Use the Content Pack for SOAR System Logs

After you complete the steps described in Install and configure the Content Pack for SOAR System Logs, you're ready to leverage the following objects included with the content pack:

Service Analyzer

After you set up your SOAR services, you can begin to monitor the health of your SOAR environment in the ITSI Service Analyzer. The Service Analyzer is the home page for ITSI and serves as your starting point for monitoring your services.

After you install the Content Pack for SOAR System Logs, your SOAR services appear automatically in the Service Analyzer.

You can create a custom saved service analyzer view specifically filtered to your SOAR services. This functionality is especially important if you're monitoring other parts of your Splunk Enterprise environment in ITSI.

For more information about the Service Analyzer, see Overview of the Service Analyzer in ITSI.

Deep dives

Deep dives are an investigative tool to help you identify and analyze issues in your IT environment. View KPI search results over time, zoom in on KPI search results, and visually correlate root causes. For more information about deep dives, see Overview of deep dives in ITSI.

The Content Pack for SOAR System Logs contains the following preconfigured deep dives:

• Splunk App for SOAR - OS metrics to monitor your SOAR OS service and its corresponding KPIs.
• Splunk App for SOAR - System Health to view the SOAR system logs and their corresponding KPIs.

To view the deep dives, click Deep Dives from the ITSI main menu.

Seeing No data on any of the error-based event lanes in a deep dive means there are no errors. If errors do occur, click the Events lane to see log events at that time.