You might need to understand call dispositions when doing the following:
In order to execute this procedure in your environment, the following data, services, or apps are required:
You work for a large telecommunications provider and use Splunk to monitor the services you provide. You need a search that will give a snapshot of your current VOIP system and may give insight as to where there may exist potential technical issues.
To optimize the search shown below, you should specify a time range. You may also need to adjust fields to match what is available in your data source.
- Ensure your lookup file is uploaded to your Splunk deployment.
- Run the following search to count customers with most payments processed:
| sourcetype=<call detail records> | lookup <cdr disposition mapping file> disposition | stats count values(description) AS Description BY disposition | rename disposition AS Disposition count AS Count | table Description Disposition Count | eval Description=if(match(Disposition,"CONGESTED"),"Route Error",Description) | sort - Count
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
|| sourcetype=<call detail records>||Search only your telephony data.|
|| lookup <cdr disposition mapping file> disposition||
Enrich the search results with clearer descriptions of the dispositions.
If your lookup file does not contain the disposition column, adjust the search to match the names in your lookup.
|| stats count values(description) AS Description BY disposition||Calculate a count of each description and sort the results by disposition.|
|| rename disposition AS Disposition count AS Count||Rename the fields as shown for better readability.|
|| table Description Disposition Count||Display the results in a table with columns in the order shown.|
|| eval Description=if(match(Disposition,"CONGESTED"),"Route Error",Description)||If the disposition is "CONGESTED", return a value of "Route Error". Otherwise, return the description for the disposition.|
|| sort - Count||Sort the results with the largest count first.|
Use the results to more effectively troubleshoot and resolve ongoing issues.