Is anyone indexing Huawei CDR's with Splunk?
The Huawei CDR's is in a encrypted / encoded format, is there a way to get these records into cleartext for indexing into Splunk?
Hi,
Can you please explain me, how to decode CDR file? I am waiting for your reaply
Hi,
Yes we have managed to develop a custom decoder, although at this moment we don't decode all fields.
We just decode some of the fields we required.
Is your CDR files for a fixed or mobile networks?
Hi,
Yes we have managed to develop a custom decoder, although at this moment we don't decode all fields.
We just decode some of the fields we required.
Is your CDR files for a fixed or mobile networks?
Hello, I have CDR file of huawei CSOFTX3000, and sample with first 50 decoded CDRs.
I need to decode it and convert to plain text. Have you managed it?
Hello, I have CDR file of huawei CSOFTX3000, and sample with first 50 decoded CDRs.
I need to decode it and convert to plain text. Have you managed it?
Hi,
Can you please explain me, how to decode CDR file? I am waiting for your reaply
Hi,
Yes we have managed to develop a custom decoder, although at this moment we don't decode all fields.
We just decode some of the fields we required.
Is your CDR files for a fixed or mobile networks?
Splunk basically needs readable text.
Decrypting and decoding data will have to happen with a scripted input or and external application that converts your data to text.
Decryption will be a challenge without vendor provided tool. (I doubt that this will be encrypted, most probably encoded)
Contact the hardware vendor to obtain documentation on the format of the encoded data and start from there.
Yes, that the way we approach binary data formats.
I know that! Hence why i asked the question if someone is already doing it and if so how.
You can get the CDRs from a mediation product that would have already normalized the data into plain text. (CSV, XLS etc)
Just thought someone might have solved this puzzle already without using a mediation product.
But by the look of things the only way forward is to use output from the mediation product with the data already normalized?