Supporting App for AXL | Installation Notes
If you are in Cloud, create a new and separate index in your cloud environment. A suggested name is cisco_cdr_app_lookups. You can use a different name here, but if you do contact us for other changes to make!
| outputlookup create_empty=false override_if_empty=false devices- If you are using Splunk Cloud
| eval lookup_name="devices" | collect index=cisco_cdr_app_lookups
Go back to Settings > Searches, Reports and Alerts and search for the version of the report you built in the previous step. Once found:
If you are using Splunk Cloud, we need to create the lookup from the AXL data we’re sending to it.
`custom_lookup_index` lookup_name="devices" | eventstats max(info_max_time) as latest | where info_max_time=latest AND info_max_time>relative_time(now(),"-24h") | eval lastUpdated=latest | table name, productName, department, description, className, subclassName, devicePool, mailId, userFullName, userId, callingSearchSpaceName, protocol, securityProfileName, directoryNumber, clusterId, lastUpdated | outputlookup override_if_empty=false create_empty=false devices
Once it returns you back to the Searches, Reports and Alerts page,
And for one last easy step, once it returns you back to the Searches, Reports and Alerts page,
Now that you have the Devices lookup set up and enabled, there will be a few more fields available to you for use everywhere in the app. You can read about them in our page on Using Devices. Or drop us a line and we’d be happy to hop on with you and show you around what you now have — there’s more there than may first meet the eye.