Hi folks, I'm parsing Cisco Callmanager call detail records in our splunk system and I'd like to see which pairs of telephone numbers have the most calls between them, but here's the tricky bit: I don't care who called who, I want to aggregate calls from A->B and B->A into one counter and list the top 10 pairs of callers who make the most calls to each other.
The code below is giving me a nice list of top calling pairs at the moment, but A->B and B->A are listed as two distinct pairs, how do I aggregate them?
index=cucm | stats count by callingPartyNumber,finalCalledPartyNumber |sort by -count
↧