Version 8.1.1 (April 4th, 2025)
- Critical — Fixed a class of bugs around using the ‘concurrency’ field in Investigate Calls and Chart. Previously if you were also filtering your calls with searchterms the resulting concurrency numbers would not represent that of the filtered set, but the concurrency within the list of all calls.
- Dashboard panels saved from the Huntgroup Detail and Extension Detail views will now have drilldown enabled, so that users clicking chart elements on the generated dashboards will be taken to the Investigate Calls page with appropriate drilldown arguments selected.
- For large Splunk environments that have implemented workflow management rules, there is now a macro called “customizable_other_notable_indexes”. In some places within the app SPL is deliberately run to look for unexpected data in other indexes with a “| head 1000” on it. This macro defaults to “index=*” but this macro can be set to a specific disjunction of related indexes and thus it can evade Workflow-Management rules forbidding all index=* searches.
- Improvements on the Investigate Extensions page — site will no longer include erroneous “(none)” entries. Resolved a problem with the available fields on the page. Added additional optional fields for loginUserId and partition.
- Added a default device_type extraction for CUPC devices.
Version 8.1.0 (March 14th, 2025)
- Critical Fixed a regression introduced in 7.7.1 where the party numbers analyzed in the Investigate Extensions and Investigate Huntgroups are actually the external party numbers rather than the internal party numbers.
- Functionality — Investigate Extensions now has optional statistical fields available in the Field picker — one for each custom “leg type” the app’s admin has defined, such as “handled” or “transferred_to_voicemail”. Each holds the value of the number of calls where one or more legs involving that extension matched the given leg type definition.
- Functionality — Added 12 new fields — initialCallingPartyName, initialCallingPartyGroup, initialCallingPartySubgroup, and likewise for initialCalled*, terminatingCalling* and terminatingCalled*. Based on the initial/terminating calling/called fields, they expose the lookup values of the lookup group to give name, group and subgroup for those parties.
- The app’s migration script that handles some first-time-run cases like lookup creation, will now retry for up to 60 seconds if the Splunk REST api is a little slow to come up after a Splunk restart. Formerly it would only retry for 20 seconds.
- Fixed an erroneous low-priority health check that was generating a false-positive around timestamp extraction and dateTimeOrigination .
Version 8.0.0 (January 14th, 2025)
- Performance — Searches run in the “Investigate Calls” page, within the “calls” tab, now run approximately twice as fast, with far fewer resources used on the Search Head tier. NOTE: the ordering of multileg calls will be slightly different in this release and going forward. However in addition to enabling the huge performance improvement, investigation has indicated that the change in the leg order is almost entirely for the better.
- Performance — Approximately 10x or more speed improvement when running max concurrency reports in the “Chart” tab, along with vastly decreased resource usage.
- Functionality — Concurrency reports can now be run with “hour_of_day” on the X‑axis. Formerly users could only select “time”.
- Functionality — New index-time fields src_ip and dest_ip that hold the actual ipv4 values of origIpAddr and destIpAddr, in correct cases also falling back to the corresponding origIpv4v6Addr/destIpv4v6Addr values. The existing index time fields origIpAddr and destIpAddr fields are still the signed long integers from the CDR itself. Note this change also is in the TA_cisco_cdr app (The config in this main app only applies to standalone Splunk deployments and is dormant otherwise.)
- Improved phrasing of the autogenerated headers above ad-hoc charts in the Charts tab.
- Fixed a bug in both Huntgroup Detail and Extension Detail around the drilldown clicks into the “Intraday pattern” report on the right hand side.
- Logic to patch the huntPilotDN field (wrt Cisco’s calledPartyPatternUsage=7 problem) now occurs at index-time.
- Fix to the “App Settings > Device Types” page, to allow deletion of custom device types to work on Splunk Enterprise 9.1.X and prior.
- Updated libphonenumbers to 8.13.8
- Updating Splunk Python SDK to 2.1.0.
- Pulled new NANPA data into the “npa-nxx-lata-clli-ocn-location.csv” lookup.
Version 7.7.1 (November 8th, 2024)
- There is a new management page so that admins can more easily and quickly define custom “device types” for classes of devices that CallManager incorrectly identifies as outside trunks or gateways.
- CUBE data ingestion has been reworked and improved to use INDEXED_EXTRACTIONS=csv and thus to have proper index-time fields for the party number fields. This resolves a bug that can happen in some Splunk Cloud deployments where searches for CUBE data fail sporadically.
- Investigate Extensions has two additional fields. “outside_parties” is the distinct count of outside numbers that have called or been called by this extension, and “partition” is the partition that the number is on. If the same extension exists on multiple partitions, they will all be listed (if this happens hopefully they are on different values of callingSearchSpace ).
- New field available in Chart and in Investigate calls, “external_party_number”.
- Improvements to the Call Detail page when displaying multileg calls. Formerly the chart legend would number the legs in reverse order.
- Fixed a problem in the app’s Health Checks page where some of the drilldown searches were not working.
- Fixed a problem where sparsely populated values of a few fields would not ‘line up’ correctly as per the improvement around that issue in 7.7.
Version 7.7 (September 27th, 2024)
- Functionality — Improvements to the Investigate Calls page, when rendering complex multi-leg calls. Previously if you had a field selected that was not populated for all of the legs, the value would render at the top of the table cell, rather than being aligned more correctly with the other values for that same leg in other densely populated fields. Now these sparsely populated values will line up better, making it possible to tell visually which call leg the value is coming from.
- Functionality — Improvements to the Investigate Sites page. The results table now has many additional fields as well as a standard “Edit Fields” control. Also a defect was resolved whereby the call counts in the table previously included the IP’s of trunk and gateway devices, making them larger than the site counts displayed elsewhere in the app.
- Functionality — Customers who ingest data from CUCM via syslog will now automatically see on their Device Detail pages, Registration / Deregistration event history for that Device.
- Functionality — Improvements to the Huntgroup Detail page. There is now a field picker and the table displaying calls now has a ‘create dashboard panel’ button.
- Improved the shipping defaults for what defines “good” vs “acceptable” vs “fair” latency in a call. Previously only calls with <10ms latency were labeled ‘good’. Now good is 0 – 50 and acceptable is 50 – 150.
- Fixed a regression in the Call Detail page, where the absolute ‘bracketing’ timerange used by the page was no longer bounded on the latest side. In some scenarios this could lead certain workload management rules, if they were enabled, to forbid search execution.
- Fixed a bug on the Call Detail page where the timestamps displayed at the top were displayed as epochtime integers rather than as human-readable string times.
- Updated the Splunk Python SDK to the current latest version (2.0.2), although the version we’re upgrading from had no known problems affecting our functionality.
Version 7.6 (July 31st, 2024)
- Functionality — There is now an “Investigate Huntgroups” page along with an accompanying detail page.
- Functionality — In the Call Detail view, the upper right panel now always shows all populated fields and their values, rather than having a field picker to choose an explicit set of fields.
- Fixed a bug where hyphenated ranges of E164 numbers would erroneously get their leading “+” chars stripped when the app created the actual numbers as search tokens for Splunk.
- Improving error handling when lookups with non-UTF8 characters are uploaded. The previous fix would display a helpful error if the problematic character was the start byte. However it was still vulnerable if the problem arose in the continuation byte of a multibyte character.
- Fixed a cosmetic bug in all the app’s pages under Settings where at the bottom of the page there would be two messages often stuck for a while that said “Dispatching…”
- Fixed a bug on the “Enable/Disable Data Types” page where the event count listed for each data type would always be zero.
- Fixed a minor bug in Investigate Calls, where the origSite field would be calculated for inbound call legs, and destSite for outbound call legs (and both for tandem call legs). This is potentially an issue if the trunk/gateway was ever located in a subnet belonging to a different site than the endpoint devices, as reports would then suggest the call had involved an endpoint device there.
Version 7.5 (July 17th, 2024)
- Functionality — Investigate Extensions page now allows you to filter to a specific subset of your sites, and “site” is also an available field in the results table. Also there is a new column called “transferred_away” that will count the number of callid’s in which a call leg was transferred away from the given party number.
- Functionality — The tabular result rows in Investigate Sites now have an additional context menu item to switch over to “investigate extensions” and see rollup stats for extensions making calls within the given site.
- Fixed a bug in Investigate Extensions, where if the calls did have the UnicodeLoginUserId fields populated, but the extension only received calls during the timerange, the LoginUserId would be displayed incorrectly as (none)
- Fixed a longstanding bug when creating dashboard panels, that among the “existing dashboards” listed as optional targets, there were some hidden internal dashboards listed — “home_redirect” and “sorry_canary_is_not_installed”.
- Fixed a rare bug where fields that are superficially numeric but semantically categorical, (eg hour_of_day=12), would sometimes get automatically “bucketed” in the Chart UI as though they were continuous numeric quantities.
- change to a reload trigger rule that should allow Cisco CDR app to be updated without a restart.
- Added a new field “month_of_year”.
- Fixed some situations where from various detail views in the Investigate section, clicking breadcrumb links to return to the main list page did not correctly prepopulate filtering args the user might have been using before they clicked into the detail view.
- Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code etc for all phone numbers worldwide.
Version 7.4 (May 16th, 2024)
- Critical re-fixed a bug that we thought had been fixed in 7.2.1, where customers using Search Head Clustering would end up with incorrect fields in their devices lookup after updating the app and restarting.
- Functionality In the Investigate Devices, Extensions, Gateways and Groups pages, the field picker is now updated to use the more sophisticated ‘Edit Fields’ picker from Investigate Calls. Furthermore when reports and dashboard panels are created, the field list in use at the time is now saved into the report/panel.
- Functionality Investigate Devices, Extensions, Gateways and Sites pages now offer different contextual drilldown options when you click a given row. Instead of being taken to the detail view on all clicks, you can now choose between that detail view or other contextual drilldowns that bring you into other Investigate pages (using the row value as a filter on the results there).
- Functionality When ‘Create Dashboard Panel’ is used on any tabular results, now the resulting dashboard panel will also have a link below the table that the user can click to view the same results in the full view from which those results came.
- Resolved a bug where calls whose total elapsed time exceeded a few hours might not get their later call legs rendered properly within the Call Detail view.
- Fixed a bug where concurrency charts in the ‘create new chart’ page would come out wrong if the search was filtering by any CMR fields.
- Investigate devices, when both a) filtering by site, and also b) using ‘include devices with zero calls’, will now show devices with zero calls, even though there is no ‘site’ value for those devices at all. A warning is shown to the user when this occurs.
- Investigate devices, when both a) filtering by Cluster, and also b) using ‘include devices with zero calls’, will now use the changes in 7.2 to correctly filter the zero-call devices by the selected cluster(s) as well.
Version 7.3 (March 20th, 2024)
- Functionality Investigate Devices and Device Detail pages now correctly handles device names that exist on more than one cluster. Likewise ‘cluster’ and ‘clusterId’ are optional fields and form elements as appropriate to those pages.
- Functionality Restored the “cancel” button (removed in 7.0). We have also however removed the “print” button.
- Fixed a bug in Investigate Devices where if your CDR ever had completely empty values for origDeviceName and destDeviceName the page would output an error “Field ‘deviceNumberUserTypeSite’ does not exist in the data.”
- Removed 8.2+ style SPL comments which had crept into a few places, notably the “settings” layer in the top right. This was causing problems for customers running older versions of Splunk (8.0.X and 8.1.X ).
- Fixed a bug in Chart where if you already had the primary axis set to something other than “time” and then you set the y‑axis to “max” “concurrency”, the primary axis would fail to reset to “time” and you would get an error.
- Investigate Extensions now has optional fields available for failed calls and also percent failed.
- Added an optional macro “customizable_filter_for_deployment_stats”. Customers can use this to more narrowly determine which calls from which devices get counted in the “Your Deployment” section on the app’s landing page.
- Added a device_type extraction for Analog Telephone Adapter (ATA) devices.
Version 7.2.1 (February 19th, 2024)
- Fixed a bug for customers who have multiple “data types” loaded in the app. When a report was saved using “save report”, the selected data_type(s) would not be saved correctly.
- Fixed a problem that affected customers that use Search Head Clustering (SHC) when they updated from pre‑7.2. The bug was that the devices lookup would end up with incorrect fields loaded. This issue is fixed such that customers updating from pre‑7.2 to 7.2.1 or later will not be affected.
- Fixed a bug for customers with multiple data_types enabled, where dashboard panels would be created without the proper drilldown logic to set the data_type pulldown in Investigate Calls back to the way it had been when the chart was saved..
Version 7.2 (January 31st, 2024)
- Functionality The primary charts and tables on the Site Detail page now have “Create dashboard panel” buttons on them, so users can easily create custom scheduled-pdf dashboards around calls to/from particular physical locations.
- Previously not only Investigate Calls but also Extensions, Devices and other views had functionality, where the search would pause and a “resume” button would appear if any search took more than 10 seconds. This has been changed so that this functionality is now restricted to Investigate Calls.
- The “Set up data inputs” page, applicable only to standalone / single-instance deployments, has been reimplemented. This was mostly because the previous implementation used some Splunk features that are now deprecated.
- Fixed a bug where if a user typed only an asterisk into the ‘number’ field it would slow down the search greatly for no actual benefit.
- Fixed a subtle bug around charts on dashboard panels. If you saved a chart with stackMode on but with no “split by” field set, and then later during SimpleXML editing tried to turn on “show data labels”, the presence of the stack mode key would make the labels render oddly. Now the stackMode key is only pushed to the panel if there is also a “split by” field set.
- The devices lookup now has 2 new fields: ‘clusterId’ and ‘lastUpdated’. The clusterId field allows the lookup to work properly for customers who have the same device name on multiple publishers. The lastUpdated field helps us manager things when customers of the AXL app have different publishers updating on different schedules. Admin Note: On restart the app will automatically run its own migration to add both missing columns to the SH’s devices lookup.
Version 7.1 (December 14th, 2023)
- Functionality Along with changes in Canary 1.7, the Cisco CDR app now supports dark mode.
- Investigate Extensions, Investigate Groups and Investigate Gateways pages now have optional fields to list total/incoming/outgoing/tandem duration in minutes (as opposed to values like “08:53:44”).
- Fixed a bug around dashboards created with our “create dashboard panel” app. The app would add an XML declaration when creating new dashboards and this would work fine. However it would then trigger a bug in Splunk’s SimpleXML Editor later, where the editor would add an encoding attribute to the declaration and this attribute would cause the dashboard-level ‘dark mode’ to never work for that dashboard.
- Updated to the latest version of libphonenumbers, the python library the app uses to parse DN’s to extract country code, area code etc for all phone numbers worldwide.
- Pulled new NANPA data into the “npa-nxx-lata-clli-ocn-location.csv” lookup.
Version 7.0 (November 9th, 2023)
- Functionality The “investigate calls” page and the “Chart” pages are now integrated into a single interface. Switching between these two modes is now using a more intuitive tab control. Furthermore switching between is now much faster and much more of the UI state will be preserved and jobs reused.
- Functionality There is a new system whereby Supporting Addons can define a “data type” in a conf file that essentially adds support for another telephony product or PBX, and then those records will be usable, at a minimum within Investigate Calls and Chart.
- Functionality Action menus on field values in Investigate Calls now include options to jump into the Chart view to see call volumes for each value of the given field, or call volume over time split by the given field.
- Functionality in the Gateways page, in the “calls over time” tab, the pageable set of timecharts (one for each of the gateways), now allows you to inspect the calls with a drilldown click.
- Fixed a bug where the setup pages for the various lookups didn’t work if any values contained double quote characters.
- Fixed a bug in Investigate Calls where action menu options to add/remove searchterms didn’t work if the value contained double-quote characters.
- Fixed a bug in Site Detail where ‘edit site details’ would pass the wrong site name as argument.
- Fixed a bug in Device Detail in the ‘calls over time’ tab, if split-by was set to ‘extension/DN’. If that was set, the inline drilldowns on the subsequent Chart rendered below, would not render the call summaries in the table below that.
Version 6.6.1 (September 7th, 2023)
- Functionality Site Detail page now has a ‘call quality’ tab.
- Further improvements and logic fixes to the action menu options in Investigate Calls
- Fixed a regression in 6.6. where the Chart view would always show both the chart and the table regardless of which tab was selected.
- Fixed a bug where the action menu options for the duration field on multileg calls would not work correctly.
Version 6.6 (August 28th, 2023)
- Functionality In Investigate Calls, the contextual action menus have some new and useful options on certain key fields.
- Functionality In Investigate Calls and Chart, the “data_type” pulldown’s selected state is now saved as a per-user preference.
- Critical Fixed a bug where the links in the app navigation bar did not work correctly when the user was still in the Simple XML Dashboard’s “Edit” mode.
- Fixed a bug in Investigate Extensions, where calls for which CUCM listed no callingPartyNumber at all, would get rolled up as a row with a blank extension. Since the other parties on the call are represented elsewhere in the rollup, these blank rows are now filtered out.
- The “Other data sources” tab in the Device Detail page will be a little better at finding the given device name in other sourcetypes. It will also now give links to explore any “ciscoguid” values found in this data.
- Fixed a bug where entering an expression in the huntPilotDN field in Investigate Extensions would allow a few extensions into the returned results even when they had calls involving that huntPilot.
- Performance optimization that significantly speeds up the Chart view for many simpler cases where the user is filtering by one or more numbers but has only a simple report that necessitates no intermediate stats command.
Version 6.5.3 (July 11th, 2023)
- Critical Fixed a bug that affected customers who were using the “callId” field, specifically as created by the ‘get_call_id‘ macro. The “callId” field was renamed to “call_id” in 6.5. And although callId remained as a deprecated alias in props.conf, it was not left in as an alias within the ‘get_call_id‘ macro. Customers affected by this should be able to just update to this version and their existing syntax will work again.
- The Device Detail page’s “Calls over time” tab, now allows “quality” as a splitby option, and lists “quality” as a field in the table of calls.
- Further improvements in search efficiency when using the “number” field in Investigate Calls.
- the new calledPartyNumber field added in 6.5 is now an index-time field.
- “server_name” field is now extracted more reliably for CUBE data.
- Fixed a bug in Investigate Devices where the “calls” field was always zero.
- Fixed a bug where if you added a dashboard panel from the call concurrency page it would end up rendering as tabular data instead of as a line chart.
- Added a “create dashboard panel” button to the intraday call distribution panel on Extension Detail
- Slightly changed the SPL used to populate the “data_types” pulldown, to protect against an unusual corner case in complex ‘custom_index‘ values.
Version 6.5.2 (May 17th, 2023)
- Fixed a regression that greatly lowered search efficiency when using the “number” field in Investigate Calls.
Version 6.5.1 (April 28th, 2023)
- Fixed a bug in the Investigate Devices page, where only partial or zero results could be displayed for devices that had no “device type” extraction defined.
- Cube CDR data now has extracted fields for duration_elapsed, duration_total and duration_in_minutes, whether single leg or multileg, just like the CUCM CDR data.
Version 6.5 (April 25th, 2023)
- Functionality Investigate calls now allows you to search for CUBE calls even when the call did not touch CUCM at all. As a part of this there is a new form element in the page that will only appear if you have CUBE CDR indexed, in which case it allows you to switch between seeing only CUCM calls, only CUBE calls or both.
- Functionality Newly aliased fields. In CUBE CDR the clid and dnis fields are aliased to callingPartyNumber and calledPartyNumber and the “number” field in Investigate and Chart now uses these fields. In CUCM CDR the “finalCalledPartyNumber” field is now aliased to “calledPartyNumber”
- Functionality renamed field initialType to initial_type, callId to call_id. CUBE CDR also now has fields number, duration, data_type, type
- Functionality Splunk 7.3 is no longer supported, and you must run Splunk 8.0 or higher. Various messaging has been added in case administrators on older Splunk versions update the apps and miss this detail.
- Functionality Added new fields that hold useful english-language descriptions of 16 fields. These fields have to do with protocol, precedence, video resolution, bandwidth and more. Contact us for a full field list.
- Functionality Investigate Devices now has a Clusters pulldown. Investigate Extensions now has a general search textfield.
- Functionality Layout improvements and bugfixes for the “Summary” tab within the Device Detail page.
- Functionality Device Detail page will now search for the device name’s presence in other sourcetypes and indexes. If any are found it gives the user links to explore that data.
- Functionality Layout improvements and fixes on the Site detail page.
- Functionality Default thresholds for call quality are improved now. Also within the “Define call quality thresholds” page there is now a button admins can use to reset their current thresholds to the current shipping defaults.
- Critical Fixed a bug in the CUBE CDR integration, where the CUBE field values included in the results in Investigate Calls were the distinct values of those fields, then somewhat repeated, rather than a simple list of the values.
- Critical Fixed a bug in the CUBE CDR integration, where CUBE fields would only appear in the results if nothing had been entered in the number text field.
- Critical Fixed a bug whereby the ‘emergency calls’ alert was not actually editable in the Splunk admin UI. Also updated the instructions on Emergency calls on how to customize the alert.
- Fixed a bug in the Call Concurrency and Gateway Utilization page, where clicking a concurrency point in the chart wouldn’t narrow down the drilldown detail to the relevant split-by value.
- Fixed a bug that caused an error to display on the homepage erroneously if you had more than one index configured in the ‘custom_index‘ macro (separated by OR’s). If this was the case then the homepage would erroneously say “ERROR — the index specified in the ‘custom_index’ macro exists but contains no data.”
- Fixed 2 bugs affecting the Upload tab on the ‘Define groups and extensions’ page. If you uploaded a file that had wildcarded numbers that were not all grouped at the end of the file, then when the page tried to repair the row order it would inadvertently also discard the last 3 fields resulting in an error message later. Also error messaging has been improved when uploaded CSV files contain non-utf8 characters.
- Performance improvements on the Call Detail page, specifically using a narrower timerange of just several hours before and after the time of the call.
Version 6.4.1 (Oct 27th, 2022)
- Fixed a bug in Investigate Sites where sites could be erroneously listed on more than one row.
- Fixed a bug where a few places in the Define Sites page were truncating the lookup on disk down to 10,000 subnets.
- Investigate Sites now has a simple “site” textfield you can use to filter the list (with wildcards if necessary) if/when an unusually large number of sites have been defined.
- Fixed a bug in Investigate Sites that only affected customers who were using our “customizable” macros to calculate sites from the mediaTransport IP’s instead of the normal call-control IP’s (This is our recommended config for customers using SME Clusters). The bug was that the Investigate Sites page would ignore the customization and calculate the sites using the origIpAddr/destIpAddr values. This was a regression introduced in Cisco CDR 4.1.9.
- Fixed a bug in the Call Detail view where indexing very high volumes of CUBE CDR could slow the page to a crawl. The SPL in that view has been made far more efficient, such that the page should now perform well even if you have a million or more CUBE CDR indexed per day.
- In the Call Detail view, the panel containing the Call Quality Information has been moved up to sit just above the panels titled “other calls to/from…”
- Added a health check to detect whether the Devices Lookup contains any device names that are listed on more than one row.
- Fixed a bug in the Call Detail view, where the top right panel that can list any field values, could previously not display any CMR fields. Also this panel now respects the field-ordering specified by the field picker (previously it listed them alphabetically).
- Fixed a bug where if the Canary app was missing entirely the app’s landing page loaded blank, displaying no error message about the need to install Canary.
Version 6.4 (Sept 28th, 2022)
- Critical For customers using Search head Clustering (SHC), the app’s config now specifies that existing lookups on the SHC members are to be preserved in all cases, even when the deployer push was done with preserve-lookups set to false.
- Critical For customers using Search Head Clustering (SHC), users are now able to post lookup changes from the “Setup” screens, instead of being told to make their lookup changes on the Deployer.
- Functionality Form fields have been reordered across the various Investigate pages to improve consistency from page to page.
- Fixed a bug in the Device Detail page. If users were in its “Calls over time” tab and attempted to drill down on one of the displayed calls it would not work. Now clicking those table rows leads to the Call Detail view and the call is displayed correctly there.
- Fixed a bug in the Investigate Groups page, where you can now tell it to include groups/extensions with zero calls, and also at the same time use the “number” field to filter. The matching will then occur as expected on both the “extensions with calls” and also the “extensions with no calls” sides.
- Improved a core health check to detect whether the index specified in the “custom_index” macro actually exists.
- Reworked some health checks to reduce error messages if the user’s role has unusually restricted capabilities or permissions.