Supporting App for AXL
Overview
Details
This app uses Cisco AXL to retrieve device information from CUCM for all devices known to the system, including users (names, departments, email addresses, etc...) and lines associated with the devices, model name, security profile and calling search space, protocol, and more.
This app also provides 2 custom search commands, "ciscoaxl" and "ciscoaxlquery" that could be used more generically to query and retrieve any information you can get from AXL.
NOTE: You can install this app from Splunkbase but in order to use it, you'll have to contact Sideview to get a 90 day trial license. https://sideviewapps.com/documentation/supporting-axl-for-cisco-cdr-reporting-analytics-installation-and-setup
Contact us with any questions!
For detail about the extra functionality and power that this app brings to our main Cisco CDR Reporting and Analytics app, read about Device use cases on our website.
Release Notes
Version 1.2.4
-- Splunk's AppInspect now requires that apps have an [id] stanza duplicating the information from the [launcher] and [package] stanzas.
-- As a convenience the app now displays current license information on the homepage.
-- Minimum supported version of Splunk is now 8.2.
Version 1.2.3
Made an improvement where if a publisher abruptly drops our connection specifically on our very first request, we now do a separate select count(*) query to try and manually get the total count, to then turn around and make N smaller queries of 500 rows each. If the CM node also fails to return these results without closing the HTTP connection unexpectedly, then we give up and display an error to the user.
Version 1.2.2
-- Fixed a bug where if a publisher abruptly drops our connection specifically on our very first request, we now display an error to the user. Previously if it died on the very first request you would have to look in the logs to find details about the error.
-- Fixed two examples in the AXL landing page so they are now compatible back to at least UCM 12.5.
Version 1.2.1
-- The get_devices example search now has a lastUpdated field, which is required in Cisco CDR 7.2 and higher
Version 1.2
-- Functionality - Both the ciscoaxl and ciscoaxlquery commands now accept a "server" argument. When specified and set to either a full stanza name or a hostname from ciscoaxl.conf, it will query only that connection or in general those matching connections. Multiple values can be used, comma-separated.
-- Functionality - Added a new command called "ciscoris" that when passed input rows containing both "name" and "clusterName" for some device name in UC, will query the cluster for various realtime information about that device.
-- Fixed a bug in the "get_devices_example" savedsearch, where the final rows across all queries hosts were rolled up by deviceName, rather than by the unique combination of deviceName and clusterId. Formerly this would result in confusing multivalue rows whenever a device name was repeated across clusters.
-- Fixed bad messaging when a 401 response is received back unexpectedly from the AXL API. There is a much better and more helpful error message now.
Version 1.1.10
- Removed compatibility with Python2 to prevent Splunk Appinspect from failing the app.
Users will not be affected, as the app has been Splunk 8 and up for some time now, on which it will run in python3.
more details: prior to this release the app was dual compatible with both py2 and py3 as per previous Splunk best practice. However now any py2 code contained anywhere in the package will fail appinspect.
Version 1.1.9
- Added explicit keep-alive header, as this may help with connection issues against some publishers.
- Fixed a bug when the publisher returns a truncated SOAP response (IncompleteRead) to our very first request, instead of either running the query or returning the "Query Request Too Large" message.
Version 1.1.8
Fixed a mistake in the logic that attempts more granular retries when a CM node returns incomplete response.
Version 1.1.7
- Fixed a problem that prevented the app homepage from loading correctly.
Version 1.1.6
-- Improved behavior on SHC - previously you had to either configure ciscoaxl.conf on the deployer, or submit the credentials form separate only on each SHC member. Now changes made on the UI of one member are propagated to the others automatically.
-- Improvements to ciscoaxlquery to make it more resilient when CM nodes misbehave or network connection is unreliable - In unusual cases where a CallManager node will terminate responses in mid-stream even after the SQL has been broken up into appropriately small queries, the command will now drop down to a much larger set of much smaller queries. Although strange, we have seen this approach work consistently.
-- Lower-tier users who attempt to run the app's custom search commands now get an error message telling them that their user account lacks the required capabilities.
-- Updated suds-py3 to 1.4.5.0
-- Resolved some issues where manager pages were displaying errors when in this SA's app context.
Version 1.1.5
Critical - Fixed another bug preventing the "ciscoaxlquery" command from working.
Version 1.1.4
- Fixed a bug introduced in 1.1.1 that prevented much of the app's functionality from working in Splunk 7.3. Note customers on Splunk 8 were unaffected by this bug and do not need this fix.
Version 1.1.3
get_devices_example search has been updated to pull three additional fields. 1) directoryNumber. This is designed to pull the primary "line 1" DN or DiD number associated with the device. If no actual primary line is configured then this will fallback to pulling the secondary DN/DiD in the list, and then after that tertiary etc. 2) axlHost - this is the host or ip address that was used in the AXL config. More or less the CUCM publisher. 3) axlPort - just for completeness this is the port that was used.
Version 1.1.2
- Sideview Utils is no longer required on Splunk 7.X, but Canary is now always required on both Splunk 7.X and 8.X.
- ciscoaxlquery command now will detect errors that say 'request is too large' and break the query into smaller queries using skip+limit syntax, merging the results and returning a single unified result automatically.
- Default expression blacklist for ciscoaxlquery now checks for word boundaries before, reducing false positive matches.
- Canonical example query to pull devices information from AXL now includes two new fields - "className" and "subclassName".
Version 1.1.1
- Added a new optional key to the ciscoaxl.conf, "timeout". This sets the SOAP read timeout in seconds, and it defaults to 600.
Version 1.1
-- Support for connecting to multiple UCM nodes has been broadened such that you can now connect to AXL interface on multiple hosts even if the hosts have different UCM versions. To do this you use a new optional key in ciscoaxl.conf called "wsdl_subdirectory". This defaults to "bin" and while that subdirectory remains the default choice for placing the AXLAPI.wsdl and AXLSoap.xsd files, you can now override it per stanza. You can set it to any other subdirectory or path within the SA_cisco_cdr_axl_app (such as "bin/11.5" or "wsdl/12.5" etc), and for that stanzas' SOAP connection it will use the wsdl/xsd files it files in the given subdirectory.
Version 1.0.1
- Fixed a bug where the form to create a new credential would fail to set the password in splunk's storage passwords system, and the user would have to post the password a second time in "update existing credentials" before it would get set.
- The old macro for 'generate_rows_for_devices_lookup' has been superseded by a better and more complete saved search called 'get_devices_example'. To implement,
-- Find the search "get_devices_example" in "Searches, Reports and Alerts" and clone it.
-- Run the cloned search manually and confirm it returns good results.
-- Edit that cloned search, append| outputlookup devicesto the end of the search and save it.
-- Edit the schedule of the cloned search to run on a periodic schedule (perhaps once per night?)
Version 1.0
-- The app now contains a simple UI that can be used to enter auth information. Specifically the hosts, ports, usernames and passwords required to connect to AXL on CUCM nodes. Furthermore the passwords are now stored in Splunk's password storage instead of being written in plaintext in the ciscoaxl.conf file
-- Various logging improvements.
-- Raised the minimum required version of the Canary app to 1.3.1, and minimum version of Splunk to 7.0
--Updated the commands to specify that Splunk should run them in python3
Version 0.9.1
Version 0.9.1 (August 14th, 2019)
screened some confusing error messages out of the update_license page.
improvements to exception handling in cases where the connection is
misconfigured or the wsdl/xsd files are wrong.
Version 0.9 (August 2nd, 2019)
improvements to how available method names are returned from | ciscoaxl help
Python code cleanup to work with both Python2.7 and Python 3
Version 0.8 (June 2019)
App now contains its own licensing and license enforcement mechanism, as well
as a simple user interface to update said license.
Version 0.7.2 (May 2019)
If methodwhitelist or queryblacklist are ever set to blank values, then the
ciscoaxl command and the ciscoaxlquery commands respectively will refuse to
run, due to there being a risk that the blank key is unintentional and the
result of a misconfiguration.
Version 0.7.1 (April 30th, 2019)
Updating the SOAP client code to pass an Authentication header that is
required if SAML SSO is configured. This change still seems to work in
"normal" UCM configurations though, so enabling this for all cases.
Version 0.7 (April 25th, 2019)
Fixed a problem where sometimes ciscoaxl command would throw an exception
if no results came back from soap, instead of just returning 0 results.
Version 0.6 (April 10th, 2019)
Added EXEC, EXECUTE, and PUT to the default queryblacklist regex.
improved exception handling and messaging around common misconfiguration
cases where the app cannot connect to the host, or where auth is rejected.
Added exception handling where if the whitelist or blacklist fails to parse
as a regex at all or throws an unexpected exception the commands fail.