Cisco CDR Reporting & Analytics | Installation Notes
One quick note — we use a Splunk term, “$SPLUNK_HOME”, to denote the base install path of Splunk or the Splunk forwarder. On a Windows server, this is usually c:\program files\splunk or c:\program files\splunkuniversalforwarder. On Linux it’s usually /opt/splunk or /opt/splunkforwarder.
Next, we recommend the following steps, where you’ll set up a small separate host that will receive the files from CUCM via SFTP, and will forward them onto your Splunk instance via the Splunk Universal Forwarder. However, on-premise folks (e.g. ones not in cloud) with only a single Splunk instance should know that it’s a fine option to simply SFTP the files directly to the main Splunk host.
At this point, you should have a small VM or host running, with a Splunk Universal Forwarder installed, and that UF should have a directory at $SPLUNK_HOME/etc/apps/TA_cisco_cdr/…
[batch:///path/to/files/cdr_*] index = cisco_cdr sourcetype = cucm_cdr move_policy=sinkhole [batch:///path/to/files/cmr_*] index = cisco_cdr sourcetype = cucm_cmr move_policy=sinkhole
[batch://D:\path\to\files\cdr_*] index = cisco_cdr sourcetype = cucm_cdr move_policy=sinkhole [batch://D:\path\to\files\cmr_*] index = cisco_cdr sourcetype = cucm_cmr move_policy=sinkhole
Important Notes:
The data collection node is now set up and ready to receive files and forward those into Splunk. The last piece, in order to get data coming in, is to now set up UCM to send files to this host.