Skip to main content
Splunk Lantern

VoIP data


Voice over IP refers to several methods for transmitting real-time audio and video information over an IP-based data network. Unlike traditional phone systems using dedicated, point-to-point circuits, VoIP applications use packet-based networks to carry real-time audio streams that are interspersed with other ethernet data traffic. Since TCP packets may be delivered out of order due to data loss and retransmission, VoIP includes features to buffer and reassemble a stream. Similarly, VoIP packets are usually tagged with quality of service (QoS) headers to prioritize their delivery through the network. 

VoIP logs provide troubleshooting and usage data similar to that of other network applications. Details include source, destination, time and duration of calls, call quality metrics, and any error conditions. Integrating VoIP source/destination records with an employee database such as AD or LDAP and a DHCP database allows linking call records to actual people and IP addresses to physical locations; information that can assist in troubleshooting and billing. 

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Use cases for the Splunk platform