You have automated routine builds - new servers and desktops are deployed in minutes through cloud...
Splunking Your VoIP
Gaining visibility into VoIP Phone Logs for U.S. Embassies
Here at August Schell, we have a history of creating Splunk apps to solve unique problems. Recently, one of our Splunk engineers decided to solve a particularly interesting problem for the U.S. Embassies, who were struggling to verify that they were being charged the correct amount for their phone system. We decided to take action and help out.
A particular U.S. Embassy was experiencing a problem logging calls, both in and out of the offices as well as government issued cell phones, and they were concerned that employees may be using phones to make personal calls. Ultimately, they needed to track who was using the phones, where calls were going and how much was being spent.
Here’s what we came up with.
The Solution: Splunk App for VoIP Phone Logs
We start by sending all of the phone logs into Splunk, which can be done in multiple ways. If you have your VoIP system setup locally, the phone logs are likely being stored within a database. In this case, you can easily download the Splunk DB Connect app and connect Splunk to your database to index phone logs in real time.
If your phone system isn’t local, your VoIP provider can provide you with your phone logs each billing statement, typically in a CSV format. From here, you have two options: you can have Splunk monitor a particular directory on your desktop/workstation and as soon as you drop the file into that directory, Splunk will know to index the file. The other option would be to login to Splunk and manually upload the file.
No matter which way you use to bring the data into Splunk, as soon as it’s brought in, it will be displayed on the dashboards built within the app.
Dashboard 1 - Overview
Like most Splunk apps, the first dashboard is an overview. At the very top of the dashboard, you have a billing cycle selector—a dropdown that allows you to select any of the past billing cycles. Select a billing cycle and all the visualizations will start to fill out below. The first in the top left shows the total cost that you should have been charged.
Next you’ll see a breakdown of that cost. It shows a table with a row for incoming, outgoing and local phone calls, columns for total billable minutes for that cycle and rates for incoming and outgoing. Local is typically zero, and the total cost as the final column. Down below, it calculates the total, so you can see the same total price that’s shown in the previous visualization.
This visualization shows cost over time, displaying a breakdown of the total cost each day and a column chart. It’s also broken out by column chart over time, broken out by call direction, incoming, outgoing and local. You can choose to split it by the hour, day or week.
Then, you have a simple pie chart with the breakdown of the call direction, outgoing, local and incoming so you can see which ones are happening most, and the percentage if you hover over it. These visualizations can be switched to show breakdown by program instead of call direction.
Finally, there’s one more visualization, which is actually a table, showing the total cost by employee. In the table, it shows the employee name, total billable minutes for that cycle and total costs for that person.
Dashboard 2 - Geolocation
The next one is called geolocation. To use it, you select a particular billing cycle again, as well as the call direction (incoming or outgoing). With those options selected, a visualization below appears showing all of the calls on a map of the world. If you have incoming selected as the call direction, it maps the source of all incoming calls. If you have outgoing selected, it will show you the destination of all outgoing phone calls. When looking at this visualization, you can zoom in for a more granular location of the calls. Lastly, you can hover over the points on the map for these calls and see a breakdown of which employee or program they were coming from or going to.
Dashboard 3 – User Search
This dashboard is called user search, built to act like a user audit so you can look into what a particular user has been doing. So, at the top you have a time selector, and you can select any time period to look over for a particular employee. Then there is another filter for the employee name, which displays a dropdown for every employee. This filter for a particular employee can easily be changed to filter down to a Program or Group if desired.
There are four visualizations on this dashboard, similar to some of those we have on the overview dashboard. The first is total cost of the employee, followed by a pie chart showing the breakdown by call direction. The next visualization is a column chart showing you the amount of calls over time. For each column/time period, you hover over to see the total amount of calls separated by the call direction. The last visualization is a table showing all the recent phone logs from that person or program. It gives you the timestamp of when the call happened, the source and the destination of the call, the amount of billable seconds for that call and finally the disposition of the phone call, whether it was answered or not.
What Else Can You Do with Splunk?
This app is not found in Splunkbase, because we like to modify it for each customer. We are happy to tweak the app to fit your needs, whether that is adding a couple extra visualizations or modifying any existing ones. In addition, we are happy to help you bring your phone logs into Splunk and normalize them to work with our app.
We like to Splunk lots of things. Have you seen our blog about Splunking your cryptocurrency? We’ve Splunked cars, too. If you’re interested in how we pulled this together or have questions about Splunking your VoIP, let’s chat! We can get you a copy of the app. Connect with an August Schell Splunk specialist today, or call us at (301)-838-9470.
Want to get insights into your phone data and
make statistics-driven decisions?
