Use the System Health page to view a summary of your Splunk SOAR (Cloud) instance. The System Health page includes the following information:

• Running status of Splunk SOAR (Cloud) processes
• Resource consumption
• Health and status of critical processes

Use the System Health page as a starting point to begin troubleshooting issues. Splunk support might ask for the results of this page to start a troubleshooting investigation.

In Splunk SOAR (Cloud) release 7.0.0, the ActionD component has been consolidated into DecideD to simplify the automation engine and improve stability.

Perform the following tasks to get to the System Health page:

1. From the main menu, select Administration.
2. Select System Health > System Health.

The top row of graphs shows you the status of the following system-wide resources:

• Memory usage
• Load average
• Disk usage

Each row after the top row represents the individual system processes important to Splunk SOAR (Cloud). Verify that each process has a green Running status icon. Click Restart if you need to restart any one of the individual processes.

Splunk SOAR (Cloud) runs on top of Linux, so these graphs can be interpreted as you might on any Linux system. On a fairly idle Splunk SOAR (Cloud) system, there might be a significant amount of free memory, unused swap, and a lower load compared to the number of allocated CPU cores. There might also be more free disk space for the database and files.

If you have multiple CPU cores, your CPU usage might be above 100%. This likely indicates that a process is effectively using more than one CPU core. For example, if a single process is using 60% of two cores, you might see 120% CPU usage.

The Splunk SOAR (Cloud) processing daemons IngestD, DecideD, and WorkflowD perform various scheduling, decision, and management functions as well as critical background functions. All three must be running in order for Splunk SOAR (Cloud) to work properly. Splunk SOAR (Cloud) also relies on HTTPD and Postgres, which is the database.