This section provides information to help you solve problems you might encounter when using Kaspersky CyberTrace with Splunk.
If you encounter a problem while using Kaspersky CyberTrace, the specialists at Kaspersky can assist you. Contact your technical account manager (TAM) for more information about solutions to problems.
Problem: Kaspersky CyberTrace App does not display the events from Feed Service or displays them incorrectly
Make sure that the specified ports are open. You can use the netcat utility for this purpose.
Try using the default integration scheme for Splunk and Feed Service (in this scheme, the forwarder, indexer, and search head are installed on a single computer).
Problem: Feed Service does not receive events from Splunk
To solve this problem, try the following actions:
Make sure that the Splunk computer is turned on and that Splunk is running.
Make sure that the Feed Service computer is accessible from the Splunk computer. You can use the ping utility for this purpose.
Make sure that the events are forwarded from Splunk to Feed Service. Check that addresses and ports are specified correctly in Kaspersky CyberTrace App configuration files.
Make sure that ports specified in the Kaspersky CyberTrace App configuration files are open on the Feed Service computer. You can use the netcat utility for this purpose.
Try using the default integration scheme for Splunk and Feed Service.