Splunk troubleshooting

This section provides information to help you solve problems you might encounter when using Kaspersky CyberTrace with Splunk.

If you encounter a problem while using Kaspersky CyberTrace, the specialists at Kaspersky can assist you. Contact your Technical Account Manager (TAM) for more information about solutions to problems.

Problem: Kaspersky CyberTrace App does not display the events from Kaspersky CyberTrace Service or displays them incorrectly

To solve this problem, try the following actions:

• Make sure that the Kaspersky CyberTrace Service computer is turned on and that Kaspersky CyberTrace Service is running.
• Make sure that the Kaspersky CyberTrace Service computer is accessible from the computer on which Splunk is installed. You can use the ping utility for this purpose.
• Make sure that the Kaspersky CyberTrace Service configuration file contains a correct output connection string (you can check the connection string on the Settings > Service tab in Kaspersky CyberTrace Web).
• Make sure that ports and addresses for incoming events are specified correctly in the Kaspersky CyberTrace App configuration file.
• Make sure that the specified ports are open. You can use the netcat utility for this purpose.
• Try using the default integration scheme for Splunk and Kaspersky CyberTrace Service (in this scheme, the forwarder, indexer, and search head are installed on a single computer).

Problem: Kaspersky CyberTrace Service does not receive events from Splunk

To solve this problem, try the following actions:

• Make sure that the Splunk computer is turned on and that Splunk is running.
• Make sure that the Kaspersky CyberTrace Service computer is accessible from the Splunk computer. You can use the ping utility for this purpose.
• Make sure that the events are forwarded from Splunk to Kaspersky CyberTrace Service. Check that addresses and ports are specified correctly in Kaspersky CyberTrace App configuration files.
• Make sure that ports specified in the Kaspersky CyberTrace App configuration files are open on the Kaspersky CyberTrace Service computer. You can use the netcat utility for this purpose.
• Try using the default integration scheme for Splunk and Kaspersky CyberTrace Service.