Splunk App for Amazon Connect helps you analyze your contact center data from Amazon Connect. The app uses the connect data that is generated by several data sources such as Contact Records, Agent events from Kinesis streams, Reports and Transcripts from S3, connect application logs, contact flow logs and metrics via cloud watch to help gain insight on the current state and understand how customer service is being impacted at your contact center.
This application can be installed on both On-Prem and Cloud deployments of Splunk.
Install the application on Forwarders and Search Heads
Connect generates two type of events - Contact Trace Records (CTR) and Agent Events. Once data streaming for Connect is enabled, it generates CTRs after a contact session ends and these events are sent to Kinesis Streams.
There are two eventtypes for Agent events - HEART_BEAT and STATE_CHANGE events. The HEART_BEAT eventtype is periodically generated and STATE_CHANGE events are generated at specific times when the Agent/Contact has an internal state change. These events also use the same method of transport as CTRs. Splunk uses both of these event types to determine Agent Status and decode contact information. Be sure to use the aws:connect:firehose sourcetype for these data sources.
These events are then sent to Splunk via a Kinesis Firehose using Splunk Kinesis Data Firehose (KDF) integration. A HTTP Event collector input needs to be setup on Splunk and a Firehose delivery stream then has to be setup to relay messages from streams to Splunk.
NOTE:
Follow guidelines to create a firehose stream to Splunk: https://docs.aws.amazon.com/firehose/latest/dev/creating-the-stream-to-splunk.html
Connect admin can generate scheduled reports and send them to a S3 bucket. These reports contain historic queue and agent metrics and can be scheduled in the Connect instance via the historical metrics tab.
The Amazon Connect app for Splunk uses the Queue Contact metrics and Agent Performance metrics. These reports (CSV) are pulled from S3 using the SQS-based S3 input provided in the Splunk AWS TA. Be sure to use the aws:connect:s3:reports sourcetype for this data source.
NOTE:
Splunk expects the above reports' file names to have the specific prefixes - historic_agent_performance_all_metrics-.csv and historic_queue_contact_all_metrics-.csv
Under Table Settings, select all metrics for Queue Contact and Agent Performance.
Modify respective source's csv header names in transforms.conf accordingly if you wish to not select all metrics for the Queue Contact or Agent Performance.
Connect API metrics, both historic and realtime queue metric data are retrieved from the application's API endpoints. A lambda function is used to query Connect's REST endpoints every 60 seconds and the records are then coalesced with queue information and sent to the above configured Kinesis Streams. The API data is streamed into KDF from Kinesis Streams for Splunk to read using HEC input. Use the aws:connect:firehose sourcetype for this data source. (See in Artifacts for the Lambda function and configuration details)
Contact Lens Analysis Reports [sourcetype=aws:contactlens:s3]
Connect admin can generate voice analysis reports for every voice call using the Contact Lens service. When enabled, the service analyzes the voice call after the call is complete and publishes a report to a S3 bucket. Splunk pulls these JSON reports from S3 using the SQS-based-S3 input provided in the Splunk AWS TA. Splunk uses this data to provide bidirectional sentiment analysis for each contact. Use the aws:contactlens:s3 sourcetype for this data source.
Connect Instance Metrics [sourcetype=aws:connect:cloudwatch:metrics]
Connect generates instance and application specific metrics. These metrics are sent to Cloudwatch. Splunk pulls these metrics using the Splunk AWS TA. Use the aws:connect:cloudwatch:metrics sourceytpe for this data source.
NOTE: The connect metric namespace has to be setup in the TA before the metric data can be pulled. See below in the Artifacts section for examples
Contact Flow Logs [sourcetype=aws:connect:cloudwatchlogs]
Connect admin can generate contact flow logs for each contact flow. When contact flow logging is enabled in Connect, the logs are sent to Cloudwatch logs. Splunk can pull those logs from the specific cloud watch log groups using Splunk AWS TA. Use the aws:connect:cloudwatchlogs sourcetype for this data source.
NOTE: Permissions for Lambda functions used by contact flows need to be added to Connect configuration to invoke those functions. (Splunk can pull those lambda function logs from the respective cloud watch log groups using Splunk AWS TA. Use the aws:cloudwatchlogs sourcetype for this data source).
Use the publicly available serverless application (splunk-amazon-connect-api-metrics-processor) to query Connect API metrics and send the data to a kinesis data stream.
Connect metric namespaces (These inputs are created under Splunk_TA_AWS for pulling connect Cloudwatch metrics)
[aws_cloudwatch://aws-connect-metrics_b10926bf-4a60-46a1-ab13-6f6143139a91]
aws_account = aws-xxx
aws_region = us-west-2
index = main
metric_dimensions = [{"Participant":[".*"],"Type of Connection":[".*"],"Instance ID":[".*"],"Stream Type":[".*"]}]
metric_names = ".*"
metric_namespace = AWS/Connect
period = 60
polling_interval = 3600
sourcetype = aws:connect:cloudwatch:metrics
statistics = ["Average","Sum","SampleCount","Maximum","Minimum"]
use_metric_format = false
disabled = 0
[aws_cloudwatch://aws-connect-metrics_28339aac-5985-421d-bab4-cc0abbeab432]
aws_account = aws-xxx
aws_region = us-west-2
index = main
metric_dimensions = [{"InstanceId":[".*"],"MetricGroup":[".*"],"QueueName":[".*"]}]
metric_names = ".*"
metric_namespace = AWS/Connect
period = 60
polling_interval = 3600
sourcetype = aws:connect:cloudwatch:metrics
statistics = ["Average","Sum","SampleCount","Maximum","Minimum"]
use_metric_format = false
disabled = 0
[aws_cloudwatch://aws-connect-metrics_1d096356-2d7f-42ca-a436-a12a4146ab2a]
aws_account = aws-xxx
aws_region = us-west-2
index = main
metric_dimensions = [{"InstanceId":[".*"],"MetricGroup":[".*"]}]
metric_names = ".*"
metric_namespace = AWS/Connect
period = 60
polling_interval = 3600
sourcetype = aws:connect:cloudwatch:metrics
statistics = ["Average","Sum","SampleCount","Maximum","Minimum"]
use_metric_format = false
disabled = 0
The application dashboards should automatically populate as the data flows into Splunk.
New updates to Amazon Connect app with :
Data exploration tools
New top dashboard
Added workflows
New contact lens insights dashboard
Agent endpoint network quality dashboard template
New updates to Amazon Connect app with :
Data exploration tools
New top dashboard
Added workflows
New contact lens insights dashboard
Agent endpoint network quality dashboard template
New updates to Amazon Connect app with :
Data exploration tools
New top dashboard
Added workflows
New contact lens insights dashboard
Fixed broken links in dashboards.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.