Advanced Search

Overview

Advanced Search is a very minimalistic user interface to a very powerful SIP3 search API. Its syntax was inspired by Wireshark filters and includes three main groupings of search attributes: sip, rtp and rtcp. Advanced Search input represents a SIP3 query which consists of selected time range and one or many search attributes expressions connected via logical AND operator:

Expressions

Search attributes expressions are very simple syntactic constructions:

<attribute><operator><value>

SIP3 supports 3 main attributes types: String, Boolean and Number. In meantime each of the types support a certain list of operators:

Operator Types Description

Operator	Types	Description
`=`	`String`, `Boolean`, `Number`	Equals
`!=`	`String`, `Boolean`, `Number`	Not equals
`>`	`Number`	More than
`<`	`Number`	Less than
`=~`	`String`	Regular expression

=

String, Boolean, Number

Equals

!=

String, Boolean, Number

Not equals

>

Number

More than

<

Number

Less than

=~

String

Regular expression

If search attribute has finite amount of possible values (as for instance any Boolean or some String attributes do) all its values will be shown in a dropdown menu:

Search Attribute With Finite Amount Of Possible Values

Otherwise, you can just write anything as its value:

Search Attribute With Infinite Amount Of Possible Values

For Number attributes duration, trying_delay etc you can use s(Seconds) and m(Minutes) suffix in values. I.e. next expressions has the same result:

sip.duration>60000
sip.duration>60s
sip.duration>1m

Groupings

As it was mentioned above every SIP3 query is a combination of multiple search attributes expressions. And here you have no limitations. Feel free to combine as many attributes as you need. They also can be from different groupings like "sip.caller=plami rtp.r_factor<30". There is only one thing you need to account for:

Queries "sip.caller=plami rtp.r_factor<30" and "rtp.r_factor<30 sip.caller=plami" are not the same because SIP3 uses different database collections for signaling and media data indexes. It’s up to you to decide which one of these queries will be faster.

`"sip"` attributes

As you already got it the sip grouping is a set of attributes corresponding to the SIP protocol. The sip grouping consists of 25 default search attributes but could be easily extended with User-Defined Attributes.

Attribute Type Description

Attribute	Type	Description
`sip.addr`	`String`	Source or destination IP address. Virtual attribute which helps to cover queries like `sip.src_addr=127.0.0.1 or sip.dst_addr=127.0.0.1`
`sip.src_addr`	`String`	Source IP address
`sip.dst_addr`	`String`	Destination IP address
`sip.host`	`String (with options)`	Source or destination host. Virtual attribute which helps to cover queries like `sip.src_host=PBX-1 or sip.dst_host=PBX-1`
`sip.src_host`	`String (with options)`	Source host
`sip.dst_host`	`String (with options)`	Destination host
`sip.user`	`String`	`From` or `To` SIP headers user. Virtual attribute which helps to cover queries like `sip.caller=plami or sip.callee=plami`
`sip.caller`	`String`	`From` SIP header user. Take into account that `sip.caller` might be re-assigned within a User-Defined Function
`sip.callee`	`String`	`To` SIP header user. Take into account that `sip.callee` might be re-assigned within a User-Defined Function
`sip.method`	`String(with options)`	SIP method. Helps to optimize your search request performance by querying corresponding data only
`sip.call_id`	`String`	`Call-ID` SIP header
`sip.state`	`String(with options)`	Call, registration or transaction state. For instance, possible call states are `unknown`, `redirected`, `answered`, `canceled` and `failed`
`sip.error_code`	`String(with options)`	Last SIP session’s transaction error code
`sip.error_type`	`String(with options)`	Last SIP session’s transaction error type: `client`, `server` or `global`
`sip.duration`	`Number`	SIP call duration in milliseconds
`sip.trying_delay`	`Number`	Time in milliseconds between SIP INVITE request and corresponding 100 SIP response
`sip.setup_time`	`Number`	Time in milliseconds between SIP INVITE request and corresponding 18x SIP response
`sip.cancel_time`	`Number`	Time in milliseconds between SIP INVITE request and corresponding 487 SIP response
`sip.establish_time`	`Number`	Time in milliseconds between SIP INVITE request and corresponding 200 SIP response
`sip.disconnect_time`	`Number`	Time in milliseconds between SIP BYE request and corresponding 200 SIP response
`sip.transactions`	`Number`	Amount of SIP transactions
`sip.retransmits`	`Number`	Amount of SIP retransmits
`sip.terminated_by`	`String(with options)`	Party terminated SIP session: `caller` or `callee`
`sip.overlapped_interval`	`Number`	Difference in milliseconds between a time when REGISTER session is supposed be expired and a time when renewal SIP REGISTER message came. Helps to find SIP user agents who ignore `Expiration` SIP header contract
`sip.overlapped_fraction`	`Number`	`sip.overlapped_interval` ratio. Helps to find SIP user agents who ignore `Expiration` SIP header contract
`sip.my_custom_attribute`	`String(with or without options)`, `Boolean`	Custom User-Defined Attributes

sip.addr

String

Source or destination IP address. Virtual attribute which helps to cover queries like sip.src_addr=127.0.0.1 or sip.dst_addr=127.0.0.1

sip.src_addr

String

Source IP address

sip.dst_addr

String

Destination IP address

sip.host

String (with options)

Source or destination host. Virtual attribute which helps to cover queries like sip.src_host=PBX-1 or sip.dst_host=PBX-1

sip.src_host

String (with options)

Source host

sip.dst_host

String (with options)

Destination host

sip.user

String

From or To SIP headers user. Virtual attribute which helps to cover queries like sip.caller=plami or sip.callee=plami

sip.caller

String

From SIP header user. Take into account that sip.caller might be re-assigned within a User-Defined Function

sip.callee

String

To SIP header user. Take into account that sip.callee might be re-assigned within a User-Defined Function

sip.method

String(with options)

SIP method. Helps to optimize your search request performance by querying corresponding data only

sip.call_id

String

Call-ID SIP header

sip.state

String(with options)

Call, registration or transaction state. For instance, possible call states are unknown, redirected, answered, canceled and failed

sip.error_code

String(with options)

Last SIP session’s transaction error code

sip.error_type

String(with options)

Last SIP session’s transaction error type: client, server or global

sip.duration

Number

SIP call duration in milliseconds

sip.trying_delay

Number

Time in milliseconds between SIP INVITE request and corresponding 100 SIP response

sip.setup_time

Number

Time in milliseconds between SIP INVITE request and corresponding 18x SIP response

sip.cancel_time

Number

Time in milliseconds between SIP INVITE request and corresponding 487 SIP response

sip.establish_time

Number

Time in milliseconds between SIP INVITE request and corresponding 200 SIP response

sip.disconnect_time

Number

Time in milliseconds between SIP BYE request and corresponding 200 SIP response

sip.transactions

Number

Amount of SIP transactions

sip.retransmits

Number

Amount of SIP retransmits

sip.terminated_by

String(with options)

Party terminated SIP session: caller or callee

sip.overlapped_interval

Number

Difference in milliseconds between a time when REGISTER session is supposed be expired and a time when renewal SIP REGISTER message came. Helps to find SIP user agents who ignore Expiration SIP header contract

sip.overlapped_fraction

Number

sip.overlapped_interval ratio. Helps to find SIP user agents who ignore Expiration SIP header contract

sip.my_custom_attribute

String(with or without options), Boolean

Custom User-Defined Attributes

`"rtp"` and `"rtcp"` attributes

It doesn’t make sense to separate rtp and rtcp groupings definition because after all both groupings have the same set of attributes. The only one difference between these two - is a source of data: RTP or RTCP protocols.

Attribute Type Description

Attribute	Type	Description
`rtp.addr`, `rtcp.addr`	`String`	Source or destination IP address. Virtual attribute which helps to cover queries like `sip.src_addr=127.0.0.1 or sip.dst_addr=127.0.0.1`
`rtp.src_addr`, `rtcp.src_addr`	`String`	Source IP address
`rtp.dst_addr`, `rtcp.dst_addr`	`String`	Destination IP address
`rtp.host`, `rtcp.host`	`String (with options)`	Source or destination host. Virtual attribute which helps to cover queries like `sip.src_host=PBX-1 or sip.dst_host=PBX-1`
`rtp.src_host`, `rtcp.src_host`	`String (with options)`	Source host
`rtp.dst_host`, `rtcp.dst_host`	`String (with options)`	Destination host
`rtp.mos`, `rtcp.mos`	`Number`	Mean Opinion Score. Always stays in from 0 to 5 range
`rtp.r_factor`, `rtcp.r_factor`	`Number`	R-Factor. Always stays in from 0 to 100 range
`rtp.codec`, `rtcp.codec`	`String (with options)`	Codec used for media data processing
`rtp.bad_report_fraction`, `rtcp.bad_report_fraction`	`Number`	During a media session participants generate and send multiple RTCP messages. Each of the messages represents a single report. This metric helps to find media sessions with problems during entire time of the session
`rtp.one_way`, `rtcp.one_way`	`Boolean`	Helps to find one-way media streams
`rtp.duration`, `rtcp.duration`	`Number`	Media session duration in milliseconds

rtp.addr, rtcp.addr

String

Source or destination IP address. Virtual attribute which helps to cover queries like sip.src_addr=127.0.0.1 or sip.dst_addr=127.0.0.1

rtp.src_addr, rtcp.src_addr

String

Source IP address

rtp.dst_addr, rtcp.dst_addr

String

Destination IP address

rtp.host, rtcp.host

String (with options)

Source or destination host. Virtual attribute which helps to cover queries like sip.src_host=PBX-1 or sip.dst_host=PBX-1

rtp.src_host, rtcp.src_host

String (with options)

Source host

rtp.dst_host, rtcp.dst_host

String (with options)

Destination host

rtp.mos, rtcp.mos

Number

Mean Opinion Score. Always stays in from 0 to 5 range

rtp.r_factor, rtcp.r_factor

Number

R-Factor. Always stays in from 0 to 100 range

rtp.codec, rtcp.codec

String (with options)

Codec used for media data processing

rtp.bad_report_fraction, rtcp.bad_report_fraction

Number

During a media session participants generate and send multiple RTCP messages. Each of the messages represents a single report. This metric helps to find media sessions with problems during entire time of the session

rtp.one_way, rtcp.one_way

Boolean

Helps to find one-way media streams

rtp.duration, rtcp.duration

Number

Media session duration in milliseconds

Search History

It happens that we can go into wrong direction while troubleshooting a particular problem. In such cases it might be good to be able to get a few steps back. That’s why Advanced Search has a history of searches section:

Search History can be opened by hitting Ctrl/Cmd + Arrow Down as well.

Conclusions

Now when you know how to use Advanced Search let’s take a look at Call Details section.

Advanced Search

Overview

Expressions

Groupings

"sip" attributes

"rtp" and "rtcp" attributes

Search History

Conclusions

`"sip"` attributes

`"rtp"` and `"rtcp"` attributes