|
Greetings! I would like to do something like the following: |mysqlquery query="select * from packets where CALL_ID in ([search index=myindex|fields call_id])" Basically, I want to generate a listing of values from one of my sources, and then use the mysql connector to search against the table using the resulting values. Is anyone doing anything like this? Will it work? Most of the documentation I can find for the connector says its mostly for lookup tables. I would like to avoid pulling in a ton of events if I can avoid it. |
Refine your search:
- Apps & Questions
- Apps
- Questions
- Users
- Tags
Markdown Basics
- *italic* or _italic_
- **bold** or __bold__
- link:[text](http://url.com/ "Title")
- image?
- numbered list: 1. Foo 2. Bar
- to add a line break simply add two spaces to where you would like the new line to be.
- basic HTML tags are also supported
Tags:
Asked: 19 Jun '12, 12:52
Seen: 543 times
Last updated: 19 Jun '12, 13:08
Just a note: I work with a lot of Cisco CallManager customers and I sell a Splunk app for that data. I sometimes find people struggling to get the data into MySQL, and then struggle to get the MySQL rows into Splunk. What I tell them is just the truth; it seems crazy but at least in the case of CallManager it's much easier to get the data right from CUCM into Splunk.
Sadly we don't have direct access to the data. We're trying to take voice quality metrics from a session border controller and correlate them to call detail records from a call application server. The application server feeds directly into splunk. The sbc data is delayed up to 24 hours due to technical limitations as an export, but we can get access via the database almost immediately.
Got it. Sounds fun. For the record what we did with CallManager was use its existing 'external billing server' mechanism to get CDR+CMR data out in real time, without mucking about with export.