We use the solution to monitor our own internal applications. We monitor analogs and various other DB Connect sources.
Officer at State Street
Enables us to consolidate tools but it should improve its pricing
Pros and Cons
- "Alerts and episodes are valuable to me."
- "The solution should integrate more features in NEAP."
What is our primary use case?
How has it helped my organization?
The tool has replaced some other products in our organization. It’s coming in very handy.
What is most valuable?
Alerts and episodes are valuable to me. These features put all notable events together and give us an opportunity to take action.
What needs improvement?
We can take actions based on NEAPs, like emails and service now tickets. It is pretty basic at the moment. The solution should integrate more features in NEAP.
Buyer's Guide
Splunk ITSI (IT Service Intelligence)
October 2024
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
For how long have I used the solution?
I have been using the solution for about a year.
What do I think about the stability of the solution?
The solution is pretty stable.
What do I think about the scalability of the solution?
The product is extremely scalable.
How are customer service and support?
I work with a lot of Splunk’s support people. I like them. They're all good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using a software called Genius. We use Splunk IT Service Intelligence now, and it's more cost-effective overall.
What about the implementation team?
I have been maintaining the solution. The product is straightforward to maintain. We just need to follow the best practices, and it works. We have a lot of users, so it's difficult controlling what the users do in the environment.
What was our ROI?
The tool is a centralized place to collect all our data and compute against it. It has the potential for an ROI.
What's my experience with pricing, setup cost, and licensing?
Pricing has some room for improvement.
Which other solutions did I evaluate?
We evaluated other options, but Splunk seemed to be the best. It is the industry leader, so it was a no-brainer.
What other advice do I have?
We have an on-prem instance. Everything's pretty much on-prem. We work with cloud logs. Monitoring multiple cloud environments using the solution is pretty straightforward and easy. It is extremely important to us that the solution has end-to-end visibility into our cloud-native environment.
The solution has helped reduce our mean time to resolve. The product has helped improve our organization’s business resilience. Its ability to predict, identify, and solve problems in real-time is pretty good as long as the source is good and we use it well.
The tool’s ability to provide business resilience by empowering staff is alright. We have experienced cost efficiencies by switching to Splunk IT Service Intelligence. I know it used to be ingestion, and now it's like a CPU. It's always evolving. I was not involved in the initial setup. The solution still has some room for improvement.
Overall, I rate the product a six or seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Data Engineer at Memorial Sloan-Kettering Cancer Center
Has an excellent ability to provide business resilience by empowering staff
Pros and Cons
- "The most valuable feature is the Glass Tables. It gives you a nice, good overview of your KPIs. It's really slick and clean."
- "It could be a little easier to use with the thresholding. We've struggled a little bit with thresholding."
What is our primary use case?
We have medical use cases. We monitor batch processes for our medical system. We batch-process data ingestion from our data warehouses just to make sure they're performing appropriately. If there's an outlier we'll report it or create an incident.
How has it helped my organization?
Splunk has just started to improve my organization. It's still in its infancy. We still have some kinks to work out, but it's actually giving us much better visibility than creating a normal Splunk dashboard. It's an easier process in that regard.
It has 100% improved my organization's business resilience. We're able to get better metrics. We have a project where we've actually saved the organization millions of dollars in regards to lost revenue. We were using Splunk Dashboards to determine a situation where billing wasn't being done correctly. Billing was never actually sent out to insurance companies, then that's where we found things that were falling between the cracks.
In terms of cost efficiencies, we're able to find situations where patient care is falling below the thresholds. We have other projects that are coming into play that are going to be huge for the organization that will be reporting back to the state.
What is most valuable?
The most valuable feature is the Glass Tables. It gives you a nice, good overview of your KPIs. It's really slick and clean.
Splunk's ability to predict, identify and solve problems in real time is excellent. We were able to see things we haven't been able to see before just because the data from multiple systems is so helpful.
Its ability to provide business resilience by empowering staff is excellent. Everybody wants to use it.
What needs improvement?
It could be a little easier to use with the thresholding. We've struggled a little bit with thresholding.
For how long have I used the solution?
We have been using Splunk ITSI for one and a half to two years.
What do I think about the stability of the solution?
Their stability is excellent. It's not a Windows product. I don't have to restart it. It's a ten out of ten.
What do I think about the scalability of the solution?
We can scale horizontally. It's a nine out of ten.
How are customer service and support?
Their support is good. During the time of COVID, it took a while to get somebody to get back to us, but that was expected. Overall, the support has been good. We haven't had many issues. We'll dig deep into the weeds before we even bother calling Splunk.
I would rate support a seven out of ten. I wish their response time was better.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Before ITSI, we had Datadog and there was one other product we were managing. We didn't have any visibility into it, and Splunk is a very visible product versus other ones where it's a little more locked down from the access respective.
We switched to Splunk because of the ease of use and the ability to ingest logs from pretty much everywhere.
We had some in-house solutions, which weren't great because we were building in .NET versus something that's like Splunk, which we can pull data from everywhere, including from a .NET solution.
How was the initial setup?
I was the first one to deploy it at the organization. We started with me and one manager, and then it turned into a team of five engineers, we had a riff, and we were down to three.
We made the mistake of initially deploying it on Windows. We learned very quickly that that was a big mistake and then we switched over to a Linux environment. In general, the deployment wasn't that bad. The documentation that Splunk offers has always been great. If we had any questions, we always went to support with those questions. It was pretty simple.
What was our ROI?
Other departments have seen ROI through being able to offer better and more efficient patient care.
What's my experience with pricing, setup cost, and licensing?
We like the old perpetual licensing model but everybody's going more towards the two-year. I think the professional services hours thrown in there is actually a pretty good benefit.
What other advice do I have?
I would rate Splunk ITSI a nine out of ten. Not a ten because the learning curve makes it tricky.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Splunk ITSI (IT Service Intelligence)
October 2024
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Splunk Administrator / Architect at MetLife
Provides great end-to-end visibility into our network environment and helped us reduce alert noise
Pros and Cons
- "Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered."
- "The data recovery has room for improvement."
What is our primary use case?
Splunk ITSI is used to analyze data and create alerts. This helps us to maintain our security best practices.
How has it helped my organization?
Our organization was looking for a security monitoring tool. I use Splunk ITSI as a monitoring and security tool. It helps me to protect data and prevent malware and hackers from accessing my environment. Splunk ITSI can be used to protect our role and infrastructure. It can also provide insights into how and what is helpful within our infrastructure.
Splunk ITSI provides great end-to-end visibility into our network environment. It can identify the exact root cause of an issue without any additional troubleshooting on my part.
Predictive analytics is valuable for preventing incidents before they occur because it allows me to see when the data stopped being indexed, which saves me time from having to investigate.
Splunk ITSI makes it easier to secure our entire infrastructure. Before Splunk ITSI, our environment was chaotic.
Splunk ITSI streamlines our incident management by providing a financial report of all applications in our environment.
Splunk ITSI has helped us reduce alert noise. After configuring ITSI, we set certain parameters based on our alerts. These alerts are the conditions that ITSI uses to automatically reduce noise.
Splunk ITSI helps to reduce our mean time to detect by monitoring key performance indicators such as CPU overload and the percentage of use revenue trend. On average the automation has reduced our mean time to detect by five minutes.
Splunk ITSI significantly reduces our mean time to resolve because most of our time was previously spent troubleshooting. With ITSI, we don't have to troubleshoot at all.
Splunk ITSI can help reduce downtime, but the extent of its effectiveness depends on how it is implemented.
What is most valuable?
Splunk ITSI has a lot of advantages. There are a lot of different aspects when implementing Splunk ITSI in our environment.
Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered. This automation can pass through the CI/CD pipeline tool, which helps to increase security.
What needs improvement?
The data recovery has room for improvement.
For how long have I used the solution?
I have been using Splunk ITSI for three years now.
Splunk ITSI can be deployed on-premises or in the cloud. However, we typically deploy it in the cloud because of the available services. These services do require a lot of permissions.
What do I think about the stability of the solution?
Splunk ITSI is stable.
What do I think about the scalability of the solution?
Splunk ITSI is scalable.
How are customer service and support?
The quality of support depends on the individual use case and how we configure the solution.
How would you rate customer service and support?
Positive
How was the initial setup?
Splunk ITSI can be installed remotely or manually. The deployment time depends on the operating system being used to deploy the solution into the cloud. Once ITSI is deployed, I can perform a ROM test through the CI/CD pipeline.
What was our ROI?
Splunk ITSI's visibility into our environment provides good value to our organization.
What's my experience with pricing, setup cost, and licensing?
Splunk ITSI is a pay-per-use service that is priced fairly based on the amount of data we use.
What other advice do I have?
I give Splunk ITSI an eight out of ten.
Splunk ITSI is a cheaper and easier-to-use alternative to APM solutions. Unlike APM solutions, Splunk ITSI also helps with application management, memory management, host log volume, and CPU usage.
Our clients vary in size, with some using small amounts of data and others using terabytes of data within Splunk ITSI.
Splunk ITSI maintenance involves updating the software and ensuring that it is compatible with the applications that it will integrate with.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: partner
Tech Lead at a tech vendor with 1,001-5,000 employees
Provides a unified view of alerts and supports heat maps and glass tables for visualization and monitoring
Pros and Cons
- "I find the episode review, glass tables, and correlation search features very useful."
- "Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well."
What is our primary use case?
There are multiple use cases, which include heat maps, glass tables, and predictive analysis.
The first one is mainly related to heat maps. For example, if you want to monitor the health of a server, you can prepare heat maps for that. When you set up any kind of alerts, they can get missed because people are too busy to check their emails. With these heat maps, the color changes automatically. The Cron job runs behind the scenes, and you don't need to run them manually.
You can also set up a glass table in ITSI for the architecture. For example, a setup like Amazon would have web services, databases, queues, and other things. For the purchase and other things, it has to connect to the external world, so you need to place the complete architecture over there, and you can assign the threshold value. If there is an issue with any of the points, for example, there is an issue with the connectivity of the database, the heat maps would change in color, which helps you to easily identify that there is an issue.
It also has a concept called predictive analysis. For example, your WhatsApp chat backup happens every 24 hours or 7 hours, but you cannot predict how much bandwidth it's going to use during the backup. It might even use 100% of the bandwidth. You cannot set a proper threshold. In such cases, you can use predictive analysis. It'll analyze the data patterns, and based on the data pattern, it predicts if everything is good or if something is bad. It can predict if something is going to fail.
You can have an integration with the ticketing tools. For example, if something happens on any server or PC and you've directly integrated the tickets from Splunk to ServiceNow, it's automatically going to create a ticket in ServiceNow.
There's also a concept of episode review wherein it groups the alerts so that there's no ticket spam in ServiceNow. For example, if you are monitoring a server and it's down, there might be 10 to 20 alerts, which would create 10 or 20 separate tickets and spam your ticketing system. In such cases, you can use the episode review feature. It will merge all those tickets into one and include all the details in that.
How has it helped my organization?
Splunk ITSI allowed us to monitor the health of servers. We can also completely monitor an application and identify data patterns. Automation of ticketing tools can also be done with this. We can also do log monitoring with Splunk ITSI.
It's also helpful for developers. When they create an application, if there is an issue in their code, based on the output data, a request is automatically triggered to the engineering team stating that there is an issue with the code.
The visibility into an application is very good if you configure everything properly. You first have to analyze the application by using any of the monitoring tools such as Elastic, Splunk, etc. You have to analyze the application in and out, and afterward, you have to place the monitors in particular places for end-to-end visibility. For example, in the case of a home security system, to completely secure the home, you have to place the devices in a proper place. Until and unless you place the devices in a proper place, you cannot say that it's completely secured. If you are not keeping the cameras at the main entrance and the windows, or you haven't placed them properly, you can't say that the home is properly secured.
Splunk ITSI is very good for predictive analytics for preventing incidents before they occur. For everything, there are patterns, and based on the algorithm, you are allowing the machine to analyze the data and predict whether the data patterns are coming in a proper way or not. Splunk analyzes the data patterns based on the historical information that we give it. After analyzing the historical information, it creates triggers. If the data that we are feeding into the machine is incorrect, it's not going to work the same way.
There's the accuracy of alerts. In Splunk, the data is almost in real-time, so we get tickets in real-time. If there's a failure, we can roll over to the backup applications immediately. It saved about a million euros for one of our clients. They were having an issue with the Symantec antivirus that blocked the complete Citrix environment, so the workers were not able to sign in and access the application, which led to an outage. Within a matter of minutes, Splunk triggered a ticket, and they identified that they were having an issue with this particular antivirus, and they blocked it.
Splunk ITSI has helped streamline our incident management. There is efficiency in terms of clubbing the tickets and sending tickets with meaningful information, so mainly with the alerting system, you can configure as much information as you want using the Splunk monitoring tools. You can send some links in the ticket, or you can send a separate set of guidelines for the engineers on what has to be done. The clubbing of tickets has also helped a lot to avoid spamming.
Splunk ITSI has reduced our mean time to detect. Based on my experience and the feedback from others who are using it, it has saved a lot of time. The time reduction is significant when compared to other tools in the market.
It has reduced our mean time to resolve. Glass tables have been very helpful. With the help of Splunk ITSI, you can place the heat maps and services in place based on the application architecture to easily identify where the issue is coming from.
What is most valuable?
I find the episode review, glass tables, and correlation search features very useful.
What needs improvement?
Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well.
For how long have I used the solution?
I've been using Splunk ITSI for five or six years.
What do I think about the stability of the solution?
I'd rate it a nine out of ten in terms of stability.
What do I think about the scalability of the solution?
I'd rate it a nine out of ten in terms of scalability.
How are customer service and support?
It isn't 100% satisfactory for all the cases. About 80% of the time, they are good, and about 20% of the time, they aren't as good. They can be very slow. We also had an incident where we asked them to upgrade to a version, but in that latest update, Splunk had removed some concepts because of price issues. As a result of removing a particular module, our complete environment failed. It took us a day to roll back the version and go back to normal. Overall, I'd rate them a seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I used VMware vSphere and a CA Technologies tool. We switched to ITSI because the optimization was very less in them. There is also a significant difference in data parsing. We also have real-time data.
How was the initial setup?
At the beginning of my career, I found it to be complex because you need to know a lot of areas, such as network and firewall rules, routing methodologies, and the cluster concept. I kept on learning along with my teammates, and it's pretty good now.
What about the implementation team?
In the beginning, my teammates helped me, but now I don't need any help. Depending on the load and the environment, I can build things.
What was our ROI?
One of our clients was paying two hundred thousand to three hundred thousand dollars for a report based on the complete data, whereas they could also get the data by running a couple of queries from the database. After the implementation of Splunk, we used something called DB Connect. It was a small tweak, and after that, the price was reduced to a hundred dollars or eighty dollars per annum. All they are doing now is creating or running SQL queries, getting the data back in Splunk, and based on that, triggering and sending a report. That's it. It was all about preparing proper monitoring. The data was already available. We prepared the alerts. Along with the alerts, we also prepared dashboards for the users to visually review the historical information for the past one or two years. They can even see the report month-wise. Two hundred thousand dollars to less than a hundred dollars is incomparable.
What's my experience with pricing, setup cost, and licensing?
Its pricing has been changed as per the market. You get a good support service with it as well. They have 24/7 customer support. There is a portal, and if you are having issues, they are available in order to resolve them. So, its pricing isn't too much.
What other advice do I have?
I'd advise learning the tool properly, understanding its capabilities, and utilizing it efficiently. One of our clients was paying hundreds of dollars towards the license, but they were utilizing it only for server monitoring.
To someone who already has an APM solution but is considering switching to Splunk ITSI, I'd say that switching to ITSI is going to help them a little bit more. The grouping of the ticket to the users can be easily planned. It's not rocket science. It's easier compared to the other tools where you need to create a lot of configuration for that. The configuration has been segregated, which makes it easy for the applications team to set up their own monitoring and group them to avoid the number of tickets generated. You also have predictive analysis along with heat maps and glass tables, which aren't available in other APM tools in the market right now.
Overall, I'd rate Splunk ITSI an eight out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Splunk ENGINEER at a transportation company with 201-500 employees
Offers enhanced visibility, reduces costs, and minimizes the frequency of incidents
Pros and Cons
- "Splunk ITSI offers a valuable visualization tree that allows us to map and analyze dependencies and co-dependency within our environment."
- "ITSI currently lacks the capability for automated response, mitigation, and remediation."
What is our primary use case?
Splunk ITSI is a service intelligence platform that monitors services, availability, endpoints, and interactions within an environment. My experience with ITSI focuses on web application APIs. I installed and configured it for a telecommunications company to monitor web application API services, troubleshoot downtimes, and mitigate failures. ITSI offers a comprehensive view of the environment, enabling top-to-bottom visibility into services, endpoints, and performance. It provides correlation analysis, deep dives, and episode reviews, leveraging AI and machine learning algorithms to detect signals, predict issues, and prepare engineers for potential problems.
How has it helped my organization?
Splunk ITSI's dynamic and highly beneficial end-to-end visibility allows us to gain comprehensive and clear visibility once we configure our settings, services, and entities.
Splunk ITSI's machine learning and AI capabilities are powerful tools that help prevent incidents before they occur. As an engineer, I appreciate the ability to visualize potential future scenarios within my environment. This predictive forecasting feature provides valuable insights into our environment and services.
Due to its complex functionalities, Splunk ITSI requires significant learning. Proper training is essential to understand how these features operate effectively. While the benefits were not immediate, they became apparent over time as we configured, implemented, and utilized the various functionalities. It took several months before the full value of Splunk ITSI was realized.
For incident management and incident response, ITSI assists us by enabling us to create numerous knowledge objects as Splunk users. Whenever an issue arises, these objects can be centered around our services or entities, such as reminders, emails, or notables. Consequently, ITSI significantly aids our management and incident response efforts.
Splunk ITSI effectively reduces the volume of incidents by providing predictive capabilities, enhancing environmental visibility, and facilitating efficient troubleshooting. This deep-dive approach minimizes the occurrence of noisy alerts and consequently lowers the overall incident rate.
It helps reduce alert noise by allowing users to review and group notables. Through the episode review functionality, analysts can examine fired alerts, assign them to specific investigators or analysts, and group them to minimize the occurrence of noisy alerts.
Splunk ITSI has been instrumental in reducing the mean time to detect. While I have other tools as an engineer, ITSI, in conjunction with Splunk SOAR, offers preconfigured automation and quick responses that can further enhance our MTTD. ITSI provides the necessary visibility, and when integrated with SOAR, it aids in detecting and resolving issues more efficiently. These tools work seamlessly together, streamlining our incident response process and improving operational efficiency. Combined, our MTTD is under 30 seconds.
Splunk ITSI has helped reduce the mean time to resolve the issue because we can detect the incidents faster.
It is a valuable tool for cost savings. In a recent project involving web application APIs, ITSI's top-to-bottom visibility and machine learning capabilities enabled us to predict and prevent downtime, reducing losses significantly. By integrating ITSI with an automated tool like SOAR, we implemented automated responses that quickly resolved issues and minimized disruptions. This resulted in substantial savings, estimated to be between five and ten million dollars. Before ITSI, downtime in the web payment application APIs was frequent, leading to significant financial losses. ITSI's implementation has eliminated this issue and provided substantial cost benefits between five and ten million dollars.
What is most valuable?
Splunk ITSI offers a valuable visualization tree that allows us to map and analyze dependencies and co-dependency within our environment. We can quickly identify errors, failures, and cascading impacts from specific branches by inputting our services and entities into this diagram. I have found this feature particularly useful for clearly understanding my environment's dynamics. Additionally, ITSI's deep dive functionality enables detailed examination of service trends over time, providing valuable insights. Furthermore, its AI and machine learning capabilities, especially beneficial for users with relevant knowledge, offer powerful predictive and correlation analysis tools. Overall, ITSI's combination of visualization, deep dive, and AI and ML features makes it an indispensable tool for observability and understanding complex environments.
What needs improvement?
ITSI currently lacks the capability for automated response, mitigation, and remediation. To achieve this, it must be integrated with third-party applications. Adding these features to ITSI would significantly enhance its value. For example, the ability to define specific conditions and triggers for automated responses to alarms or incidents would enable proactive mitigation and detection. Incorporating automated response and detection functionalities into Splunk ITSI would make it a powerful tool for incident management.
For how long have I used the solution?
I have been using Splunk ITSI for seven years.
What do I think about the stability of the solution?
Splunk, as a platform and software, typically operates smoothly without significant lag or crashes. When such issues arise, they are often attributed to insufficient memory or hard drive space allocated for the Splunk installation. These factors are primarily dependent on the project owners and company's available resources and hardware capabilities. However, it's important to note that the Splunk platform itself rarely encounters stability problems.
What do I think about the scalability of the solution?
Splunk ITSI assists in optimizing resource allocation to align with demand. We can effectively manage our infrastructure by accurately predicting resource requirements based on factors such as the environment, project, and specific operations within our facility. Splunk ITSI's machine learning capabilities can also contribute to this predictive analysis or forecasting, further enhancing our ability to optimize resource utilization.
How are customer service and support?
The technical support responded quickly and provided high-quality assistance. They paid close attention to our issue, conducted a remote diagnosis of our environment, and clearly explained the problem and recommended solutions. Their service was exceptional.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial deployment of Splunk ITSI is straightforward. Assuming all other configurations are in place, a full deployment can be completed in approximately 30 minutes. The exact duration depends on the complexity of the environment, including the number of indexers, search heads, and overall workload. For a single installation on a standalone computer with minimal infrastructure and support requirements, the deployment can be completed in just a few seconds.
The number of Splunk ITSI consultants required for a deployment depends on the project's size, architecture, and specific monitoring needs. A small, single-deployment project may only need one consultant. However, larger projects involving clusters of indexers or searchers, or those requiring constant monitoring, may necessitate more consultants. Such complex deployments might require two or three consultants to manage the entire environment effectively.
What other advice do I have?
I would rate Splunk ITSI eight out of ten.
To anyone considering switching to Splunk, I highly recommend it. Splunk offers a wide range of applications, making it a versatile tool for various IT environments. Beyond ITSI, Splunk provides numerous tools and platforms that offer comprehensive insights into IT operations, security, and more. Whether dealing with payments, web application APIs, or any aspect of IT, Splunk can help. Splunk empowers you to gather, search, analyze, and visualize data to create knowledge objects and set endpoints. It enables you to secure, analyze, and query your IT environments, providing valuable insights. Splunk's powerful features, including AI and machine learning algorithms, help you detect issues, streamline alerts, and improve overall operations. Splunk's risk-based alerting and ITSI security features ensure data protection and compliance. It helps safeguard your data in transit, storage, and indexing, providing visibility into access and potential leaks. For compliance, vulnerability, and risk management, Splunk is a valuable asset. I strongly recommend installing Splunk for its ability to enhance IT operations, improve visibility, and ensure security. If observability is a priority, I also encourage exploring Splunk ITSI.
Splunk ITSI is available both in the cloud and on-premises.
For new users, consider hiring a Splunk consultant to provide initial guidance and training. The consultant can demonstrate key features, share best practices, and help you get started. Secondly, familiarize yourself with Splunk's extensive documentation, which is a valuable resource for learning and troubleshooting. It's essential for anyone involved in managing or using Splunk to stay updated on the latest information. Finally, having a consultant work directly with your team can accelerate the learning process. They can provide tailored training, assist with implementation, and ensure that your users are equipped to effectively utilize Splunk's capabilities.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Sep 2, 2024
Flag as inappropriateSenior Manager ICT & at Bangalore International Airport Limited
Empowers organizations to efficiently monitor, analyze, and optimize complex IT environments
Pros and Cons
- "The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes."
- "It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs."
What is our primary use case?
It has enabled effective monitoring, allowing for a comprehensive view of the growing complexity within the IT infrastructure.
How has it helped my organization?
The enhancement to our organization stems from its ability to consistently run rules, actively identifying significant events. This involves an ongoing process of aggregating and configuring notable events into a coherent resource. Additionally, the container version automates website functionalities, including tasks like email reception, providing a heightened level of control.
It has proven highly effective in real-time monitoring of service assistance and KPIs. There has been a noticeable enhancement in automated event clustering. Additionally, the platform facilitates comprehensive analysis for proactive incident prevention.
The end-to-end visibility provided into our network environment is a potent tool for real-time monitoring. It significantly contributes to the monitoring and analysis of complex multi-cloud IT solutions, playing a pivotal role in ensuring efficiency.
Leveraging predictive analytics to proactively prevent incidents before they manifest empowers operations to establish effective management and automation of information related to business processes.
It aids in minimizing alert noise, proving highly effective in incident management. Furthermore, it facilitates root cause analysis.
What is most valuable?
The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes. It promptly raises a red flag, signaling an effective early warning system.
The resilience it provides is invaluable. It ensures continuous application of rules, specifically for identifying notable events, and utilizes revision policies to configure hardware solutions into edge servers. This is essential for my operations to seamlessly proceed.
What needs improvement?
It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs.
For how long have I used the solution?
I have been using it for one year.
What do I think about the scalability of the solution?
It provides good scalability. Approximately, a hundred users use it effectively.
How are customer service and support?
I would rate the customer service and support eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
The installation involves developing a strategy to comprehend the essential services for proper monitoring. Additionally, it entails determining the specific type of intelligent alerts, clusters, and dashboards needed for effective planning. It was done in-house by one individual.
What was our ROI?
The implementation of this solution quickly demonstrated its value.
It resulted in a time reduction of six hours through its implementation.
It contributed to a six-hour reduction in the meantime to detect incidents.
It assisted in decreasing the mean time to resolve by four hours.
What other advice do I have?
Choosing IT Service Intelligence (ITSI) over other vendors is a superior option now, as it operates on a data platform capable of efficiently collecting and managing large volumes of machine-generated data. It would greatly support the utilization of proper predictive analytics due to the capability to preemptively prevent incidents ten to twenty minutes in advance. Overall, I would rate it eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Splunk admin/devepor at Wipro Limited
Reasonably priced with good monitoring and predictive analytics
Pros and Cons
- "We can automate routine tasks. We're able to create alerts, reports, scheduled searches, et cetera. It's helping us to save time."
- "When we check the service analyzer, and we have custom inputs, there are issues."
What is our primary use case?
We are using the solution for correlation searches. We've integrated Splunk with ServiceNow. We're creating aggregation policies to trigger actions in ServiceNow. We use it with the ServiceNow add-on. When something happens in ServiceNow, it's correlated to ITSI as well.
How has it helped my organization?
We can check to see if dependent services are aligned. The service analyzer allows us to see the health of the services.
It's been very good for noise reduction. We have alerts that trigger visually and it helps us prioritize. We can create performance-related dashboards so teams will have a clear overview according to their unique requirements.
What is most valuable?
The infrastructure monitoring is very useful. In our scenario, we can see the performance of logs across parameters like memory or security. We can analyze the data. We can create our own logic and alerts to send to the correlated teams to take care of incidents.
The end-to-end visibility is very good. With the service analyzer, we're able to see if something goes down. It's inspecting the health of services. It's color-coded, so we can check to see if there are any serious issues. We can do deep dives if something is red.
We use the predictive analytics on offer. We have some use cases in which we create forecasts around CPU and memory-related alerts. We can use it to predict costs based on the past 30 or 40 days. We're also trying to use this for anomaly detection. We can make good predictions on the basis of data and trends. As long as we have past data, we can use it to build some predictions for the future. We can use this to create and send predictive reports to our teams to help them take pre-emptive action.
It's helped us to right-size resources to match demand.
The solution has helped us streamline our incident management. We've been able to increase efficiencies through automation.
We've been able to reduce incident volume. If a host is generating frequent tickets, for example, we're able to see it and work on it directly to help us reduce incident counts.
We've been able to effectively reduce alert noise. We can create logic to create tickets. It will create one ticket per episode so that multiple tickets are not created for one single episode - and this helps us reduce noise.
We can automate routine tasks. We're able to create alerts, reports, scheduled searches, et cetera. It's helping us to save time.
What needs improvement?
When we check the service analyzer, and we have custom inputs, there are issues. Sometimes our inputs are not taken or recognized. Alerts are not being automatically generated. Also, if someone comes and creates a maintenance window, we can't properly identify who created it. We have to create our own queries before we can identify anything.
For how long have I used the solution?
I've been using the solution for three years.
What do I think about the stability of the solution?
The solution is very stable.
What do I think about the scalability of the solution?
The solution is scalable. Depending on your infrastructure, it can be a bit tricky.
How are customer service and support?
I haven't had to escalate any issues to technical support.
Which solution did I use previously and why did I switch?
We're using SolarWinds and Splunk in our current environment.
How was the initial setup?
I helped with the initial deployment. We have multiple servers sending data to Splunk. The process is straightforward. For the setup, we had three people involved in the process.
It's not a difficult solution to maintain.
What's my experience with pricing, setup cost, and licensing?
The licensing is based on data ingestion. However, they do have multiple licensing options.
The pricing is reasonable.
What other advice do I have?
Splunk is good. It gives good customized options. Any logic or Python script we need to add, we have the freedom to do so. Most solutions aren't as customizable.
I'd recommend the solution to others. I'd rate it eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Aug 25, 2024
Flag as inappropriateSenior Infrastructure Consultant at Netcompany
Brings our searches to life, create multiple services, and create complex saved searches
Pros and Cons
- "ITSI includes a feature called a glass table."
- "Quality-of-life features have room for improvement."
What is our primary use case?
I work for a consulting company that contracts with an organization to provide operation center services. We use Splunk ITSI as one of our key centralized monitoring tools for the organization. Our goal is to collect data from both the organization's centralized database, Spine, and their cloud platforms, such as AWS and Azure, and send it to Splunk for monitoring. Splunk then creates reports, alerts, and dashboards that we use to visualize the data and make the most of it.
How has it helped my organization?
ITSI has many benefits, but its visualization for monitoring is particularly great. We have been able to identify notable events that have occurred, track them back through history, and see what data is available for a long period of time. One of the best reasons we use ITSI is because of its indexing system. We can collect data from various sources in different formats and then operate on that data, even though we have different data from AWS and Azure. Splunk does a good job of ensuring that the data is compatible with different reporting methods.
Splunk ITSI has helped us streamline our incident management process. We have a custom configuration that outputs some alerts to Slack and others to email. We package only alerts and episodes, and when an alert is triggered, an email is sent and a ServiceNow incident is raised. This has significantly streamlined our analysis process.
Splunk ITSI helped reduce our mean time to detect by ten percent.
What is most valuable?
Splunk ITSI is similar to Splunk Cloud, but it includes some additional features that are specifically useful for IT service management.
We still get the standard package with ITSI, including alerts, reports, and dashboards. However, ITSI also includes a feature called alerts and episodes, which is similar to an ITSM tool. This feature allows us to bring our searches to life and create service trees that focus on business context.
For example, if we create multiple services, we can arrange them in a tree structure. ITSI then uses a traffic light system to indicate the health of each service and its dependencies. This allows us to see the overall health of our IT environment at a glance.
ITSI also includes a powerful KPI system that allows us to create complex saved searches that power multiple different areas of our dashboard. This is very useful for tracking key performance indicators and identifying potential problems early on.
Finally, ITSI includes a feature called a glass table. This feature allows us to create visually appealing dashboards that display our KPIs and other data in a clear and concise way.
What needs improvement?
One issue we have with Splunk Cloud is that the service team is sometimes not very helpful. This is because the team is outsourced, and they often cannot provide us with the information we need. This is a major complaint of mine, and it is unacceptable given the large amount of money we pay for the service. Splunk Cloud outsources its support team, and the people who are supposed to be helping us are not very knowledgeable. They often give us unhelpful or incorrect answers.
The UI needs improvement. With real-time monitoring, we can have a service structure, but we cannot easily adjust the graphical interface. For example, if we have a long name or a 2005 feature, we cannot easily move it slightly to the right on the web page. This can be a real pain.
Our large-scale system is noisy, making it difficult to pinpoint the exact cause. This is a trade-off for using Splunk as a central monitoring tool, as we cannot give everyone access to everyone else's AWS environment. We are investigating ways to reduce the noise, but I am not sure if it is a specific ITSI problem.
Quality-of-life features have room for improvement. The search function and other features are fine, but there are a few UI changes I would make. For example, I would like to be able to extend the graphical user interface so that we can see the full name by moving the window around. It is currently difficult to work with.
We can create a correlation search, but when we save the page, it redirects us to the search system. We should be able to save the page and stay on the page, which is a bit annoying.
We have a lookup file, but it doesn't work very well. In fact, it doesn't work at all. I hope Splunk fixes this at some point. When we make a change, it completely wipes out the change. It also says to type in the search bar, click on what we need, and if we make a slight adjustment, it will completely wipe out the search bar and we have to start over. This is very annoying.
For how long have I used the solution?
I have been using Splunk ITSI for two years.
What do I think about the stability of the solution?
Splunk ITSI is stable. Resilience is essential for our organization. We need it to be active all the time. It is incredibly important because some of our services are platinum-level. If anything goes wrong, we want to know about it instantly. It is very important that ITSI is stable and works as expected, which it does. We have not had too many problems where things have gone wrong. Most likely, these problems have been configuration issues, rather than our availability going down and us being unable to access Splunk. Splunk is up all the time and rarely goes down.
What do I think about the scalability of the solution?
Splunk ITSI is scalable, and scaling is a primary feature of cloud products. With an enterprise license, we can scale as much as we need. However, scalability also depends on our hardware. If we purchase good hardware to run Splunk on, we should be able to scale easily by creating shared clusters, index clusters, and other types of clusters, and pairing them together.
How are customer service and support?
Splunk's technical support is not very good. They outsource their support, and the outsourced support team is not very knowledgeable. I believe that in-house technical support would be better.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
The organization was using Splunk Enterprise which is similar to ITSI.
What's my experience with pricing, setup cost, and licensing?
Splunk ITSI is expensive. We pay for the package once the sales team has priced all of our data and other relevant factors. We don't incur any further costs if we pay for a package. On its own, Splunk ITSI can be quite expensive, which is what scares many customers away. If a customer has the budget to use Splunk ITSI, then it is an excellent choice. It is one of those products where we may need to start weighing up different solutions. Splunk was recently sold to Cisco, and it could become the centralized monitoring tool for the organization for x, y, and z. I believe that our package is one of the lowest priced in the UK, even though we are squeezing as much value as possible out of the service. I would say that we should prioritize longevity over making an extra million pounds or so because that will come with time. However, I don't think that everyone sees it that way.
What other advice do I have?
I would rate Splunk ITSI eight out of ten.
The visibility is good, but the issue we are interested in is split into different factions in some parts. Currently, we are not using ITSI to its full potential. The organization is enterprise-scale, which is huge. It is therefore very difficult to implement some of the ITSI best practices because we have so many different areas, each doing things differently. Standardization is difficult to achieve because everything is so massive. We could better use ITSI to its full capacity, but that is on us. However, I think it would work much better if it were a bit smaller in scale.
Cost is definitely a concern. Splunk can be quite expensive, especially if we are tied into a contract. However, it offers more features and capabilities than other solutions. I don't have a lot of experience with Splunk, but the way it aggregates data is very good. It can also parse and strap data, and search and operate on the data that is sent in. This is also very good. I suggest cleaning up the data before sending it to Splunk. This will make it easier to get real-time monitoring of the data needed. We pay for ingestion and storage, so it makes sense to only send in the data that we need. Splunk is a very good tool to use for building and operating real-time analytics dashboards. It has very good visualization, data separation, and real-time analytics capabilities. It can also create very complex queries that can do a lot.
We have over 50 users spread across the organization, and we implement around 100 or more services. Each service may have a tech lead in x and y and an architect in z. Therefore, Splunk ITSI reaches out to many different people in those departments.
Splunk Cloud takes care of all the maintenance. We simply open a case and they implement any new version as needed.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Splunk ITSI (IT Service Intelligence) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
IT Alerting and Incident Management Application Performance Monitoring (APM) and ObservabilityPopular Comparisons
Splunk Enterprise Security
Elastic Observability
SolarWinds NPM
PRTG Network Monitor
ServiceNow IT Operations Management
Buyer's Guide
Download our free Splunk ITSI (IT Service Intelligence) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- What is an incident response playbook and how is it used in SOAR?
- What is the difference between mitigation and remediation in incident response?
- What tools and solutions do you use for automated incident response in an enterprise in 2022?
- What measures should a business have in place to enable an effective incident response for data breaches?
- Why a Security Operations Center (SOC) is important?
- What are some Incident management best practices to keep in mind?
- GoDaddy has been hacked again. What can be done better?