This section provides information to help you solve problems you might encounter when using Kaspersky CyberTrace with Splunk.
If you encounter a problem while using Kaspersky CyberTrace, the specialists at Kaspersky can assist you. Contact your Technical Account Manager (TAM) for more information about solutions to problems.
Problem: Kaspersky CyberTrace App does not display the events from Kaspersky CyberTrace Service or displays them incorrectly
Make sure that the Kaspersky CyberTrace Service computer is accessible from the computer on which Splunk is installed. You can use the ping utility for this purpose.
Make sure that the Kaspersky CyberTrace Service configuration file contains a correct output connection string (you can check the connection string on the Settings > Service tab in Kaspersky CyberTrace Web).
Make sure that the specified ports are open. You can use the netcat utility for this purpose.
Try using the default integration scheme for Splunk and Kaspersky CyberTrace Service (in this scheme, the forwarder, indexer, and search head are installed on a single computer).
Problem: Kaspersky CyberTrace Service does not receive events from Splunk
To solve this problem, try the following actions:
Make sure that the Splunk computer is turned on and that Splunk is running.
Make sure that the Kaspersky CyberTrace Service computer is accessible from the Splunk computer. You can use the ping utility for this purpose.
Make sure that the events are forwarded from Splunk to Kaspersky CyberTrace Service. Check that addresses and ports are specified correctly in Kaspersky CyberTrace App configuration files.
Make sure that ports specified in the Kaspersky CyberTrace App configuration files are open on the Kaspersky CyberTrace Service computer. You can use the netcat utility for this purpose.
Try using the default integration scheme for Splunk and Kaspersky CyberTrace Service.