Try our new research platform with insights from 80,000+ expert users
Officer at State Street
Real User
Enables us to consolidate tools but it should improve its pricing
Pros and Cons
  • "Alerts and episodes are valuable to me."
  • "The solution should integrate more features in NEAP."

What is our primary use case?

We use the solution to monitor our own internal applications. We monitor analogs and various other DB Connect sources.

How has it helped my organization?

The tool has replaced some other products in our organization. It’s coming in very handy.

What is most valuable?

Alerts and episodes are valuable to me. These features put all notable events together and give us an opportunity to take action.

What needs improvement?

We can take actions based on NEAPs, like emails and service now tickets. It is pretty basic at the moment. The solution should integrate more features in NEAP.

Buyer's Guide
Splunk ITSI (IT Service Intelligence)
October 2024
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.

For how long have I used the solution?

I have been using the solution for about a year.

What do I think about the stability of the solution?

The solution is pretty stable.

What do I think about the scalability of the solution?

The product is extremely scalable.

How are customer service and support?

I work with a lot of Splunk’s support people. I like them. They're all good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were using a software called Genius. We use Splunk IT Service Intelligence now, and it's more cost-effective overall.

What about the implementation team?

I have been maintaining the solution. The product is straightforward to maintain. We just need to follow the best practices, and it works. We have a lot of users, so it's difficult controlling what the users do in the environment.

What was our ROI?

The tool is a centralized place to collect all our data and compute against it. It has the potential for an ROI.

What's my experience with pricing, setup cost, and licensing?

Pricing has some room for improvement.

Which other solutions did I evaluate?

We evaluated other options, but Splunk seemed to be the best. It is the industry leader, so it was a no-brainer.

What other advice do I have?

We have an on-prem instance. Everything's pretty much on-prem. We work with cloud logs. Monitoring multiple cloud environments using the solution is pretty straightforward and easy. It is extremely important to us that the solution has end-to-end visibility into our cloud-native environment.

The solution has helped reduce our mean time to resolve. The product has helped improve our organization’s business resilience. Its ability to predict, identify, and solve problems in real-time is pretty good as long as the source is good and we use it well.

The tool’s ability to provide business resilience by empowering staff is alright. We have experienced cost efficiencies by switching to Splunk IT Service Intelligence. I know it used to be ingestion, and now it's like a CPU. It's always evolving. I was not involved in the initial setup. The solution still has some room for improvement.

Overall, I rate the product a six or seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Andrew Mahoski - PeerSpot reviewer
Data Engineer at Memorial Sloan-Kettering Cancer Center
Real User
Top 10
Has an excellent ability to provide business resilience by empowering staff
Pros and Cons
  • "The most valuable feature is the Glass Tables. It gives you a nice, good overview of your KPIs. It's really slick and clean."
  • "It could be a little easier to use with the thresholding. We've struggled a little bit with thresholding."

What is our primary use case?

We have medical use cases. We monitor batch processes for our medical system. We batch-process data ingestion from our data warehouses just to make sure they're performing appropriately. If there's an outlier we'll report it or create an incident.

How has it helped my organization?

Splunk has just started to improve my organization. It's still in its infancy. We still have some kinks to work out, but it's actually giving us much better visibility than creating a normal Splunk dashboard. It's an easier process in that regard.

It has 100% improved my organization's business resilience. We're able to get better metrics. We have a project where we've actually saved the organization millions of dollars in regards to lost revenue. We were using Splunk Dashboards to determine a situation where billing wasn't being done correctly. Billing was never actually sent out to insurance companies, then that's where we found things that were falling between the cracks.

In terms of cost efficiencies, we're able to find situations where patient care is falling below the thresholds. We have other projects that are coming into play that are going to be huge for the organization that will be reporting back to the state. 

What is most valuable?

The most valuable feature is the Glass Tables. It gives you a nice, good overview of your KPIs. It's really slick and clean. 

Splunk's ability to predict, identify and solve problems in real time is excellent. We were able to see things we haven't been able to see before just because the data from multiple systems is so helpful.

Its ability to provide business resilience by empowering staff is excellent. Everybody wants to use it.

What needs improvement?

It could be a little easier to use with the thresholding. We've struggled a little bit with thresholding.

For how long have I used the solution?

We have been using Splunk ITSI for one and a half to two years. 

What do I think about the stability of the solution?

Their stability is excellent. It's not a Windows product. I don't have to restart it. It's a ten out of ten.

What do I think about the scalability of the solution?

We can scale horizontally. It's a nine out of ten.

How are customer service and support?

Their support is good. During the time of COVID, it took a while to get somebody to get back to us, but that was expected. Overall, the support has been good. We haven't had many issues. We'll dig deep into the weeds before we even bother calling Splunk. 

I would rate support a seven out of ten. I wish their response time was better.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Before ITSI, we had Datadog and there was one other product we were managing. We didn't have any visibility into it, and Splunk is a very visible product versus other ones where it's a little more locked down from the access respective.

We switched to Splunk because of the ease of use and the ability to ingest logs from pretty much everywhere. 

We had some in-house solutions, which weren't great because we were building in .NET versus something that's like Splunk, which we can pull data from everywhere, including from a .NET solution.

How was the initial setup?

I was the first one to deploy it at the organization. We started with me and one manager, and then it turned into a team of five engineers, we had a riff, and we were down to three.

We made the mistake of initially deploying it on Windows. We learned very quickly that that was a big mistake and then we switched over to a Linux environment. In general, the deployment wasn't that bad. The documentation that Splunk offers has always been great. If we had any questions, we always went to support with those questions. It was pretty simple.

What was our ROI?

Other departments have seen ROI through being able to offer better and more efficient patient care. 

What's my experience with pricing, setup cost, and licensing?

We like the old perpetual licensing model but everybody's going more towards the two-year. I think the professional services hours thrown in there is actually a pretty good benefit.

What other advice do I have?

I would rate Splunk ITSI a nine out of ten. Not a ten because the learning curve makes it tricky.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk ITSI (IT Service Intelligence)
October 2024
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
JOEL MUNDOH - PeerSpot reviewer
Splunk Administrator / Architect at MetLife
Real User
Top 5
Provides great end-to-end visibility into our network environment and helped us reduce alert noise
Pros and Cons
  • "Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered."
  • "The data recovery has room for improvement."

What is our primary use case?

Splunk ITSI is used to analyze data and create alerts. This helps us to maintain our security best practices.

How has it helped my organization?

Our organization was looking for a security monitoring tool. I use Splunk ITSI as a monitoring and security tool. It helps me to protect data and prevent malware and hackers from accessing my environment. Splunk ITSI can be used to protect our role and infrastructure. It can also provide insights into how and what is helpful within our infrastructure.

Splunk ITSI provides great end-to-end visibility into our network environment. It can identify the exact root cause of an issue without any additional troubleshooting on my part.

Predictive analytics is valuable for preventing incidents before they occur because it allows me to see when the data stopped being indexed, which saves me time from having to investigate.

Splunk ITSI makes it easier to secure our entire infrastructure. Before Splunk ITSI, our environment was chaotic.

Splunk ITSI streamlines our incident management by providing a financial report of all applications in our environment.

Splunk ITSI has helped us reduce alert noise. After configuring ITSI, we set certain parameters based on our alerts. These alerts are the conditions that ITSI uses to automatically reduce noise.

Splunk ITSI helps to reduce our mean time to detect by monitoring key performance indicators such as CPU overload and the percentage of use revenue trend. On average the automation has reduced our mean time to detect by five minutes.

Splunk ITSI significantly reduces our mean time to resolve because most of our time was previously spent troubleshooting. With ITSI, we don't have to troubleshoot at all.

Splunk ITSI can help reduce downtime, but the extent of its effectiveness depends on how it is implemented.

What is most valuable?

Splunk ITSI has a lot of advantages. There are a lot of different aspects when implementing Splunk ITSI in our environment.

Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered. This automation can pass through the CI/CD pipeline tool, which helps to increase security.

What needs improvement?

The data recovery has room for improvement.

For how long have I used the solution?

I have been using Splunk ITSI for three years now.

Splunk ITSI can be deployed on-premises or in the cloud. However, we typically deploy it in the cloud because of the available services. These services do require a lot of permissions.

What do I think about the stability of the solution?

Splunk ITSI is stable.

What do I think about the scalability of the solution?

Splunk ITSI is scalable.

How are customer service and support?

The quality of support depends on the individual use case and how we configure the solution.

How would you rate customer service and support?

Positive

How was the initial setup?

Splunk ITSI can be installed remotely or manually. The deployment time depends on the operating system being used to deploy the solution into the cloud. Once ITSI is deployed, I can perform a ROM test through the CI/CD pipeline.

What was our ROI?

Splunk ITSI's visibility into our environment provides good value to our organization.

What's my experience with pricing, setup cost, and licensing?

Splunk ITSI is a pay-per-use service that is priced fairly based on the amount of data we use.

What other advice do I have?

I give Splunk ITSI an eight out of ten.

Splunk ITSI is a cheaper and easier-to-use alternative to APM solutions. Unlike APM solutions, Splunk ITSI also helps with application management, memory management, host log volume, and CPU usage.

Our clients vary in size, with some using small amounts of data and others using terabytes of data within Splunk ITSI.

Splunk ITSI maintenance involves updating the software and ensuring that it is compatible with the applications that it will integrate with.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Tech Lead at a tech vendor with 1,001-5,000 employees
MSP
Top 20
Provides a unified view of alerts and supports heat maps and glass tables for visualization and monitoring
Pros and Cons
  • "I find the episode review, glass tables, and correlation search features very useful."
  • "Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well."

What is our primary use case?

There are multiple use cases, which include heat maps, glass tables, and predictive analysis.

The first one is mainly related to heat maps. For example, if you want to monitor the health of a server, you can prepare heat maps for that. When you set up any kind of alerts, they can get missed because people are too busy to check their emails. With these heat maps, the color changes automatically. The Cron job runs behind the scenes, and you don't need to run them manually. 

You can also set up a glass table in ITSI for the architecture. For example, a setup like Amazon would have web services, databases, queues, and other things. For the purchase and other things, it has to connect to the external world, so you need to place the complete architecture over there, and you can assign the threshold value. If there is an issue with any of the points, for example, there is an issue with the connectivity of the database, the heat maps would change in color, which helps you to easily identify that there is an issue.

It also has a concept called predictive analysis. For example, your WhatsApp chat backup happens every 24 hours or 7 hours, but you cannot predict how much bandwidth it's going to use during the backup. It might even use 100% of the bandwidth. You cannot set a proper threshold. In such cases, you can use predictive analysis. It'll analyze the data patterns, and based on the data pattern, it predicts if everything is good or if something is bad. It can predict if something is going to fail.

You can have an integration with the ticketing tools. For example, if something happens on any server or PC and you've directly integrated the tickets from Splunk to ServiceNow, it's automatically going to create a ticket in ServiceNow.

There's also a concept of episode review wherein it groups the alerts so that there's no ticket spam in ServiceNow. For example, if you are monitoring a server and it's down, there might be 10 to 20 alerts, which would create 10 or 20 separate tickets and spam your ticketing system. In such cases, you can use the episode review feature. It will merge all those tickets into one and include all the details in that.

How has it helped my organization?

Splunk ITSI allowed us to monitor the health of servers. We can also completely monitor an application and identify data patterns. Automation of ticketing tools can also be done with this. We can also do log monitoring with Splunk ITSI.

It's also helpful for developers. When they create an application, if there is an issue in their code, based on the output data, a request is automatically triggered to the engineering team stating that there is an issue with the code.

The visibility into an application is very good if you configure everything properly. You first have to analyze the application by using any of the monitoring tools such as Elastic, Splunk, etc. You have to analyze the application in and out, and afterward, you have to place the monitors in particular places for end-to-end visibility. For example, in the case of a home security system, to completely secure the home, you have to place the devices in a proper place. Until and unless you place the devices in a proper place, you cannot say that it's completely secured. If you are not keeping the cameras at the main entrance and the windows, or you haven't placed them properly, you can't say that the home is properly secured.

Splunk ITSI is very good for predictive analytics for preventing incidents before they occur. For everything, there are patterns, and based on the algorithm, you are allowing the machine to analyze the data and predict whether the data patterns are coming in a proper way or not. Splunk analyzes the data patterns based on the historical information that we give it. After analyzing the historical information, it creates triggers. If the data that we are feeding into the machine is incorrect, it's not going to work the same way.

There's the accuracy of alerts. In Splunk, the data is almost in real-time, so we get tickets in real-time. If there's a failure, we can roll over to the backup applications immediately. It saved about a million euros for one of our clients. They were having an issue with the Symantec antivirus that blocked the complete Citrix environment, so the workers were not able to sign in and access the application, which led to an outage. Within a matter of minutes, Splunk triggered a ticket, and they identified that they were having an issue with this particular antivirus, and they blocked it.

Splunk ITSI has helped streamline our incident management. There is efficiency in terms of clubbing the tickets and sending tickets with meaningful information, so mainly with the alerting system, you can configure as much information as you want using the Splunk monitoring tools. You can send some links in the ticket, or you can send a separate set of guidelines for the engineers on what has to be done. The clubbing of tickets has also helped a lot to avoid spamming.

Splunk ITSI has reduced our mean time to detect. Based on my experience and the feedback from others who are using it, it has saved a lot of time. The time reduction is significant when compared to other tools in the market.

It has reduced our mean time to resolve. Glass tables have been very helpful. With the help of Splunk ITSI, you can place the heat maps and services in place based on the application architecture to easily identify where the issue is coming from.

What is most valuable?

I find the episode review, glass tables, and correlation search features very useful.

What needs improvement?

Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well.

For how long have I used the solution?

I've been using Splunk ITSI for five or six years.

What do I think about the stability of the solution?

I'd rate it a nine out of ten in terms of stability.

What do I think about the scalability of the solution?

I'd rate it a nine out of ten in terms of scalability.

How are customer service and support?

It isn't 100% satisfactory for all the cases. About 80% of the time, they are good, and about 20% of the time, they aren't as good. They can be very slow. We also had an incident where we asked them to upgrade to a version, but in that latest update, Splunk had removed some concepts because of price issues. As a result of removing a particular module, our complete environment failed. It took us a day to roll back the version and go back to normal. Overall, I'd rate them a seven out of ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I used VMware vSphere and a CA Technologies tool. We switched to ITSI because the optimization was very less in them. There is also a significant difference in data parsing. We also have real-time data. 

How was the initial setup?

At the beginning of my career, I found it to be complex because you need to know a lot of areas, such as network and firewall rules, routing methodologies, and the cluster concept. I kept on learning along with my teammates, and it's pretty good now.

What about the implementation team?

In the beginning, my teammates helped me, but now I don't need any help. Depending on the load and the environment, I can build things.

What was our ROI?

One of our clients was paying two hundred thousand to three hundred thousand dollars for a report based on the complete data, whereas they could also get the data by running a couple of queries from the database. After the implementation of Splunk, we used something called DB Connect. It was a small tweak, and after that, the price was reduced to a hundred dollars or eighty dollars per annum. All they are doing now is creating or running SQL queries, getting the data back in Splunk, and based on that, triggering and sending a report. That's it. It was all about preparing proper monitoring. The data was already available. We prepared the alerts. Along with the alerts, we also prepared dashboards for the users to visually review the historical information for the past one or two years. They can even see the report month-wise. Two hundred thousand dollars to less than a hundred dollars is incomparable.

What's my experience with pricing, setup cost, and licensing?

Its pricing has been changed as per the market. You get a good support service with it as well. They have 24/7 customer support. There is a portal, and if you are having issues, they are available in order to resolve them. So, its pricing isn't too much.

What other advice do I have?

I'd advise learning the tool properly, understanding its capabilities, and utilizing it efficiently. One of our clients was paying hundreds of dollars towards the license, but they were utilizing it only for server monitoring. 

To someone who already has an APM solution but is considering switching to Splunk ITSI, I'd say that switching to ITSI is going to help them a little bit more. The grouping of the ticket to the users can be easily planned. It's not rocket science. It's easier compared to the other tools where you need to create a lot of configuration for that. The configuration has been segregated, which makes it easy for the applications team to set up their own monitoring and group them to avoid the number of tickets generated. You also have predictive analysis along with heat maps and glass tables, which aren't available in other APM tools in the market right now.

Overall, I'd rate Splunk ITSI an eight out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Benjamin Agbanowe - PeerSpot reviewer
Splunk ENGINEER at a transportation company with 201-500 employees
Real User
Offers enhanced visibility, reduces costs, and minimizes the frequency of incidents
Pros and Cons
  • "Splunk ITSI offers a valuable visualization tree that allows us to map and analyze dependencies and co-dependency within our environment."
  • "ITSI currently lacks the capability for automated response, mitigation, and remediation."

What is our primary use case?

Splunk ITSI is a service intelligence platform that monitors services, availability, endpoints, and interactions within an environment. My experience with ITSI focuses on web application APIs. I installed and configured it for a telecommunications company to monitor web application API services, troubleshoot downtimes, and mitigate failures. ITSI offers a comprehensive view of the environment, enabling top-to-bottom visibility into services, endpoints, and performance. It provides correlation analysis, deep dives, and episode reviews, leveraging AI and machine learning algorithms to detect signals, predict issues, and prepare engineers for potential problems.

How has it helped my organization?

Splunk ITSI's dynamic and highly beneficial end-to-end visibility allows us to gain comprehensive and clear visibility once we configure our settings, services, and entities.

Splunk ITSI's machine learning and AI capabilities are powerful tools that help prevent incidents before they occur. As an engineer, I appreciate the ability to visualize potential future scenarios within my environment. This predictive forecasting feature provides valuable insights into our environment and services.

Due to its complex functionalities, Splunk ITSI requires significant learning. Proper training is essential to understand how these features operate effectively. While the benefits were not immediate, they became apparent over time as we configured, implemented, and utilized the various functionalities. It took several months before the full value of Splunk ITSI was realized.

For incident management and incident response, ITSI assists us by enabling us to create numerous knowledge objects as Splunk users. Whenever an issue arises, these objects can be centered around our services or entities, such as reminders, emails, or notables. Consequently, ITSI significantly aids our management and incident response efforts.

Splunk ITSI effectively reduces the volume of incidents by providing predictive capabilities, enhancing environmental visibility, and facilitating efficient troubleshooting. This deep-dive approach minimizes the occurrence of noisy alerts and consequently lowers the overall incident rate.

It helps reduce alert noise by allowing users to review and group notables. Through the episode review functionality, analysts can examine fired alerts, assign them to specific investigators or analysts, and group them to minimize the occurrence of noisy alerts.

Splunk ITSI has been instrumental in reducing the mean time to detect. While I have other tools as an engineer, ITSI, in conjunction with Splunk SOAR, offers preconfigured automation and quick responses that can further enhance our MTTD. ITSI provides the necessary visibility, and when integrated with SOAR, it aids in detecting and resolving issues more efficiently. These tools work seamlessly together, streamlining our incident response process and improving operational efficiency. Combined, our MTTD is under 30 seconds.

Splunk ITSI has helped reduce the mean time to resolve the issue because we can detect the incidents faster.

It is a valuable tool for cost savings. In a recent project involving web application APIs, ITSI's top-to-bottom visibility and machine learning capabilities enabled us to predict and prevent downtime, reducing losses significantly. By integrating ITSI with an automated tool like SOAR, we implemented automated responses that quickly resolved issues and minimized disruptions. This resulted in substantial savings, estimated to be between five and ten million dollars. Before ITSI, downtime in the web payment application APIs was frequent, leading to significant financial losses. ITSI's implementation has eliminated this issue and provided substantial cost benefits between five and ten million dollars.

What is most valuable?

Splunk ITSI offers a valuable visualization tree that allows us to map and analyze dependencies and co-dependency within our environment. We can quickly identify errors, failures, and cascading impacts from specific branches by inputting our services and entities into this diagram. I have found this feature particularly useful for clearly understanding my environment's dynamics. Additionally, ITSI's deep dive functionality enables detailed examination of service trends over time, providing valuable insights. Furthermore, its AI and machine learning capabilities, especially beneficial for users with relevant knowledge, offer powerful predictive and correlation analysis tools. Overall, ITSI's combination of visualization, deep dive, and AI and ML features makes it an indispensable tool for observability and understanding complex environments.

What needs improvement?

ITSI currently lacks the capability for automated response, mitigation, and remediation. To achieve this, it must be integrated with third-party applications. Adding these features to ITSI would significantly enhance its value. For example, the ability to define specific conditions and triggers for automated responses to alarms or incidents would enable proactive mitigation and detection. Incorporating automated response and detection functionalities into Splunk ITSI would make it a powerful tool for incident management.

For how long have I used the solution?

I have been using Splunk ITSI for seven years.

What do I think about the stability of the solution?

Splunk, as a platform and software, typically operates smoothly without significant lag or crashes. When such issues arise, they are often attributed to insufficient memory or hard drive space allocated for the Splunk installation. These factors are primarily dependent on the project owners and company's available resources and hardware capabilities. However, it's important to note that the Splunk platform itself rarely encounters stability problems.

What do I think about the scalability of the solution?

Splunk ITSI assists in optimizing resource allocation to align with demand. We can effectively manage our infrastructure by accurately predicting resource requirements based on factors such as the environment, project, and specific operations within our facility. Splunk ITSI's machine learning capabilities can also contribute to this predictive analysis or forecasting, further enhancing our ability to optimize resource utilization.

How are customer service and support?

The technical support responded quickly and provided high-quality assistance. They paid close attention to our issue, conducted a remote diagnosis of our environment, and clearly explained the problem and recommended solutions. Their service was exceptional.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial deployment of Splunk ITSI is straightforward. Assuming all other configurations are in place, a full deployment can be completed in approximately 30 minutes. The exact duration depends on the complexity of the environment, including the number of indexers, search heads, and overall workload. For a single installation on a standalone computer with minimal infrastructure and support requirements, the deployment can be completed in just a few seconds.

The number of Splunk ITSI consultants required for a deployment depends on the project's size, architecture, and specific monitoring needs. A small, single-deployment project may only need one consultant. However, larger projects involving clusters of indexers or searchers, or those requiring constant monitoring, may necessitate more consultants. Such complex deployments might require two or three consultants to manage the entire environment effectively.

What other advice do I have?

I would rate Splunk ITSI eight out of ten.

To anyone considering switching to Splunk, I highly recommend it. Splunk offers a wide range of applications, making it a versatile tool for various IT environments. Beyond ITSI, Splunk provides numerous tools and platforms that offer comprehensive insights into IT operations, security, and more. Whether dealing with payments, web application APIs, or any aspect of IT, Splunk can help. Splunk empowers you to gather, search, analyze, and visualize data to create knowledge objects and set endpoints. It enables you to secure, analyze, and query your IT environments, providing valuable insights. Splunk's powerful features, including AI and machine learning algorithms, help you detect issues, streamline alerts, and improve overall operations. Splunk's risk-based alerting and ITSI security features ensure data protection and compliance. It helps safeguard your data in transit, storage, and indexing, providing visibility into access and potential leaks. For compliance, vulnerability, and risk management, Splunk is a valuable asset. I strongly recommend installing Splunk for its ability to enhance IT operations, improve visibility, and ensure security. If observability is a priority, I also encourage exploring Splunk ITSI.

Splunk ITSI is available both in the cloud and on-premises.

For new users, consider hiring a Splunk consultant to provide initial guidance and training. The consultant can demonstrate key features, share best practices, and help you get started. Secondly, familiarize yourself with Splunk's extensive documentation, which is a valuable resource for learning and troubleshooting. It's essential for anyone involved in managing or using Splunk to stay updated on the latest information. Finally, having a consultant work directly with your team can accelerate the learning process. They can provide tailored training, assist with implementation, and ensure that your users are equipped to effectively utilize Splunk's capabilities.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Nagendra Nekkala. - PeerSpot reviewer
Senior Manager ICT & at Bangalore International Airport Limited
Real User
Top 5Leaderboard
Empowers organizations to efficiently monitor, analyze, and optimize complex IT environments
Pros and Cons
  • "The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes."
  • "It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs."

What is our primary use case?

It has enabled effective monitoring, allowing for a comprehensive view of the growing complexity within the IT infrastructure.

How has it helped my organization?

The enhancement to our organization stems from its ability to consistently run rules, actively identifying significant events. This involves an ongoing process of aggregating and configuring notable events into a coherent resource. Additionally, the container version automates website functionalities, including tasks like email reception, providing a heightened level of control.

It has proven highly effective in real-time monitoring of service assistance and KPIs. There has been a noticeable enhancement in automated event clustering. Additionally, the platform facilitates comprehensive analysis for proactive incident prevention.

The end-to-end visibility provided into our network environment is a potent tool for real-time monitoring. It significantly contributes to the monitoring and analysis of complex multi-cloud IT solutions, playing a pivotal role in ensuring efficiency.

Leveraging predictive analytics to proactively prevent incidents before they manifest empowers operations to establish effective management and automation of information related to business processes.

It aids in minimizing alert noise, proving highly effective in incident management. Furthermore, it facilitates root cause analysis.

What is most valuable?

The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes. It promptly raises a red flag, signaling an effective early warning system.

The resilience it provides is invaluable. It ensures continuous application of rules, specifically for identifying notable events, and utilizes revision policies to configure hardware solutions into edge servers. This is essential for my operations to seamlessly proceed.

What needs improvement?

It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs.

For how long have I used the solution?

I have been using it for one year.

What do I think about the scalability of the solution?

It provides good scalability. Approximately, a hundred users use it effectively.

How are customer service and support?

I would rate the customer service and support eight out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

The installation involves developing a strategy to comprehend the essential services for proper monitoring. Additionally, it entails determining the specific type of intelligent alerts, clusters, and dashboards needed for effective planning. It was done in-house by one individual.

What was our ROI?

The implementation of this solution quickly demonstrated its value.
It resulted in a time reduction of six hours through its implementation.

It contributed to a six-hour reduction in the meantime to detect incidents.

It assisted in decreasing the mean time to resolve by four hours.

What other advice do I have?

Choosing IT Service Intelligence (ITSI) over other vendors is a superior option now, as it operates on a data platform capable of efficiently collecting and managing large volumes of machine-generated data. It would greatly support the utilization of proper predictive analytics due to the capability to preemptively prevent incidents ten to twenty minutes in advance. Overall, I would rate it eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Splunk admin/devepor at Wipro Limited
Real User
Top 20
Reasonably priced with good monitoring and predictive analytics
Pros and Cons
  • "We can automate routine tasks. We're able to create alerts, reports, scheduled searches, et cetera. It's helping us to save time."
  • "When we check the service analyzer, and we have custom inputs, there are issues."

What is our primary use case?

We are using the solution for correlation searches. We've integrated Splunk with ServiceNow. We're creating aggregation policies to trigger actions in ServiceNow. We use it with the ServiceNow add-on. When something happens in ServiceNow, it's correlated to ITSI as well. 

How has it helped my organization?

We can check to see if dependent services are aligned. The service analyzer allows us to see the health of the services. 

It's been very good for noise reduction. We have alerts that trigger visually and it helps us prioritize. We can create performance-related dashboards so teams will have a clear overview according to their unique requirements. 

What is most valuable?

The infrastructure monitoring is very useful. In our scenario, we can see the performance of logs across parameters like memory or security. We can analyze the data. We can create our own logic and alerts to send to the correlated teams to take care of incidents. 

The end-to-end visibility is very good. With the service analyzer, we're able to see if something goes down. It's inspecting the health of services. It's color-coded, so we can check to see if there are any serious issues. We can do deep dives if something is red. 

We use the predictive analytics on offer. We have some use cases in which we create forecasts around CPU and memory-related alerts. We can use it to predict costs based on the past 30 or 40 days. We're also trying to use this for anomaly detection. We can make good predictions on the basis of data and trends. As long as we have past data, we can use it to build some predictions for the future. We can use this to create and send predictive reports to our teams to help them take pre-emptive action.

It's helped us to right-size resources to match demand. 

The solution has helped us streamline our incident management. We've been able to increase efficiencies through automation.

We've been able to reduce incident volume. If a host is generating frequent tickets, for example, we're able to see it and work on it directly to help us reduce incident counts. 

We've been able to effectively reduce alert noise. We can create logic to create tickets. It will create one ticket per episode so that multiple tickets are not created for one single episode - and this helps us reduce noise. 

We can automate routine tasks. We're able to create alerts, reports, scheduled searches, et cetera. It's helping us to save time.

What needs improvement?

When we check the service analyzer, and we have custom inputs, there are issues. Sometimes our inputs are not taken or recognized. Alerts are not being automatically generated. Also, if someone comes and creates a maintenance window, we can't properly identify who created it. We have to create our own queries before we can identify anything. 

For how long have I used the solution?

I've been using the solution for three years. 

What do I think about the stability of the solution?

The solution is very stable. 

What do I think about the scalability of the solution?

The solution is scalable. Depending on your infrastructure, it can be a bit tricky. 

How are customer service and support?

I haven't had to escalate any issues to technical support. 

Which solution did I use previously and why did I switch?

We're using SolarWinds and Splunk in our current environment. 

How was the initial setup?

I helped with the initial deployment. We have multiple servers sending data to Splunk. The process is straightforward. For the setup, we had three people involved in the process. 

It's not a difficult solution to maintain. 

What's my experience with pricing, setup cost, and licensing?

The licensing is based on data ingestion. However, they do have multiple licensing options.

The pricing is reasonable. 

What other advice do I have?

Splunk is good. It gives good customized options. Any logic or Python script we need to add, we have the freedom to do so. Most solutions aren't as customizable. 

I'd recommend the solution to others. I'd rate it eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Works at a comms service provider with 1-10 employees
Real User
No other tool provides you with the same level of observability and enterprise security or the search and reporting applications
Pros and Cons
  • "The most valuable feature of ITSI is the service KPIs. No other tool provides you with the same level of observability and enterprise security or the search and reporting applications."
  • "ITSI is an almost perfect tool, but there is room for improvement in a few features like the deep dive and multi-KPI alerts. We're using most of the features like service API, coding searches, and aggregation, but our team members hardly use multi-KPI and deep dive. We don't use the multi-KPI or deep dive because everything is available in the service KPI. I don't think this feature is necessary."

What is our primary use case?

In my recent projects, we have used ITSI to monitor the entire infrastructure using multiple features, such as service KPIs, aggregation policies, base searches, correlation searches, notable events, dashboards, blast tables, service analyzers, and drill-downs.

How has it helped my organization?

It helps in every respect, including performance, monitoring, or visualization of the important indicators. It improves the quality of service to the clients. It is crucial that the clients have no website failures because that means the loss of business. ITSI helps us track those issues. We've seen fewer environmental failures since we started using ITSI.

We saw immediate benefits from Splunk ITSI. For example, let's say you have a project for monitoring hybrid Linux servers running JBoss, SAP, and any server containing a client's critical data. It isn't easy to monitor each of these through the back end. 

Splunk ITSI shows you all the data on the screen and lets you visualize the data from various applications. We can see all the applications running on the server and issues with CPU or memory utilization. We have that data in Splunk and can immediately see the alerts triggered. If there are any failures in the environment, we can fix them in seconds. 

The solution has helped us streamline our incident management. We can monitor server KPIs, which trigger an alert if the server is impacted. We can track all the notable events and integrate ServiceNow with Splunk. ITSI is integrated with the ticketing tool, so when an alert triggers, it automatically creates a ticket on ServiceNow. 

ITSI has also reduced the alert volume. Before ITSI, we were unsure why an issue happened. We would see the alerts triggered in bulk and log them one by one for every server. ITSI gives you a feature that lets you drill down to find the precise issues on the server. 

It has a service KPI feature that allows you to monitor exceptions that may lead to server failure. For example, we might be in trouble if the value exceeds 10. We put five or eight values in the threshold field with a high criticality, so it triggers an alert whenever the count is breached. 

ITSI reduced our alert noise because it was very hard to monitor every aspect when we used search and reporting. After running the query, we needed more insights, and ITSI gave us a clearer picture of the incident. That helps you reduce issues.

Many use cases can be automated through ITSI because we previously built our reports manually.  After introducing ITSI, we sent all the data via the forwarders to Splunk. Once we have the data, we create and schedule all those queries and reports so that the management can see them without any IT involvement. It previously took us two or three hours daily to create all those reports, so automating reports saves almost 60 hours each month. We're automating 10 to 15 daily.

What is most valuable?

The most valuable feature of ITSI is the service KPIs. No other tool provides you with the same level of observability and enterprise security or the search and reporting applications. 

ITSI has everything. We can create searches, email alerts, and dashboards. It's the only application that offers the KPI concept where we can monitor different KPI parameters. We can configure the KPIs to trigger alerts when they breach a set threshold.

You can use the core concepts to optimize performance optimization. And you can create a lot of correlations and onboard the data from every project application. You can play with the data to create those KPI services and crash modes. It's possible to establish service health using the KPIs through the service analyzer. On a single screen, you have a lot of tiles showing you the service KPIs and high-level insights.  

When I started working on ITSI, there was some lag in releasing predictive analysis. Since then, there have been several updates, and we see that it works. We can predict any fluctuation in the data that might lead to failure. Using the historical data, we can set up the adaptive threshold. ITSI analyzes the historical data and sets an analysis for the future.

What needs improvement?

ITSI is an almost perfect tool, but there is room for improvement in a few features like the deep dive and multi-KPI alerts. We're using most of the features like service API, coding searches, and aggregation, but our team members hardly use multi-KPI and deep dive. We don't use the multi-KPI or deep dive because everything is available in the service KPI. I don't think this feature is necessary. 

People mostly use ITSI to monitor alerts. The most important features are within the service KPI. When we configure the alerts in service KPI, we don't need to do any deep dives because the client is more interested in the raw data, so we run the queries on the raw data instead of going into the deep dive. 

For how long have I used the solution?

I have used Splunk ITSI for seven years.

How are customer service and support?

I rate Splunk support nine out of 10. It is very helpful. Whether you are connected to priority one, two, or three depends on the issue and its impact. You can also get help from the Splunk community. If you create a P2 ticket, they will reach out to you within an hour and resolve the problem in eight hours. They have different SLAs. 

They might take one or two days to resolve issues. We need to upload the tags over the server to the portal. After that, they will start working on it. They have solved all the issues in the last four or five months within two to three days maximum.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We had Dynatrace. It was integrated to onboard the data and create correlation searches to monitor those parameters.

How was the initial setup?

Setting up Splunk ITSI wasn't difficult. A few files needed to be placed over the indexers, and a few more needed to be placed over the license master. I didn't have any issues installing ITSI from scratch. It takes 15 to 20 minutes, depending on the project. It can be set up with one to three people. When service KPIs are installed, we need to validate them after the installation and upgrade ITSI. 

Which other solutions did I evaluate?

My friend works with OpenSearch. They are moving from Splunk to Cribl and OpenSearch. Splunk is pretty expensive, but it gives you a decent insight into the data. It is easy to learn, and ITSI has a great interface. You can run those queries and pass the data. I don't find any product attractive, and we need to put more thought into it. 

What other advice do I have?

I rate Splunk ITSI nine out of 10. I have worked on multiple projects in the last seven years, and I've never found any product like ITSI. We can monitor everything through that. It's an excellent product.

Setting up and mapping the searches with the aggregation policies can be a little complex. Once you've mastered that, you can do anything with the ITSI. You can monitor the whole project infrastructure. You don't need any other tool to monitor and visualize the data. ITSI is enough.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user