Tracking calls and SMS with Splunk


Telecommunication systems are vital to all of us around the world, though rarely do we look deeply into the vast amounts of valuable data being generated.

Comparing call length against sales success. Looking at call costs vs customer value. Or examining the most effective time to call prospects. Just a few examples that I’ve seen Splunk customers implement in tele-sales environments. The use-case for this telecommunication data reaches much further than just call centers though.

In this post we’ll examine data generated by Twilio, a service that allows you to bake voice and SMS capabilities into your apps.

But remember, Splunk is a machine data platform. If you’re not using Twilio,  this data could be taken from any other voice or SMS management tool.

splunk-app-for-twilio-machine-data copy

Plugging Twilio data into Splunk is super simple. The company offer a flexible API from which Splunk can poll data in real-time, or manually via CSV exports from their web interface.

The Twilio app for Splunk comes with prewritten Twilio API calls to collect the data if you want a little help getting started (disclosure: I developed it).


Now that the messy, unstructured data has been indexed lets start making sense of it using Splunk searches.

Top 10 outbound call destinations:

Sid=”CA*” Direction=”outbound*”  | top limit=10 To

Outbound call success:

Sid=”CA*” Direction=”outbound*” | stats count by Status

Average length of outbound calls:

Sid=”CA*” Direction=”outbound*” | eval DurationMins = round(Duration/60,2) | stats sum(DurationMins) AS TotalDuration count(Duration) as NumberOfCalls  | eval AveCallLength = round(TotalDuration/NumberOfCalls,2) | fields AveCallLength


Last SMS received:

Sid=”SM*” Direction=”outbound*” Body!=”New Voicemail*” | head 1 | fields Body

Total number of SMS received:

Sid=”SM*” Direction=”inbound*”  | stats count


And for the finance managers out there; how much are these guys spending?

Sid=”CA*” | eval Cost = Price*-1 | timechart sum(Cost) as Cost by PriceUnit


It becomes even more exciting as you plug more and more data into Splunk. Enriching call data with customer activity across your infrastructure – things like web or access logs – is a great example. When a customer calls a rep because they are having a problem, Splunk could immediately show the errors that customer encountered to the rep, as well as things like purchases, tweets, pages visited, and any other data that was linked to the customer.

Don’t have access to this type of data but want to explore? Most network providers give customers a monthly breakdown of their usage – data that is ripe for Splunking.

David Greenwood

Posted by


Join the Discussion