Fells like you're mixing up options a little. As I don't know your device in details, it is up to you to figure out how to fetch data from said device.
Some options coming to mind:
- download log files generated by device directly (if HTTP/FTP interface is available) and push logs via filebeat/logstash. Some devices might generate CSV-files
- if filebeat can run on device, you can use it to collect logs directly. But I would advise not todo so, as resources on devices might be pretty precious already
- configure device syslog output (if available) to point to custom syslog or directly to logstash. With syslog I'm meaning the syslog network protocol.
- If device publishes stats via netflow search for a netflow collector (I think there is a community plugin for logstash as well)
- if device support poll like interface like (HTTP, SNMP) see if you can find a collector getting these data.
It must not only be one device. In VOIP networks some devices might only handle SIP and others will only do RTP. Find the devices closes to the border of your network and try to collect data one way or the other.
There are some commercial VOIP monitors also using packet sniffing like packetbeat does. But adding an RTP analyzer to packetbeat is definitely not a trivial task + deployment can be quite a pain as concurrently analyzing a few thousands calls might be quite resource intensive.