Splunk troubleshooting
This section provides information to help you solve problems you might encounter when using Kaspersky CyberTrace with Splunk.
If you encounter a problem while using Kaspersky CyberTrace, the specialists at Kaspersky can assist you. Contact your Technical Account Manager (TAM) for more information about solutions to problems.
Problem: Kaspersky CyberTrace App does not display the events from Feed Service or displays them incorrectly
To solve this problem, try the following actions:
- Make sure that the Feed Service computer is turned on and that Feed Service is running.
- Make sure that the Feed Service computer is accessible from the computer on which Splunk is installed. You can use the
ping utility for this purpose. - Make sure that the Feed Service configuration file contains a correct output connection string (you can check the connection string on the Settings > Service tab in Kaspersky CyberTrace Web).
- Make sure that ports and addresses for incoming events are specified correctly in the Kaspersky CyberTrace App configuration file.
- Make sure that the specified ports are open. You can use the
netcat utility for this purpose. - Try using the default integration scheme for Splunk and Feed Service (in this scheme, the forwarder, indexer, and search head are installed on a single computer).
Problem: Feed Service does not receive events from Splunk
To solve this problem, try the following actions:
- Make sure that the Splunk computer is turned on and that Splunk is running.
- Make sure that the Feed Service computer is accessible from the Splunk computer. You can use the
ping utility for this purpose. - Make sure that the events are forwarded from Splunk to Feed Service. Check that addresses and ports are specified correctly in Kaspersky CyberTrace App configuration files.
- Make sure that ports specified in the Kaspersky CyberTrace App configuration files are open on the Feed Service computer. You can use the
netcat utility for this purpose. - Try using the default integration scheme for Splunk and Feed Service.
Page top