Upgrading Kaspersky CyberTrace integration (Splunk)
This section describes how to finish the integration of Kaspersky CyberTrace with Splunk after the upgrade of the Kaspersky CyberTrace files.
When upgrading the integration of Kaspersky CyberTrace with Splunk to version 3.1.0, import the new version of Kaspersky CyberTrace App for Splunk to Splunk. During the import, select the Upgrade app. Checking this will overwrite the app if it already exists. setting.
The application settings will be reset. The old settings will be saved in %SPLUNK_DIRECTORY%/etc/apps/Kaspersky-CyberTrace-App-for-Splunk/default.old.%CURRENT_DATE%, where %CURRENT_DATE% can be in the format yyyymmdd-hhmmss (for example, 20190725-161423). Kaspersky CyberTrace App for Splunk must be configured in its entirety, similarly to the way in which the old version was configured.