Splunk Stream

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.

Streaming Media

Splunk App for Stream supports capture of these Streaming Media protocols on Linux, Mac, and Windows. For more information see Configure Streams in the Splunk App for Stream User Manual.

RTP

Real-time Transport Protocol RFC3550

Name Description Term
lost Count of lost packets rtp.lost
unseq Number of mis-ordered packets rtp.unseq
ssrc SSRC Identifier rtp.ssrc
rtp_timestamp RTP packet timestamp rtp.timestamp
mos_session Standard Mean Opinion Score voice quality indicator rtp.mos-session
rfactor Rfactor indicator value, following the E-model from ITU-T G.107 and G.107.1 rtp.rfactor
snumber Sequence number of RTP packet rtp.snumber
codec_name Name of the codec (aka Payload type) rtp.codec-name
end_session Present in events containing summary information about an RTP session rtp.end-session
codec_index Number identifying the codec (aka Payload type) rtp.codec-index
session_duration Call setup duration (in microseconds) rtp.session-duration
bytes The total number of bytes transferred flow.bytes
src_ip Source IP Address flow.c-ip
src_mac Source packets MAC address in hexadecimal format flow.c-mac
src_port Source port number flow.c-port
bytes_in The number of bytes sent from client to server flow.cs-bytes
packets_in Total number of packets sent from client to server flow.cs-packets
network_interface Name of network interface flow.interface-name
capture_hostname Hostname where Flow was captured flow.hostname
dest_ip Destination IP Address flow.s-ip
dest_mac Destination packets MAC address in hexadecimal format flow.s-mac
dest_port Destination port number flow.s-port
bytes_out The number of bytes sent from server to client flow.sc-bytes
packets_out The total number of packets sent from server to client flow.sc-packets
transport Transport level protocol flow.transport
vlan_id VLAN ID from 802.1Q header flow.vlan-id

SIP

Session Initiation Protocol RFC3261

Name Description Term
src_ip Client IP Address flow.c-ip
dest_ip Server IP Address flow.s-ip
src_port Client port number flow.c-port
dest_port Server port number flow.s-port
src_mac Client packets MAC address in hexadecimal format flow.c-mac
dest_mac Server packets MAC address in hexadecimal format flow.s-mac
packets_in The total number of packets sent from client to server flow.cs-packets
packets_out The total number of packets sent from server to client flow.sc-packets
ack_packets_in The number of acknowledgement packets sent from client to server flow.cs-ack-packets
ack_packets_out The number of acknowledgement packets sent from server to client flow.sc-ack-packets
missing_packets_in The number of missing packet gaps detected within the request flow.cs-missing-packets
missing_packets_out The number of missing packet gaps detected within the response flow.sc-missing-packets
duplicate_packets_in The number of duplicate packets sent from client to server flow.cs-duplicate-packets
duplicate_packets_out The number of duplicate packets sent from server to client flow.sc-duplicate-packets
data_packets_in The number of data packets sent from client to server flow.cs-data-packets
data_packets_out The number of data packets sent from server to client flow.sc-data-packets
bytes_in The number of bytes sent from client to server flow.cs-bytes
bytes_out The number of bytes sent from server to client flow.sc-bytes
bytes The total number of bytes transferred flow.bytes
time_taken Number of microseconds, from the end user perspective, that it took to complete a flow event flow.time-taken
request_time Number of microseconds that it took the client to send a request flow.cs-send-time
request_ack_time Number of microseconds that it took the server to acknowledge receipt of the request flow.cs-ack-time
reply_time Number of microseconds that it took the server to start replying to a request flow.sc-reply-time
response_time Number of microseconds that it took the server to send a response flow.sc-send-time
response_ack_time Number of microseconds that it took the client to acknowledge receipt of the response flow.sc-ack-time
ssl_time Number of microseconds that it took to negotiate an SSL handshake flow.ssl-time
ssl_version SSL protocol version used for encryption; undefined if not encrypted flow.ssl-version
data_center_time Number of microseconds from the last request packet to the last response packet flow.data-center-time
client_rtt Average round trip time in microseconds from the client to the point of capture flow.cp-rtt
server_rtt Average round trip time in microseconds from the server to the point of capture flow.ps-rtt
client_rtt_sum Sum of all round trip time measurements from the client to the point of capture flow.cp-rtt-sum
server_rtt_sum Sum of all round trip time measurements from the server to the point of capture flow.ps-rtt-sum
client_rtt_packets Number of round trip measurements from the client to the point of capture flow.cp-rtt-packets
server_rtt_packets Number of round trip measurements from the server to the point of capture flow.ps-rtt-packets
refused Number of requests that were refused by the server flow.refused
canceled Number of HTTP responses that were canceled early by the client flow.canceled
connection TCP session server endpoint (IP address and TCP port) flow.connection
tcp_status TCP handshake status (0=OK, 1=RESET, 2=IGNORED) flow.tcp-status
protocol Level 7 protocol name (http, ftp, etc.) flow.protocol
transport Transport layer protocol (udp or tcp) flow.transport
accept_language Indicates the preferred languages sip.accept-language
alert_info Specifies an alternative ring tone sip.alert-info
call_duration Call duration in seconds sip.call-duration
call_id Call ID, extracted for each call sip.call-id
call_info Provides additional information about the caller or callee sip.call-info
callee The identity of the called party for a call sip.callee
callee_addr IPv4 address which could be used by the called party sip.callee-addr
callee_addr_v6 IPv6 address which could be used by the called party sip.callee-addr-v6
callee_domain Callee's domain sip.callee-domain
callee_e164 Format of the callee telephone numbers sip.callee-e164
callee_nickname Callee nickname sip.callee-nickname
callee_port Port which could be used by the callee sip.callee-port
callee_server_agent Server's software used by the callee sip.callee-server-agent
callee_user_agent Client's software used by the callee sip.callee-user-agent
callee_user_phone Callee's phone presence flag sip.callee-user-phone
caller Contains the identity of the initiator of the call sip.caller
caller_addr IPv4 address that could be used by the initiator of the call sip.caller-addr
caller_addr_v6 IPv6 address that could be used by the initiator of the call sip.caller-addr-v6
caller_domain Caller's domain sip.caller-domain
caller_e164 Format of the caller's telephone numbers sip.caller-e164
caller_nickname Caller nickname sip.caller-nickname
caller_port Port that could be used by the caller sip.caller-port
caller_server_agent Server's software in the caller way sip.caller-server-agent
caller_user_agent Client's software in the caller way sip.caller-user-agent
caller_user_phone Caller's phone presence flag sip.caller-user-phone
confcall_callee Callee's name in a confcall sip.confcall-callee
confcall_caller Caller's name in a confcall sip.confcall-caller
connection_info_addr Connection IPv4 address sip.connection-info-addr
connection_info_addr_type Connection address type sip.connection-info-addr-type
connection_info_addr_v6 Connection IPv6 address sip.connection-info-addr-v6
connection_info_net_type Network type for the connection sip.connection-info-net-type
contact The Contact header field provides a SIP or SIPS URI that can be used to contact that specific instance of the UA for subsequent requests sip.contact
cseq Sequence number sip.cseq
data_port Data port for client's protocol sip.data-port
date Contains the date and time sip.date
end_status Status of the call end sip.end-status
from The initiator of the request sip.from
from_tag A globally unique ID of the caller sip.from-tag
media_attr Media attributes sip.media-attr
media_attr_addr The mentioned IPv4 address to be used sip.media-attr-addr
media_attr_addr_v6 The mentioned IPv6 address to be used sip.media-attr-addr-v6
media_attr_channel The channel value sip.media-attr-channel
media_attr_encoding The encoding of media data sip.media-attr-encoding
media_attr_label The label for media data sip.media-attr-label
media_attr_param The param information of media data sip.media-attr-param
media_attr_port The transport port to be used sip.media-attr-port
media_attr_rate The encoding rate sip.media-attr-rate
media_attr_type Contains the media type (audio or video) sip.media-attr-type
media_attr_value XXX sip.media-attr-value
media_format Client protocol formats available sip.media-format
media_proto Protocol used in client stream sip.media-proto
media_type Contains the media type sip.media-type
method The command sip.method
mime_type Data type sip.mime-type
p_asserted_id Indicates the identity of the trusted SIP server sip.p-asserted-id
proxy_authorization Allows the client to identify itself (or its user) to a proxy that requires authentication sip.proxy-authorization
reason The reason a Session Initiation Protocol request was issued sip.reason
record_route The Record-Route header field is inserted by proxies in a request to force future requests in the dialog to be routed through the proxy sip.record-route
remote_party_id The IP address of the remote party sip.remote-party-id
reply_code Return status code sip.reply-code
request_call_id Call ID extracted for each SIP request sip.request-call-id
server_agent Server's software sip.server-agent
session_duration Session duration in seconds sip.session-duration
setup_delay Call setup delay in microseconds sip.setup-delay
start_time Start date of the call sip.start-time
subject The subject present in the SIP packet sip.subject
time_before_spk Waiting delay before speak, in microseconds sip.time-before-spk
to The recipient of the request sip.to
to_tag A globally unique ID of the callee sip.to-tag
uri Contains the URI (similar to To: field) sip.uri
useragent Client's software sip.user-agent
user_id Client identifier used for registering with a SIP server sip.user-id
via The Via header field indicates the transport used for the transaction and identifies the location where the response is to be sent sip.via
www_authenticate Contains an authentication challenge sip.www-authenticate
Last modified on 25 January, 2021
Simple Transport   Protocols that map to Splunk CIM

This documentation applies to the following versions of Splunk Stream: 7.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters