Splunk Stream

Installation and Configuration Manual

Download manual as PDF

This documentation does not apply to the most recent version of StreamApp. Click here for the latest version.
Download topic as PDF

Streaming Media

Splunk App for Stream supports capture of these Streaming Media protocols on Linux, Mac, and Windows. For more information see Configure Streams in the Splunk App for Stream User Manual.

RTP

Real-time Transport Protocol RFC3550

Name Description Term
lost Counter of lost packets rtp.lost
unseq Contains the number of mis-ordered packets rtp.unseq
ssrc SSRC Identifier rtp.ssrc
rtp_timestamp RTP packet timestamp rtp.timestamp
mos_session Standard Mean Opinion Score voice quality indicator rtp.mos-session
rfactor Rfactor indicator value, following the E-model from ITU-T G.107 and G.107.1 rtp.rfactor
snumber Sequence number of RTP packet rtp.snumber
codec_name Name of the codec (aka Payload type) rtp.codec-name
end_session Present in events containing summary information about an RTP session rtp.end-session
codec_index Number identifying the codec (aka Payload type) rtp.codec-index
session_duration Call setup duration (in microseconds) rtp.session-duration
bytes The total number of bytes transferred flow.bytes
src_ip Source IP Address flow.c-ip
src_mac Source packets MAC address in hexadecimal format flow.c-mac
src_port Source port number flow.c-port
bytes_in The number of bytes sent from client to server flow.cs-bytes
packets_in The total number of packets sent from client to server flow.cs-packets
network_interface Name of network interface flow.interface-name
capture_hostname Hostname where flow was captured flow.hostname
dest_ip Destination IP Address flow.s-ip
dest_mac Destination packets MAC address in hexadecimal format flow.s-mac
dest_port Destination port number flow.s-port
bytes_out The number of bytes sent from server to client flow.sc-bytes
packets_out The total number of packets sent from server to client flow.sc-packets
transport Transport level protocol flow.transport
vlan_id VLAN ID from 802.1Q header flow.vlan-id

RTCP

RTP Control Protocol RFC3550

Name Description Term
packet_type Packet type (such as SenderReport) rtcp.packet-type
ssrc SSRC (Synchronization Source) identifier rtcp.ssrc
sdes_cname Canonical end-point identifier SDES item rtcp.sdes-cname
sdes_name User name SDES item rtcp.sdes-name
sdes_email Email address SDES item rtcp.sdes-email
sdes_phone Phone number SDES item rtcp.sdes-phone
sdes_loc Geographic user location SDES item rtcp.sdes-loc
sdes_tool Application or tool name SDES item rtcp.sdes-tool
sdes_note Notice/Status SDES item rtcp.sdes-note
rr_block_ssrc SSRC of a report block (receiver report) rtcp.rr-block-ssrc
rr_fcnlost Fraction of packets lost (receiver report) rtcp.rr-fcnlost
rr_cumlost Cumulative number of packets lost (receiver report) rtcp.rr-cumlost
rr_highestseqnum Extended highest sequence number received (receiver report) rtcp.rr-highestseqnum
rr_jitter Interarrival jitter (receiver report) rtcp.rr-jitter
rr_lsr Last SR timestamp (receiver report) rtcp.rr-lsr
rr_dlsr Delay since last SR (receiver report) rtcp.rr-dlsr
sr_ntp_ts_msw NTP timestamp, most significant word rtcp.sr-ntp-ts-msw
sr_ntp_ts_lsw NTP timestamp, least significant word rtcp.sr-ntp-ts-lsw
sr_ntp_ts NTP timestamp rtcp.sr-ntp-ts
sr_rtp_ts RTP timestamp rtcp.sr-rtp-ts
sr_pkt_count Sender's packet count rtcp.sr-pkt-count
sr_octet_count Sender's octet count rtcp.sr-octet-count
sr_block_ssrc SSRC of a report block (sender report) rtcp.sr-block-ssrc
sr_fcnlost Fraction of packets lost (sender report) rtcp.sr-fcnlost
sr_cumlost Cumulative number of packets lost (sender report) rtcp.sr-cumlost
sr_highestseqnum Extended highest sequence number received (sender report) rtcp.sr-highestseqnum
sr_jitter Interarrival jitter (sender report) rtcp.sr-jitter
sr_lsr Last SR timestamp (sender report) rtcp.sr-lsr
sr_dlsr Delay since last SR (sender report) rtcp.sr-dlsr
bytes The total number of bytes transferred flow.bytes
src_ip Source IP Address flow.c-ip
src_mac Source packets MAC address in hexadecimal format flow.c-mac
src_port Source port number flow.c-port
bytes_in The number of bytes sent from client to server flow.cs-bytes
packets_in The total number of packets sent from client to server flow.cs-packets
network_interface Name of network interface flow.interface-name
capture_hostname Hostname where flow was captured flow.hostname
dest_ip Destination IP Address flow.s-ip
dest_mac Destination packets MAC address in hexadecimal format flow.s-mac
dest_port Destination port number flow.s-port
bytes_out The number of bytes sent from server to client flow.sc-bytes
packets_out The total number of packets sent from server to client flow.sc-packets
transport Transport level protocol flow.transport
vlan_id VLAN ID from 802.1Q header flow.vlan-id
flow_id Flow Id flow.flow-id
protocol_stack Protocol stack of flow flow.protocol-stack

SIP

Session Initiation Protocol RFC3261

Name Description Term
src_ip Client IP Address flow.c-ip
dest_ip Server IP Address flow.s-ip
src_port Client port number flow.c-port
dest_port Server port number flow.s-port
src_mac Client packets MAC address in hexadecimal format flow.c-mac
dest_mac Server packets MAC address in hexadecimal format flow.s-mac
packets_in The total number of packets sent from client to server flow.cs-packets
packets_out The total number of packets sent from server to client flow.sc-packets
ack_packets_in The number of acknowledgement packets sent from client to server flow.cs-ack-packets
ack_packets_out The number of acknowledgement packets sent from server to client flow.sc-ack-packets
missing_packets_in The number of missing packet gaps detected within the request flow.cs-missing-packets
missing_packets_out The number of missing packet gaps detected within the response flow.sc-missing-packets
duplicate_packets_in The number of duplicate packets sent from client to server flow.cs-duplicate-packets
duplicate_packets_out The number of duplicate packets sent from server to client flow.sc-duplicate-packets
data_packets_in The number of data packets sent from client to server flow.cs-data-packets
data_packets_out The number of data packets sent from server to client flow.sc-data-packets
bytes_in The number of bytes sent from client to server flow.cs-bytes
bytes_out The number of bytes sent from server to client flow.sc-bytes
bytes The total number of bytes transferred flow.bytes
time_taken Number of microseconds that it took to complete a flow event, from the end user's perspective flow.time-taken
request_time Number of microseconds that it took the client to send a request flow.cs-send-time
request_ack_time Number of microseconds that it took the server to acknowledge receipt of the request flow.cs-ack-time
reply_time Number of microseconds that it took the server to start replying to a request flow.sc-reply-time
response_time Number of microseconds that it took the server to send a response flow.sc-send-time
response_ack_time Number of microseconds that it took the client to acknowledge receipt of the response flow.sc-ack-time
ssl_time Number of microseconds that it took to negotiate an SSL handshake flow.ssl-time
ssl_version SSL protocol version used for encryption, or undefined if not encrypted flow.ssl-version
data_center_time Number of microseconds from the last request packet to the last response packet flow.data-center-time
client_rtt Average round trip time in microseconds from the client to the point of capture flow.cp-rtt
server_rtt Average round trip time in microseconds from the server to the point of capture flow.ps-rtt
client_rtt_sum Sum of all round trip time measurements from the client to the point of capture flow.cp-rtt-sum
server_rtt_sum Sum of all round trip time measurements from the server to the point of capture flow.ps-rtt-sum
client_rtt_packets Number of round trip measurements from the client to the point of capture flow.cp-rtt-packets
server_rtt_packets Number of round trip measurements from the server to the point of capture flow.ps-rtt-packets
refused Number of requests that were refused by the server flow.refused
canceled Number of HTTP responses that were canceled early by the client flow.canceled
connection TCP session server endpoint (IP address and TCP port) flow.connection
tcp_status TCP handshake status (0=OK, 1=RESET, 2=IGNORED) flow.tcp-status
protocol Level 7 protocol name (http, ftp, etc.) flow.protocol
transport Transport layer protocol (udp or tcp) flow.transport
accept_language Indicates the preferred languages sip.accept-language
alert_info Specifies an alternative ring tone sip.alert-info
call_duration Call duration in seconds sip.call-duration
call_id Call id, extracted for each call sip.call-id
call_info Provides additional information about the caller or callee sip.call-info
callee Contains the identity of the called party for a call sip.callee
callee_addr IPv4 address which could be used by the called party sip.callee-addr
callee_addr_v6 IPv6 address which could be used by the called party sip.callee-addr-v6
callee_domain Callee's domain sip.callee-domain
callee_e164 Format of the callee's telephone numbers sip.callee-e164
callee_nickname Callee nickname sip.callee-nickname
callee_port Port which could be used by the callee sip.callee-port
callee_server_agent Server's software in the callee way sip.callee-server-agent
callee_user_agent Client's software used by the callee sip.callee-user-agent
callee_user_phone Callee's phone presence flag sip.callee-user-phone
caller Contains the identity of the initiator of the call sip.caller
caller_addr IPv4 address which could be used by the initiator of the call sip.caller-addr
caller_addr_v6 IPv6 address which could be used by the initiator of the call sip.caller-addr-v6
caller_domain Caller's domain sip.caller-domain
caller_e164 Format of the caller's telephone numbers sip.caller-e164
caller_nickname Caller nickname sip.caller-nickname
caller_port Port which could be used by the caller sip.caller-port
caller_server_agent Server's software in the caller way sip.caller-server-agent
caller_user_agent Client's software in the caller way sip.caller-user-agent
caller_user_phone Caller's phone presence flag sip.caller-user-phone
confcall_callee Callee's name, in a confcall sip.confcall-callee
confcall_caller Caller's name, in a confcall sip.confcall-caller
connection_info_addr Connection IPv4 address sip.connection-info-addr
connection_info_addr_type Connection address type sip.connection-info-addr-type
connection_info_addr_v6 Connection IPv6 address sip.connection-info-addr-v6
connection_info_net_type Network type for the connection sip.connection-info-net-type
contact The Contact header field provides a SIP or SIPS URI that can be used to contact that specific instance of the UA for subsequent requests sip.contact
cseq Sequence number sip.cseq
data_port Data port for client's protocol sip.data-port
date Contains the date and time sip.date
end_status Status of the call end sip.end-status
from The initiator of the request sip.from
from_tag A globally unique id of the caller sip.from-tag
media_attr Media attributes sip.media-attr
media_attr_addr The mentioned IPv4 address to be used sip.media-attr-addr
media_attr_addr_v6 The mentioned IPv6 address to be used sip.media-attr-addr-v6
media_attr_channel The channel value sip.media-attr-channel
media_attr_encoding The encoding of media data sip.media-attr-encoding
media_attr_label The label for media data sip.media-attr-label
media_attr_param The param information of media data sip.media-attr-param
media_attr_port The transport port to be used sip.media-attr-port
media_attr_rate The encoding rate sip.media-attr-rate
media_attr_type Contains the media type (audio or video) sip.media-attr-type
media_attr_value XXX sip.media-attr-value
media_format Client's protocol formats available sip.media-format
media_proto Protocol used in client stream sip.media-proto
media_type Contains the media type sip.media-type
method The command sip.method
mime_type Data type sip.mime-type
p_asserted_id Indicates the identity of the trusted SIP server sip.p-asserted-id
proxy_authorization Allows the client to identify itself (or its user) to a proxy that requires authentication sip.proxy-authorization
reason The reason a Session Initiation Protocol request was issued sip.reason
record_route The Record-Route header field is inserted by proxies in a request to force future requests in the dialog to be routed through the proxy sip.record-route
remote_party_id The IP address of the remote party sip.remote-party-id
reply_code Return status code sip.reply-code
request_call_id Call's id extracted for each sip request sip.request-call-id
server_agent Server's software sip.server-agent
session_duration Session duration in seconds sip.session-duration
setup_delay Call setup delay in microseconds sip.setup-delay
start_time Start date of the call sip.start-time
subject The subject present in the SIP packet sip.subject
time_before_spk Waiting delay before speak in microseconds sip.time-before-spk
to The recipient of the request sip.to
to_tag A globally unique id of the callee sip.to-tag
uri Contains the URI (similar to To: field) sip.uri
useragent Client's software sip.user-agent
user_id Client identifier used for his registering with a SIP server sip.user-id
via The Via header field indicates the transport used for the transaction and identifies the location where the response is to be sent sip.via
www_authenticate Contains an authentication challenge sip.www-authenticate
PREVIOUS
Simple Transport
  NEXT
Protocols that map to Splunk CIM

This documentation applies to the following versions of Splunk Stream: 7.0.0, 7.0.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters