In Splunk, go to settings->data inputs, then click udp. Add a UDP port there if there is not already one (I used 50000 to be sure that there were no conflicts), then click next. On the next page, for sourcetype select operating system->syslog. Everything else can be the defaults, but I had the Kaspersky stuff go into it's own index, but that's just me.
In Kaspersky, go to the Administration Server page, and click "Configure Notifications and Event Export", then select "Configure export to SIEM system." Make sure that "automatically export..." is checked, select "Splunk (CEF Format)" for the SIEM system, enter the IP address of your Splunk server, enter the port that you selected in Splunk and UDP. Click apply.
Data should start showing up in Splunk now.
... View more