updated to match UI changes in Splunk 7.0.

Version 4.1.6 (November 3rd2017)

  • Fixed a bug around the advanced Sites lookup customization introduced in
    4.1.5, where if you used the new feature, call_​detail, sites and
    site_​detail pages then wouldn’t extract the sites from the right IP fields.
  • Introduced a hidden view called user_​activity” that local administrator
    users can use to see which of their local users are using which apps and
    dashboards, and what kinds of searches they’re running there.
  • Fixed a bug introduced into the Gateway Utilization page in 4.1.4 where
    if you only had one call type selected it would give an error and not run.
  • Changed the Cluster pulldown on the Browse Calls page to a multiselect
    checkbox pulldown control, so users can select more than one at a time.
  • Fixed a bug where some conditional messaging on the Extension Detail no
    longer worked. If you navigated to the page manually the messaging now
    tells you that you need to enter an extension or DN before the page will
    do anything.

Version 4.1.5 (August 29th2017)

  • Improved our concurrency calculation, which essentially wasn’t accounting
    for a number of seconds at the end of each call equal to the difference
    between the origination and connect times.
  • Gave the number” text fields support for hyphenated ranges of numbers like
    1000 – 1020 for users who want to search for all calls involving a whole
    range of extensions. (Note this required removing a minor feature added
    in 4.1.4 whereby you could paste in DN’s with hyphens in them and it would
    strip out the hyphens as a convenience.)
  • Made a small change to our location lookup to remove the seldom-used
    *AreaDescription fields, that was able to give us a 10x speed improvement
    in search performance when any of the other location fields are needed.
  • Added an advanced customization setting to allow admins to alter how the
    sites lookup works. By default the origIpAddr and destIpAddr fields are
    the ones used, but you can now change this to use other ipAddr fields like
    origMediaTransportAddress_​IP, destMediaTransportAddress_IP

Version 4.1.4 (July 31st2017)

  • Fixed some incorrect charting results in the Call Concurrency and Gateway
    Utilization tool if you were analyzing tandem calls and/​or SIP trunk calls.
  • Fixed a problem where the 911_​calls alert that the app ships with, does
    not extract or display the originating Site field.
  • Added a README file at the root of the app to help catch users who do not
    follow the install docs closely.
  • Added a simple feature to remove hyphen characters on paste, if a user ever
    pastes them into the number” fields.
  • Fixed a problem in the geolocation lookup that broke the value of the
    *AreaDescription fields.
  • Improved the geolocation lookup to present city names in consistent title
    case (previously cities were sometimes upper case, sometimes title case.)
  • Added the ability for administrators to define in conf, what field list
    should be set when end-users click reset to default fields” in the Browse
    Calls page’s Field Picker.
  • Added a copy of the core props.conf and transforms.conf stanzas from our
    Cisco IOS Voice Gateway app, so prospects looking to stitch together
    disparage chains of Callmanager call legs via the voice gateway logs no
    longer have to set up the separate voice gateway app.

Version 4.1.3 (July 11th2017)

  • Updated the libphonenumbers code ( daviddrysdale/python-phonenumbers ) that
    does most of the work around extracting location info from DN’s.
  • Updated the npa-nxx-lata-clli-ocn-location” lookup.
  • the custom_​index‘ macro now defaults to index=”cisco_cdr” instead of
  • Addressed an issue where the fields table on the homepage took a very long
    time to load.
  • Fixed a bug in the 911 calls page, where it wasn’t including the originating
  • added a see full search syntax” link to the 911 calls page, and formatted
    the duration field as 00:00:00 instead of integer number of seconds.

Version 4.1.2 (May 26th2017)

  • Improved behavior out of the box for the scripted lookup that is responsible
    for creating the many geolocation fields like countryCode, areaCode.
    offnet prefixes of 99” are now supported out of the box, and non-numeric
    values no longer result in error messages written to the output fields.
  • If users set up the Sites lookup such that all internal calling parties are
    mapped to sites and thus to lat/​long values, that plus the DN parsing code
    can now reliably geolocate virtually all calling parties across all calls.
  • Fixed bugs in how the filtering fields and pulldowns were working in Browse
  • Fixed a bug with Splunk 6.6, where a diagnostic search run by the app’s Home
    Page would fail with an error saying headerextraction config [HTTP 401]
    Client is not authenticated.”
  • Fixed a regression in Splunk 6.6 where Splunk’s problematic default behavior
    returned whereby it sends all saved report” links to splunk’s generic
    report view. Now this is fixed again, and all saved report links load the
    given report in the appropriate view in the app.

Version 4.1.1 (April 12th2017)

  • Fixed a problem with the internal_​device_​type and device_​type fields where
    for internal calls they would only pick up the values from the orig* side.
  • Added new device_​type value of ccg” to pick up call-control-group devices
    from device names in the form CCG_1211, CCG-1940
  • Fixed a bug in the field picker within Browse Extensions. where if you did
    not select incoming” or outgoing” or internal” as fields, the
    corresponding duration” fields would not be calculated either.
  • Fixed a bug in Browse Extensions where if a given number appeared sometimes
    with one unicodeLoginUserID value, and sometimes with another (or none) that
    there would be one row for each such combination, rather than just one row
    for each number.
  • Workaround for a rare bug in Splunk 6.2 (possibly in subsequent Splunk
    versions but not in 6.5). The bug was that if you had any negative integer
    values of the CMR duration” field, and you had both a CMR field and the
    duration field selected in your field picker, searches in Browse Calls
    would fail with the cryptic error invalid number”.
  • the Define Sites” and Define Groups” pages now have significantly more
    useful functionality within the Find Sites to add” tab, and the Find
    Extensions to add” tabs, respectively.

Version 4.1 (February 21st2017)

  • Added new view Browse Extensions/DN’s” and its associated detail view.
    This can be used for a variety of use cases around call volume reports
    to and from internal parties and groups. Note that this replaces the older
    and simpler Browse Phone Numbers” page and Phone Number Detail” which
    have been removed.
  • Made a change to the default 911_​calls alert to workaround a problem where
    the server would send an email every few *seconds* once a 911 call went
    out, instead of only one email per call as expected.
  • Fixing the Concurrent Calls report so that the dropped calls panel also has
    a view results” link, so as to make it easier to save as an alert.
  • Performance improvements to the Concurrent Calls report.
  • Removed all the old example” savedsearches because they have all since been
    replaced by better examples in the field gallery table.

Version 4.0.7 (January 25th 2017)

  • Added a new page for 911 calls, under Browse”. There is an associated
    savedsearch that can be easily turned into a realtime alert.
  • Added a safeguard so that if the deployment is from a version where the
    CMR data also has a duration” field, that this will be reflected as a
    field called cmr_​duration”, rather than appearing as confusing second
    and third values for duration” in the Browse Calls table.
  • Added some logic for the huntPilotDN field for the cases when the field is
    undefined in the raw CDR. Specifically if calledPartyPatternUsage is 7”,
    then the app now infers correctly that finalCalledPartyNumber represents
    the huntPilotDN (as per cisco docs).
  • Added lookup for patternUsage, creating new fields
    calledPartyPatternUsageDescription and calledPartyPatternUsageName
  • added lookup for mobileCallTypes to identify mobility features invoked,
    creating the new field mobilityFeature
  • Added lookup for routing reasons, creating the new fields
    lastRedirectingRoutingReasonName, origRoutingReasonName, and
  • Added all fields mentioned above to field gallery, plus more than 70
    additional fields.
  • Reworked the field gallery on the homepage to give it additional filtering
    and search controls. You can now choose to see 1) fields present in raw CDR
    vs those added by the app. 2) fields that are in your indexed data vs not.
    There is also now a search field that you can use to match any entered
    search string against field name and description text.

Version 4.0.6 (November 11th2016)

  • Removed 2 unused calculated fields in props.conf that were triggering
    CalcFieldProcessor WARNS in splunkd.log
  • Performance optimizations on the scripted lookup that parses country code,
    area code and exchange out of DN’s.
  • Parametrization of the scripted lookup for DN’s to support customers who
    have unusual dialing prefixes for outside lines.
  • Many improvements to the Define Groups” documentation.
  • A bugfix to the system that checks whether the Sideview Utils app is
    not installed at all. Now a better error message displays instead of a
    simple but confusing alert.
  • Fixed a bug where if you specified a Groups lookup with the number, name
    and group fields but omitted the subgroup field, then every time the app’s
    homepage was loaded, the lookup would get obliterated.

Version 4.0.5 (September 23rd2016)

  • Reversed the order of the raw call legs table in Call Detail. Although
    this makes it inconsistent with Browse Calls, we all seem to still
    expect the first leg to be first and last leg to be last.
  • Added a gantt-style visualization of the N call legs to Call Detail. This
    visualization only appears for calls with more than one leg.
  • Added new fields callingPartyLATA, callingPartyOCN, callingPartyCompanyType
    and the corresponding fields for finalCalledParty.
  • Restored some important messaging on the Create Data Inputs page, that
    warns the user that when they submit the form to create the data input, the
    files being indexed will be at the same time deleted from the filesystem.
  • Added new field duration_​elapsed. This field value will contain the number
    of seconds between the connectTime of the earliest call leg to connect, to
    the disconnectTime of the last call leg to disconnect. This field can be
    used in General Report and Browse Calls, but not yet in Call Detail.
  • Renamed total_​duration field (introduced in 4.0.2) to duration_​total so that
    it will always appear alphabetically next to duration and duration_elapsed
  • The legs” field (introduced in 4.0.2) will now appear in field lists
    throughout the product.

Version 4.0.4 (July 20th2016)

  • Replaced the FlashChart modules used throughout the app with JSChart
    modules. (Splunk’s FlashChart module has developed some bugs in certain
    browsers and flash plugins whereas JSChart’s once-problematic axis labels
    are now much improved.)
  • Added a few missing fields to the field_​gallery so they will appear not
    only in the report gallery but also in reporting pulldowns and field
    pickers. – fields are finalCalledPartyCity, finalCalledPartyState,
    finalCalledPartyZip, originalCalledPartyGroup, originalCalledPartyName,
    and originalCalledPartySubgroup
  • Bug fixed in the data input wizard’s error detection. Previously if your
    directory already had a data input but it also had no files therein, you
    would get the warning about no files, not the more important warning about
    the previously existing input.
  • Added interactivity to the Call Concurrency page so that you can now click
    the main call concurrency chart and see a second chart below showing you
    the call concurrency within that much shorter time range.
  • Fixed a bug in Gateway Detail where the first chart didn’t load.
  • Fixed a bug where 2 seldom used fields from the CMR, directoryNum and
    directoryNumPartition were erroneously listed in the app as directoryNumber
    and directoryNumberPartition. This caused them to not work in field
    pickers and reporting pulldowns.
  • Fixed a bug that prevented any of the City, State and Zip fields from being
    used in General Report.

Version 4.0.3 (April 26th 2016)

  • Fixed a bug in the Data Input wizard where on windows it would fail to
    detect pre-existing data inputs if the casing of the path you entered
    didn’t match exactly.
  • Fixed a bug in the Data Input Wizard where if you had more than 30 existing
    data inputs on a standalone indexer, it might not detect that you were
    about to create a data input on files that are already being indexed by an
    existing data input.
  • Sinkhole inputs created by the data input wizard will now set crcSalt to
    “” to avoid all bugs and catch-22’s around initCrcLength being
    too low or too high.
  • To help existing customers index data that has been orphaned on the
    filesystem by initCrcLength catch-22’s, initCrcLength has been lowered
    to 1500 for cdr and 1000 for cmr.
  • Added max_days_ago=365 to sourcetype config to make it easier to index
    archived data.
  • There is a new field called number” that is the union of callingPartyNumber
    originalCalledPartyNumber and finalCalledPartyNumber
  • the callId” field is now created automatically instead of extracted by the
    UI explicitly using the app’s get_​call_​id‘ macro. This is just to simplify
    some underlying search syntax and has no other significant effect.
  • Workaround for a bug in Splunk 6.4, whereby our preexisting patch to
    workaround a *separate* bug in the Splunk Navigation bar, now has to be
    wrapped in a require call. (see dashboard.js)
  • Replaced the lookup config to generate originalCalledPartyName,
    originalCalledPartyGroup and originalCalledPartySubgroup, which had been
    removed with the thought that it was never interesting.
  • added new field name” that is the union of callingPartyName,
    originalCalledPartyName, and finalCalledPartyName
    > added new field group” that is the union of callingPartyGroup,
    originalCalledPartyGroup and finalCalledPartyGroup
  • added new field subgroup” that is the union of callingPartySubgroup,
    originalCalledPartySubgroup and finalCalledPartySubgroup
  • Fixed a bug in Browse calls where if you were not actually searching for
    a particular IP address field, but you had that field in your field list,
    and you didn’t have the location or sites field active, and you were on a
    CUCM that stores ip’s as long integers, you’d see the unconverted integers
    in your Browse results.
  • Fixed a bug where if you were using the advanced” field in Browse Calls,
    the app would not realize it had to carry along those field names and run
    any required SPL extractions for thoe fields in your expression.
  • Added/​Modified the ip_​addr field” to now be available in the app UI, and
    hold the union of all the various IP address fields.

Version 4.0.2 (March 11th2016)

  • Added new field to the UI called initialCalledParty”, initialCallingParty”,
    terminatingCalledParty” and terminatingCallingParty”. For multi-leg calls
    these represent the appropriate parties from the initial/​final call legs.
  • Added new field to the UI called total_​duration” that adds up the duration
    values from all of a call’s individual call legs.
  • Added a new field to the UI called transfers” that represents the number
    of call legs within the given call that show a termination cause of call
    split”. This field is available in both Browse Calls as an additional
    column, and also in the Reporting UI.
  • Added a new field to the UI called legs” that simply represents how many
    call legs the given call has.
  • Added a field called on_​hook_​party”. If the last call leg was
    terminated by the caller going on-hook, this is caller”. If the last leg
    was terminated by the receiver, this is recipient”. For calls that don’t
    connect the field will be null.
  • ~30% speed improvement for General Report to only get CMR data if
    one or more CMR fields are actually involved in the report.
  • modified the machinery that initially creates the Groups lookup, so that it
    will not interfere with customer attempts to add new fields to the lookup.
  • Added finalCalledPartySubgroup and callingPartySubgroup to the field_gallery.
  • Changed the default Groups lookup to also have an optional subgroup” field
    as this field has proved useful to some customers. The field will also get
    automatically added to any rows in existing customer lookups.
  • Fixed a bug where the raw call legs table in Call Detail view would list
    the time as the last column in the table instead of the first.
  • Fixed a bug where the General report page would see groups fields like
    callingPartyName/​callingPartyGroup and think it had to run the very
    expensive location extractions.
  • Fixed a bug in Browse Calls where if you had the count only” pulldown set
    to all records” for your session, when you clicked into Call Detail and
    then clicked the breadcrumb to get back to Browse calls it would reset to
    count only the 1000 most recent matching records”.
  • Fixed a small class of bugs that concerned when a single report was
    filtering and/​or reporting by one or more IP Address fields *and* one or
    more site fields.
  • Fixed a bug in the Browse Calls view where Graph calls over time” wouldn’t
    pass along your selected value for the Cluster pulldown.
  • Optimized the DN-parsing lookup to not process originalCalledPartyNumber
    since this was never being used and removing it speeds up a very
    expensive lookup by about 50%.

Version 4.0.1 (February 18th2016)

  • Browse Devices now has a sites pulldown that you can use to see only the
    devices from one or more of your defined sites or locations.
  • Setup Sites now has a tab to help you find devices, extensions, DN’s and
    Ip Addresses that are not matching any of the sites you have defined so far.
  • callingPartyGroup, callingPartyName, finalCalledPartyGroup and
    finalCalledPartyName will now appear in all field menus without having
    to wait for the daily scheduled search that finds new custom fields
  • Modification to the data health checks so they complete in reasonable
    time on hosts with *only* legacy sourcetype data.
  • Fixed a regression in 4.0 where the app’s Create Data Input Wizard would
    index the CMR records with the cucm_​cdr” sourcetype instead of cucm_​cmr”
  • Resolved a performance problem on Call Detail view which in some cases
    caused the page to hang.
  • Fixed a problem where the links to the Splunk Admin UI would result in
    page not found’ errors.
  • Deleted 6 hidden gitignore/​cvsignore/​svnignore files from the libphonenumbers
    directory so they don’t trigger splunkbase/​cloud appcert/app-vetting checks.
  • Fixed a bug where if you saved a report or created a dashboard panel from
    the Call Concurrency and Gateway Utilization tool and then tried to re-run
    that report later, it would fail to repopulate the pulldowns correctly.
    (Note that reports saved prior to this fix would have to be recreated in
    order to have the correct loading behavior in the UI.)
  • Fixed a bug in Call Detail view where if you had a field displaying in the
    upper right panel and that field had multiple values, it would show only
    the value from the most recent call leg instead of listing all the values.
  • removed answered” and missed” from the Browse Phone Numbers page as these
    numbers as calculated were a little misleading for calls with more than
    one call leg.
  • Fixed a bug where in the Browse calls page you couldn’t search for
    duration greater or less than a particular number of seconds.
  • Some adjustments to the design of the save/​create controls and the Edit
    Fields button in the Browse Calls page.
  • The Browse calls page now has a graph calls over time” link that switches
    you over to the General Report page, preserving your filtering arguments.

Version 4.0 (January 27th2016)

  • The App’s name has been changed from Splunk for Cisco CDR” to
    Cisco CDR Reporting and Analytics”.
  • Changed the Data Input wizard and documentation to now create and recommend
    batch aka sinkhole data inputs only. This removes the need to create
    shell scripts to delete older CDR and CMR files.
  • Splunk’s AppBar module has been patched within this app to resolve a
    problem where the module stopped using Splunk’s “@go” URL system. This had
    the effect of preventing all our app’s saved reports from loading in the
    proper view (ie browse or general_​report). With this change, all saved
    reports will once again reload back in the view in which they were saved.
  • Added first version of sourcetype configuration for AlternateSyslog.
    Contact us for more details.
  • Modified one of the data health checks so that it wont be triggered by
    other non-cdr sourcetypes living in the app’s index.
  • Added a new field internal_​device_​type”, useful for doing reports around
    device utilization where gateway” isn’t a useful device-type to have.
  • Added a new field site” that combines origSite and destSite, useful for
    various reports split by site that need to combine both sites from inbound
    and outbound parties.
  • Added many new sample reports for various fields.
  • Reorganization of the homepage to help trial users get started and also
    provide simpler more functional content for paid users.
  • Some rounds of optimization to trim out unnecessary search language that
    the reporting and Browse pages were inserting.
  • On the Site Detail page, removed User busy” and unallocated number”
    from the unusual call termination reasons” timechart.
  • On the Site Detail page, enabled drilldown on the Unusual call termination
    reasons” report that now takes the user directly to see the actual calls.
  • On the Site Detail page, enabled drilldown on the Site to Site concurrency
    timechart report that takes the user directly to see all calls in
    progress at that moment.

Version 3.7.1 (November 23rd2015)

  • Fixed a regression in the number” field in Browse Calls whereby the
    resulting search would be invalid.
  • Corrected language in help text and health checks that referred to the file
    extension on the downloaded app package as *.tar.gz rather than *.spl.

Version 3.7 (November 19th2015)

  • In Browse Calls, the user can now edit and reorder the fields shown in the
    tabular results. This supercedes the include” pulldown which has been
    removed in this release.
  • in the Call Detail, the user can now edit and reorder the fields shown in
    the call legs” table.
  • in Call Detail view call legs” table now indicates next to a calling or
    called party when that party terminated the leg by going on-hook.
  • in Call Detail view, the call legs” table is now above the other calls
    to/​from” panels.
  • When clicking the see calls” link in General Report to peek at the calls
    themselves in Browse Calls”, if you are using a quality field or a
    location field, the UI no longer warns you that the field is not active, it
    instead automatically includes it in the results for you.
  • Fixed a bug where if Splunk indexed a given call’s legs out of time order,
    the start time assigned to the call by the app might actually be the time
    for one of the subsequent call legs. This problem was always there to a
    certain extent but is a lot more common in Splunk 6.3 due to an
    undocumented SPL behavior change.
    NOTE: this problem also causes a bug where the drilldown from Browse Calls
    to Call Detail view results in Call Detail view loading empty.
  • An optimization around the call types’ pulldown – if all 4 types are
    selected and there are no other searchterms it now skips running any
    subsearch thus speeding up these cases significantly.
  • Browse Calls page now lists multiple duration values for multi-leg calls.
  • sites_​lookup” macro renamed to get_​sites” for consistency.
  • Fixed a problem on Site Detail page where the only 10000 events” pulldown
    was being ignored.
  • Some minor improvements for users who find themselves searching for raw cdr
    events in the search page — added a Workflow action to get to Call Detail
    and a better default selected field list.
  • Changed how the various default device type extractions were configured so
    that now they can be edited from the Splunk Admin UI without throwing an
    erroneous error on submit.
  • Relaxed a Health Check that was looking for issues around indexed headers,
    such that it no longer searches other Splunk indexes as well.
  • Added entries to the help table for the fields around sites and also around
    the to”, from” and quality” columns on the Browse Calls page.

Version 3.6 (October 6th2015)

  • Reworked the base events macros to workaround sporadic bug in 6.2 on
    windows where type and eventtype fields stop working properly in search.
  • Fixed a problem on Call Detail page where calls involving extremely common
    calling or receiving parties were triggering extremely expensive and slow
    searches on the other calls to/​from” panels.
  • Updated General Report to include the site and subnet fields (destSite,
    origSite, destCidr and origCidr) in the reporting pulldowns.
  • Updated Browse Calls to work properly and give appropriate warnings if the
    user uses site and subnet fields in the misc search terms” box.
  • Updated Sideview Utils required version to pick up an improvement around
    CheckboxPulldown having its options deselected by default. This resolves
    a problem where the show location/​quality pulldowns would reset themselves.
  • Added 5 new lookups to create readable description fields for the 5
    onBehalfOf” fields in UCM CDR.

Version 3.5.4 (Aug 14th2015)

  • Added the Sizing Calculator page.
  • Devices listed on Call Detail pages are now linked to Device Detail.
  • lookups are now explicitly scoped to run on the search head in distributed

Version 3.5.3 (May 26th2015)

  • renamed the report” view to general_​report” so that standard Splunk
    dashboard/​report interactions in 6.2 that are trying to go to the core
    report” view can work properly again.
  • Added a Data Health Check to catch savedsearches.conf content saved with
    report” that should be manually changed to general_​report”
  • Browse calls page now loads with neither locations” nor call quality”
    selected in the include” field. This results in much faster page loads
    although users who liked the Locations on by default will now have to
    turn them on manually.

Version 3.5.2 (May 21st2015)

  • Restored a few fields inadvertently screened out of General Report’s y‑axis
  • Changed fields in CSV and JSON exported from Browse Calls, so that duration
    is listed in seconds (instead of [D] HH:MM:SS), and to make timeformat
    more standard.
  • Added key pages and resources for Site Detail” and Setup Sites” pages
    which had been accidentally excluded from the trial download.

Version 3.5.1 (May 7th2015)

  • Fixed behavior when multiple extensions were entered comma-separated in the
    number” fields. Now calls will be matched whose call legs contain any of
    the given extensions, rather than all of them.
  • Added a setup view for the user to define their sites and offices based on
    ip addresses, specifically by subnets given in CIDR notation.
  • Added Browse Sites” view and a detail view that shows site-to-site
    concurrency information.
  • Reversed order of orig_​and dest_​gateway fields in Browse Calls.
  • Added index-time transform so that the useless INTEGER,INTEGER..” headers
    are no longer indexed.
  • In General Report, it is no longer possible to create nonsensical
    combinations of options such as distinct count of duration” or
    sum of orig_gateway”.

Version 3.5 (April 7th2015)

  • Charting Pulldowns to select fields now load much faster in reports.
  • When duration is displayed in Browse Calls and Call Detail views, it now
    appears formatted as 00:17:30” rather than as a raw number of seconds.
  • the see search syntax’ links now use the default search view rather
    than the app’s custom charting” view.
  • Call Detail view loads much faster because its searches are restricted
    to the times the call legs occurred, plus an extra day on either side.
    This makes the other calls to/​from” tables much faster to render.
  • The other calls to/​from” searches on Call Detail view are further sped up
    by no longer retrieving and collating CMR data.
  • Fixed a rare bug whereby calls that had null values for the
    dateTimeDisconnect” field would not render properly in the Call Detail view.
  • on Call Detail view, removed null non-CMR fields that were showing up in
    the Call quality information (CMR)” section.
  • Changed to consistently follow Cisco’s definitions of numberPacketsLost.
    As of this release numberOfPacketsSent – numberOfPacketsReceived will not
    necessarily equal numberPacketsLost because the latter doesn’t include
    late packets or duplicates.

Version 3.4.6 (February 16th2015)

  • Fixed a regression in the Browse Calls page where if you filtered by an
    extension or DN, you would only see call information from the subset of
    call legs that contained that DN.
  • added device_​name and ip_​addr fields that for each call leg, are the union
    of the corresponding orig* and dest* fields.
  • Improved logging in the data input setup wizard.
  • Fixed a critical bug in the data input wizard where, for single-indexer
    mode, if you happened to not create an index with the default name
    cisco_​cdr”, the setup page would fail to load properly.
  • Fixed a bug where Call Detail view would not render certain times properly
    for calls that had more than one call leg.
  • multiple calling and called parties listed in Call Detail view are listed
    in the order in which they appeared, (no longer sorted numerically).
  • Fixed a bug in Gateway Detail view where the drilldowns from a given Call
    Release description over to Browse Calls always returned zero results.

Version 3.4.5 (February 4th2015)

  • Fixed a bug where users without administrative privileges would get a
    strange error message at the top of the app homepage. Client is not
    authorized to perform the requested action”.
  • Fixed a bug where very large groups files would get truncated to
    10,000 rows when an admin user hit the homepage.

Version 3.4.4 (January 29th2015)

  • Fixed a bug in the data health check detection, whereby the check for the
    custom_​index macro was not restricted to just the local search head.
  • Packaged a TA_​cisco_​cdr” app within the main app. This app is now the
    recommended app to push out to indexing and forwarding tiers.
  • App is now aware of the user’s geographical locale when rendering times and
    dates. eg if you have en-GB” in the locale portion of your URL, you will
    get dates rendered as dd/​mm/​yyyy” instead of mm/​dd/​yyyy”.
  • Fixed a bug introduced in 3.4.1 to the Concurrent Calls and Gateway
    Utilization tool, where the granularity accidentally was lowered to Splunk’s
    default granularity for timecharts.
  • Edited the Data Input Setup flow so that it now also gives full setup
    instructions for distributed deployments.

Version 3.4.3 (December 18th2014)

  • Fixed a bug in the data input setup wizard where the custom_​index macro
    would get set to index=”main” erroneously.
  • Improved handling in the data input setup wizard if the end-user enters
    the path with some slashes or backslashes that are not appropriate for
    their platform, or if they leave a trailing slash on the directory.

Version 3.4.2 (December 15th2014)

  • Fixed a bug where if you used them as filtering search terms, the
    device_​type, and *_​device_​type fields would not work reliably.

Version 3.4.1 (December 12th2014)

  • Corrected a small but longstanding known error in the Concurrent Calls and
    Gateway Utilization tool. where the concurrency displayed towards the
    right side of the chart would be a small delta higher than the actual
  • Added device_​type” as a field in the app, and also as a field in the
    Concurrent Calls and Gateway Utilization tool.
  • The interactive chart of calls over time shown on the Phone Number Detail
    page is now split by type (ie outgoing / incoming / internal)
  • Improved out of the box extractions for device types like uccx unity-vm.
  • Added device_​type as a field in the Browse Devices page.

Version 3.4 (November 24th2014)

  • Built a new Data Input Wizard to both simplify the setup experience and
    keep users away from the confusingly different admin sections in 6.2 vs
    6.1 vs 6.0 vs 5.0 Splunk versions.

Version 3.3.2 (November 10th2014)

  • Fixed a bug that affected both Browse Devices and Device Detail, where in
    deployments with no unicodeLoginUserId values, key tables would be blank.
  • Fixed a bug where in the Browse Calls page the from/​to fields were sometimes
    empty. This only affected version 3.3.1.

Version 3.3.1 (November 5th2014)

  • Fixed the dependency error detection so that once again helpful errors are
    displayed for instance if the Sideview Utils app is not installed.
  • Fixed a bug introduced in 3.3 where in the Browse Calls page if you set the
    count only the” Pulldown to all records”, it would only retrieve 10.
  • Back by popular demand, Browse Calls now has a cluster” pulldown again.
  • Improved a number of cases where location fields weren’t being added.
  • Fixed a bug in Browse Calls, where if terms in other search terms”
    applied to different call legs, those calls would not be returned.
  • Fixed a bug introduced by Splunk 6.2 where the textfield in the app’s
    Charting view was only a single line and could not be enlarged.

Version 3.3 (September 24th2014)

  • In the number” field in Browse Calls or General Report, you are no longer
    limited to a single number or wildcarded prefix. You can now enter space-
    or comma-separated numbers or extensions.
  • Replaced the 2 release code description fields displayed in Browse Calls
    with our single overall release code field.
  • Optimizations to increase reporting speed if call types are selected.
  • Call type element on Browse Calls is now a checkbox pulldown.
  • Call Detail view now includes at the bottom the complete set of call quality
    field values from the CMRs.
  • Browse Calls now allows you to optionally see and search on location data
    like city,state,country as well as call quality data.
  • Cleaned up geolocated city names to be consistently title-cased.
  • When clicking see calls” from reports that use either location or call
    quality fields, the relevant extra fields will be enabled in Browse Calls.
  • When clicking from Browse Calls into Call Detail and then using the
    breadcrumb link to return, now the user’s filtering selections are retained.
  • If when a report loads, there are no matching calls at all, the fields and
    charting pulldowns disappear and you get a message saying that no calls were
    matched. Formerly the pulldowns would load in an unusable state.

Version 3.2.1 (July 31st2014)

  • Interaction and usability improvements to the Device Detail page.
  • Improved fields displayed by default on Call Detail page.

Version 3.2 (July 29th2014)

  • Improved sample reports that ship for the call quality fields.
  • Added first version of Browse Devices and Device Detail drilldown.
  • Fixed a bug in the charting view where if a user saved a report here it
    would not run correctly later when run from manager or from the app menu.
  • country code, area code, exchange and geographical location now appear as
    core fields in the reporting interface.
  • Homepage fields and sample reports table rewritten to workaround rendering
    problems seen on some customer installs.
  • Ongoing improvements and additions to sample reports listed on home page.

Version 3.1.5 (April 2nd2014)

  • Patched a problem in the underlying Splunk search language whereby certain
    fields like duration’ would sometimes disappear from the fields pulldowns
    on Splunk 6.
  • fixed our field seconds_​until_​answered so it can never come out negative.
  • Found and fixed some mistakes in some of our sample reports.
  • Added new fields cause and cause_​description that will be whichever
    of origCause and destCause is nonzero. Thus cause_​description is the
    overall termination error for the call, regardless of which side ended it.
  • Added a duration_​in_​minutes” field.

Version 3.1.4 (March 31st2014)

  • Added a new setup page that talks about the need to create a script
    that periodically deletes files older than 3 days from the monitored
  • Added a check to the Data Health Checks page that looks for significant
    indexing lag.
  • Fixed a regression in the Browse Phone Numbers page where numbers entered
    into the number” field would not filter the results.

Version 3.1.3 (March 20 2014)

  • Fixed a bug whereby phones making outbound calls through sip
    trunks would get misinterpreted as gateways.
  • Fixed a recent bug where CMR fields had stopped appearing in
    the list of fields in the Report Builder.

Version 3.1.2 (March 19 2014)

  • Added call-type and gateway pulldowns to the Busy Hour Calculator
  • Added a per gateway” mode to the Busy Hour Calculator
  • Renamed Gateway Utilization page to Call Concurrency and Gateway
  • Added a type pulldown to Gateway Utilization report thus allowing
    the report to be run on any combination of incoming/​outgoing/​internal
    or tandem calls.
  • Added a multiselect pulldown to Gateway Utilization report allowing the
    report to be run over specific gateways when relevant.

Version 3.1.1 (February 17 2014)

  • Added a simple Busy Hour Calculator page where you specify a timerange
    and it gives you the BHT in Erlangs.
  • Improved design and behavior around the See calls” link in reports.
  • Fixed app icon display problems in Splunk 6

    Version 3.1 (February 112014)

  • Added a concurrency reporting interface, that you can use to analyze
    concurrent inbound calls and outbound calls split by gateway.
  • Fixed a bug in the system that generates AutoHeader field extraction rules
    where FIELDS and DELIMS keys would be outputted in lowercase.
  • Fixed a bug in the homepage report gallery where complex reports whose
    search language involved quote characters would not run properly.
  • Added a new calculated field called seconds_​until_​answered”. This field is
    defined only for calls where call_answerable=1 and call_answered=1
  • Added 2 new calculated fields hour_​of_​day and day_of_week.
  • Fixed a bug where the selected cluster wasn’t passed if you drilled down
    on a table row in the Report page.
  • Added international country code, areacode, and exchange fields to the
    Example Report table on the homepage.
  • Added a call type” pulldown to the browse and report pages that allows
    you to easily restrict to just incoming/​outgoing and internal calls.
  • Added a See calls” link to the report page that allows you to go from
    filtering and reporting and drilling down in the Report page, to quickly
    browsing and investigating the underlying space of calls.

Version 3.0 (November 8th 2013)

  • Added a new view Browse Phone Numbers”, by which you can browse phone
    numbers of inbound callers as well as internal Extensions and DN’s.
  • Added a new wizard and new sourcetype configurations to not only allow
    out of the box indexing with Splunk forwarding and distributed search,
    but to set indexing properties through a wizard UI.
  • Added lots of error detection to streamline user experience around
    common misconfigurations.
  • Added new fields to differentiate hardphones vs jabberphones vs softphones.
  • Added new fields to differentiate video calls from audio calls.
  • Added new field type” to denote call type – incoming, outgoing, internal
    and tandem.
  • Added first version of scripted lookup to parse country code, area code
    and geographic locales, along with US lookups to zipcodes and lat/​long

Version 2.4.2 (July 26 2013)

  • Fixed a bug in browse gateways’ where the page was not incorporating any
    terms the user might have typed into misc search terms”

Version 2.4.1 (July 8 2013)

  • Improved gateway field extractions to extract dest_​gateway and orig_​gateway
    fields for non-MGCP gateways. Added new fields called dest_​mgcp_​gateway
    and orig_​mgcp_​gateway that are only populated when appropriate.
  • Added a new gateway type’ Pulldown to the Browse Gateways page.

Version 2.4 (April 10 2013)

  • changed required Splunk version to 5.0
  • Updated report builder to use splunk’s new fieldsummary command, as this
    very significantly improves performance in the reporting interface.
  • Added new gallery table discussing each field in the CDR and CMR data
    along with docs and example reports for each.
  • reworked all varVQMetrics and gateway field extractions to happen
    automatically so as to simplify the underlying search language.

Version 2.3.1 (March 26 2013)

  • fixed a bug in the reporting interface where you could not search for
    fields values in CDR or CMR and then report on fields from the other.

Version 2.3 (March 8 2013)

  • added get_​gateway_​fields” macro
  • added Browse Gateways page
  • added Gateway Detail page
  • added MLQK and other advanced quality metrics as field options in reports.
  • made MLQK and other advanced quality metrics available in call_​detail view.

Version 2.2.2 (December 4 2012)

  • Switched to Table module so as to allow hiding the clusterId/​callManagerId/​
    CallID fields on all detail tables.
  • Fixed a bug where the UI would sometimes ignore Extensions entered in forms.
  • Added duration to the default field list on detail tables.
  • Added ability to tab between table and chart and both in report view.
  • Greatly improved the time to render the fields pulldowns in report view.

Version 2.2.1 (November 1 2012)

  • Improved the initial install experience to transparently create the groups
    and clusters lookup when they are initially absent.

Version 2.2 (October 30 2012)

  • Completely reworked the setup flow and the installation process.
  • Updated the app to workaround issues in Splunk 5.0 around saved search names
    in “@go” URLs. This app now requires at least Sideview Utils 2.2.4.
    See release notes for Sideview Utils 2.2.4.

Version 2.1.1 (September 28 2012)

  • fixed a bug in the report view where if you used one of the IpAddr fields
    as your x‑axis but didn’t use one as your split-by, you’d get an error.
  • improved the report view so that changing charting properties doesn’t rerun
    your entire report.
  • Fixed Call Detail’ and Phone Number Detail’ views so that if users happen
    to go to them directly from the menu, there is a message prompting them to
    enter a CallID or Extension as appropriate.
  • added print button to the browse sessions view.
  • improved print output (only if you’re on Sideview Utils 2.0.10 and up).
  • removed globalCallID_​CallID’ from the field list because more often than
    not the reports around it are confusing, and the default CallID’ field is
    a better field to use anyway.

Version 2.1

  • fixed a bug in the automatic error-detection that was detecting
    misconfigured field extractions. (The logic was right, but the link it
    gave you to export the csv was slightly wrong.)
  • added see search syntax’ links to the browse view.
  • Updated some Pulldown params that were using older legacy param names.
  • Added new export, print, info functionality to browse and report views.
  • added better save search’ functionality to browse and report views.
  • added create dashboard’ and create alert’ functionality to report view.
  • User interface improvements to the chart view.
  • Reorganized saved report and saved dashboard menus.
  • Removed the contact us’ form.
  • Improved drilldown behavior in the Report Builder.

Version 2.0.1

  • fixed a bug where the originalCalledPartyNumber(s) did not display correctly
    on the call_​detail page.
  • fixed a bug where the other calls to/​from the recipients would not always
    highlight correctly.
  • Added a sort by’ field to the report interface. It shows up only when
    you’re running a non-timechart report with no split-by.
  • Fixed a bug in the charting view where the chart would always be visible.
  • Changed the MLQK example links from the homepage to go to the charting
    view to be less confusing.
  • added the save/​play/​pause/​finalize controls to the charting view.

Version 2.0 (May 022012)

  • fixed a bug in some views where if you used the form fields to filter by
    Extension, the filter would not be applied properly.
  • Fixed a bug where from the browse’ view you had a menu option to save the
    current report, but it didn’t work properly.
  • General improvements to pivoting and redirecting cleanup of the code now
    that we have Sideview Utils 2.0 underneath.
  • Fixed a bug in the ip address conversion where IP’s whose last quad was less
    than 10 didn’t get converted properly.
  • interaction improvements to all views.

Version 1.2.2 (Feb 172012)

  • Had to fix a mistake in how the setup screens redirected you through the flow.

Version 1.2.1 (Feb 152012)

  • The installation docs have been completely rewritten, *very* significantly
    expanded, and mostly moved to our website. See for yourself at
    https://​side​viewapps​.com/​apps/… While the in-app
    documentation has also been completely updated, it largely directs the
    user to the website documentation.

Version 1.2 (Feb 022012)

  • significant changes and rewrites to fix bugs and issues with Splunk 4.3.
  • significant changes and rewrites based on more search language performance
    testing at high data volumes.
  • lots of improvements and minor bugfixes to the custom reporting view.
  • new simpler more usable homepage
  • customers can now specify a custom index during app setup.
  • fixed various bugs in the call_​detail view, in cases where there was more
    than one finalCalledPartyNumber
  • fixed a bug where you couldn’t actually run any reports if clusterId or
    callManagerId was specified as a field.
  • added a cluster lookup, related wizard page to regenerate it from indexed
    data, and filtering pulldowns in Browse and Report views
  • Fixed a bug where the automatic redirect to the qos threshold page wouldn’t
    work properly.
  • Added a JobStatus module to both Browse and Report views, so customers can
    now pause and cancel searches inline.
  • Added save controls to the Browse page, so it effectively becomes a simple
    call report”, operating on just the CDR data.

Version 1.1 (Jan 272012)

  • major rewrite of browse and report views, including major changes to search
    language used in macros. These changes were to workaround serious performance
    problems seen in larger data sets. – added a call legs’ section to the
    call_​detail view. – fixed a bug where the app would not warn the user
    correctly when the Sideview Utils app was not installed – fixed a bug around
    IP address conversions. – numerous other small fixes and improvements.

Version 1.0.9 (Nov 302011)

  • Added functionality around a lookup that adds group names and user names into
    the records. Incorporated guided setup around this feature into the existing
    setup wizard. Note that this can also be used to generate reports about *all*
    Extensions regardless of activity. I only added a hint about this to the app
    itself, but once you get the hang of it it’s quite straightforward.

Version 1.0.8 (Oct 252011)

  • CallManager CDR and CMR data has several fields which are IP Address values,
    however it encodes these values as integers. The app now has functionality to
    automatically convert the integers back into IP Addresses. Specifically, when
    you use any of the ip address fields in reports, as either the split-by’
    field or as the x‑axis field, it will correctly display the values as IP
    addresses. Also on the call_​detail view, when those fields are displayed in
    the rightmost panel they will appear as IP addresses now.

Version 1.0.7 (Oct 202011)

  • added a new lookup for video codec types,
  • fixed a bug in browse” and report” views where the search filter would not
    filter overall calls, but individual CDR and CMR rows. The filtered results
    will make a lot more sense now to end-users.
  • added a new field called call_​connected’, which is True or False or null.
    The value is derived by looking at the overall call release cause codes.
    (null represents records where no call was attempted)
  • made a new field called callID that is the callID plus the callManagerId,
    separated by a “.”
  • the report view’s main reporting pulldown now defaults to distinct calls’
    instead of dumping the user at distinct count of authorizationLevel’ and
    hoping they figure it out.
  • The flow around the contact form has been slightly improved.
  • added back-button and forward-button support to the browse” view.
  • re-running guided setup will no longer force you to contact sideview a second time.
  • Upped required version of Sideview Utils to pick up other bugfixes.

Version 1.0.6 (Sep 282011)

  • The app now includes a view for Quality of Service reporting, and the app
    has a setup screen offering configurable thresholds for QoS by
    numberOfPacketsLost, jitter and latency. Also the functionality whereby the
    appname and app version was sent to side​viewapps​.com has been completely
    removed in this version. Instead during the initial app setup screens you
    are asked to send us your name and a brief note.

Version 1.0.5 (Sep 192011)

  • Fixed a problem where the reports could be misleading when you imported data
    from more than one CallManager
  • Added initial version of a scripted lookup that will enable new
    Quality-of-service reporting features. (docs and user interface will come
    soon. Email me if you want to try it out now)
  • Rewrote and reworked the guided setup copy.

Version 1.0.4 (Sep 022011)

  • fixed a bug on call_​detail where as soon as you drilled down to any other
    call you’d only see results from a single second. The call_​detail view is
    much more usable and interesting now.
  • Added see search syntax’ links in various places so customers can see
    how the real searches work.
  • Made those links take you to a new custom view that is a little more
    comfortable than splunk’s normal advanced charting view’.
  • added lookups for call release cause codes, as well as redirect reason codes.
    Now those descriptions are automatically created as fields for each call.
  • Fixed a bug where changing some TimeRangePickers would not do anything.
  • Improved the error detection to not flag configurations where trivial
    off-hook calls generate CDR’s.


Release Notes
Release Notes