Kaspersky CyberTrace
Troubleshooting > Splunk troubleshooting

Splunk troubleshooting

This section provides information to help you solve problems you might encounter when using Kaspersky CyberTrace with Splunk.

If you encounter a problem while using Kaspersky CyberTrace, the specialists at Kaspersky can assist you. Contact your technical account manager (TAM) for more information about solutions to problems.

Problem: Kaspersky CyberTrace App does not display the events from Feed Service or displays them incorrectly

To solve this problem, try the following actions:

  • Make sure that the Feed Service computer is turned on and that Feed Service is running.
  • Make sure that the Feed Service computer is accessible from the computer on which Splunk is installed. You can use the ping utility for this purpose.
  • Make sure that the Feed Service configuration file contains a correct output connection string (you can check the connection string on the Settings > Service tab in Kaspersky CyberTrace Web).
  • Make sure that ports and addresses for incoming events are specified correctly in the Kaspersky CyberTrace App configuration file.
  • Make sure that the specified ports are open. You can use the netcat utility for this purpose.
  • Try using the default integration scheme for Splunk and Feed Service (in this scheme, the forwarder, indexer, and search head are installed on a single computer).

Problem: Feed Service does not receive events from Splunk

To solve this problem, try the following actions:

  • Make sure that the Splunk computer is turned on and that Splunk is running.
  • Make sure that the Feed Service computer is accessible from the Splunk computer. You can use the ping utility for this purpose.
  • Make sure that the events are forwarded from Splunk to Feed Service. Check that addresses and ports are specified correctly in Kaspersky CyberTrace App configuration files.
  • Make sure that ports specified in the Kaspersky CyberTrace App configuration files are open on the Feed Service computer. You can use the netcat utility for this purpose.
  • Try using the default integration scheme for Splunk and Feed Service.
Article ID: 171571, Last review: Apr 14, 2021
Page top