Cisco CDR
Mapping Sites
November 20th, 2020
We have a blog on putting calls on a map, but what do you do if you want to map internal calls?
Easy!
The process is
- Set up sites
- Find some data,
- Add a few magic commands
- Listen to the applause from your teammates and boss!
Set up Sites
I won’t belabor the parts of this that are already documented:
- Set up sites by starting in our main documentation on Sites
- Maybe follow that with reviewing our user docs on using sites just so you have the hang of it.
Though I will mention that you have to fill in a latitude and longitude for the sites you want to map.
You do NOT need to fill out an IP address/range for everything – you just need a couple that should show up for now. You can always extend it later.
Here’s what mine looks like.
(BTW, if you use Google Maps and zoom WAAAY in, then click on “nothing” in a spot on the map, it’ll show you the latitude and longitude for that point down at the bottom. Then if you click in that little pop up at the bottom *on* the latitude and longitude, you will see it’s its own link and will take you to somewhere from where you can copy them out.)
Finding some data
This could be pretty much anything that has that lat/long in it. Here, I added the the fields to my field picker
- callingPartyLat, callingPartyLong
- finalCalledPartyLat, finalCalledPartyLong
- site
In my screenshot I did a little filter – I put in a search filter of site=Haberdashery to find only calls where at least one leg went through the Haberdashery site. You could leave this blank to see all calls, or maybe put site=* if you want to see calls where at least one leg passed through a “named” site.
Remember to take the lead weights off the “get only” dropdown (green boxed in the above) so that it retrieves all the records instead of just the last 1000!
Now that you have a latitude and longitude, that’s really about all you need.
Change to showing raw data
See the screenshot just above – there’s a big green button with an arrow pointing to where you have to click next.
- Click the link to » see full search syntax in the upper right.
A “New Search” window will open with a big long search already populated. Don’t fret if it just looks like a bunch of gobbledygook – we already did the hard work for you so you just have to add a few small commands to the very end of it.
Add the magic commands
- To the end of that search, paste in
| geostats latfield=callingPartyLat longfield=callingPartyLong count
- The result should look like this:
- Then click the search button (or just press enter while your cursor is in the search text field).
This runs the geostats command, telling it to plot the ‘count’ for each latitude and longitude. We have to tell the command which fields in our data contain the latitude and longitude, hence the latfield=<my latitude field name> and longfield=<my longitude field name> in the middle.
Make it pretty
- Change to the “Visualization” tab.
If Splunk is already displaying a Cluster Map, there’s nothing else you need to do except wait a few moments for the data to populate.
If on the other hand you do not have a Cluster Map showing
- Click the Visualization tab, then the Visualization type.
- Change it to Cluster Map. This should be under the “Recommended” section. If not, look farther down.
Note there are two “Maps” style visualization. The other one (with shaded countries instead of dots) is called a Choropleth Map. We don’t have the right data in this example for the Choropleth map, so be sure not to pick that one. If you did want a choropleth map, we’ve done a blog on that too, see “Choropleth maps!”
And that’s it, you should now have a map populated with the call counts.
Some minor variations
Display final called party sites instead of calling party sites
Use fields ‘finalCalledPartyLat’ and ‘finalCalledPartyLong’.
| geostats latfield=finalCalledPartyLat longfield=finalCalledPartyLong count
Counting by site
Since we’re doing sites here, let’s split it by site! Just add to the very very end of all that, “BY site” like the below.
| geostats latfield=finalCalledPartyLat longfield=finalCalledPartyLong count BY site
As you can see, hovering your mouse over the dots shows a more detailed view.
Counting by the final disposition of the call
One of the more popular ‘by’ clauses is by the field “cause_description”. The field “cause_description” contains values like “Normal call clearing” (which is a call that ended normally), “Call split” (which is when a call gets transferred), “No answer from user (user notified)” which should be self explanatory, or maybe even the dreaded “No circuit/channel available” which means that you have filled your pipes and couldn’t get a free line to place a call with.
Like the above, just change or add the BY clause – BY cause_description
| geostats latfield=finalCalledPartyLat longfield=finalCalledPartyLong count BY cause_description
Now when you click search, your little blue dots should now be divided up into little slices for different cause descriptions. Hold your mouse over them to see more detail.
Conclusion
I hope this helps get you started with mapping sites!
Let us know if you have any feedback for this document, at docs@sideviewapps.com.
Related
Great software ultimately has to empower you to achieve more in less time. This extends to the company behind it -- we have to remember to always use your time as efficiently as we can.
And here I am happy to say that we shortened our Product Overview video dramatically. The new one is only 4 minutes long, vs 11 for the old one. You can see it here:
NOTE: the old one showed more of the product and was definitely more complete. In fact this was deliberate because we used it both for new users and also to be a deeper onboarding video for everyday users. However it was a bit too long for anyone who just wanted the short version and didnt want to spend 11 minutes of their day.
February 1st, 2024