What is our primary use case?
I just had to monitor the dashboard and infrastructure alerts and escalate them to the appropriate teams.
I used it for both performance monitoring and incident management. We had an IT infrastructure setup on Splunk ITSI itself. There were dedicated dashboards created by the admins, and we had to monitor these dashboards for the performance of our infrastructure assets, such as the database or infrastructure access.
We had to monitor these alerts and escalate them to the appropriate teams. For example, if a network alert showed up on the system board, we had to escalate it to the network team, such as, "We are seeing this kind of alert on the ITSI app board; please have a look into it." So, that's the main task on the Splunk ITSI app.
How has it helped my organization?
Splunk was initiated for monitoring dashboards and to have our infrastructure integrated into Splunk itself. We have several servers, databases, and multiple services running. We have applications that were dedicated to the service provider. So we had our Splunk IT set up on those servers.
Basically, to keep these applications running smoothly or to have a smooth flow of these applications, we integrated everything on Splunk. And, we need to be resilient and proactive so it doesn't cause any impact to the customers and clients and doesn't go down. We set up our monitoring dashboard on ITSI, which keeps us in touch with how the performance and health checks are going on for these components and applications.
It has a clear understanding of how different environments are related to each other. It has pretty much everything integrated within it. You just need to click a few on the board and whatever details you require are there. So, I find it pretty useful.
For predictive analysis, we have access to pull-out reports on whatever packets are integrated into our system, whatever the packet reinsurance, packet alerts, or whatever has been generated in the system. We pull out these reports based on the previous data and incidents or alerts in the environment.
Then, after analyzing the previous data, we identify what was causing the incidents or alerts. Based on that, we have taken action to prevent incidents in the environment. So that was a really helpful feature as well because having access to the backend itself helps to identify the previous causes or incidents in the environment.
What is most valuable?
I liked how it's integrated in such a way that it's really user-friendly. You don't have to do much. Within a few clicks, you get all the data that you need, like what the server is, what the issue is, and how it can be resolved. It was all integrated into the tool itself.
I found it very easy to identify the server or the root cause. So, it helps to resolve the issue on a priority basis or as soon as possible.
The event analytics in Splunk is integrated to help avoid such incidents. Whenever we see such alerts on the board, we have to take immediate action to avoid any incidents in the future.
Sometimes, an incident happens, like the application goes down, and we receive the incident. At the same time, we receive multiple alerts on our dashboard. So, we have to escalate these alerts along with the incident call and incident procedure. We keep the teams involved by saying, "We are seeing this kind of alert on our ITSI dashboard. Please have a look into it or try to get it resolved." It provides the information IT needs about the server, database, and network connectivity. So, it was easy to identify issues when we had such alerts on the board.
Reduced incident volume: ITSI reduced our incident volume by 20 to 25%. It was really quick, and we were able to investigate whatever incidents or alerts happened in the environment. It was really good. It was really quick to identify such issues and previous issues in the environment. So, it has reduced the MTTR, the mean time to resolve an incident, by 20 to 25%. So it's really helpful.
Alert noise: I didn't see it reduced because whenever we introduce a ticket to ITSI, our system is already integrated into the service. And along with that, we are already migrating from other tools to ITSI itself. So, I'm not quite sure that it reduced it because we are continuously adding servers to ITSI. It increased our count of alerts. But I couldn't comment on that because we are continuously adding our infrastructure to ITSI. So, I haven't identified any reduction.
ITSI reduced our mean time to detect whenever we have seen any meantime to detect alerts in the environment; we get them within a fraction of a second, so we get to see the alerts on the board immediately. It is reduced by 20% to 30% as well.
It continuously refreshes itself within two to three minutes, so it's really reduced our time to detect that part.
Splunk ITSI helped us automate routine tasks. For example, we have a daily task where we have to pull out the daily report. Based on that, we have to access whatever incidents or alerts happened or occurred during the day.
We have to pull out the report and get all kinds of data, the details of what we have done and the kind of alerts we have seen in the day. Then this action has been taken or maybe escalated. So it was really helpful to get such data on a daily basis.
What needs improvement?
From my perspective (since I don't have administrator or developer access to Splunk ITSI), we could have a better user interface. The Splunk ITSI user interface can be improved because whenever we see the dashboard, it's mostly in text format. It doesn't have a graphical view.
It's easy to identify issues or alerts if you have a graphical representation on the dashboard. I have seen several dashboards in Splunk ITSI which have a really good graphical interface, but the integrated dashboards we have do not.
I'm not sure if it is configured in such a way or not. Maybe a developer or administrator can access that, but I feel like Splunk ITSI having a good graphical user interface would really improve the visibility of the dashboard and alerts.
For how long have I used the solution?
I have been using it for more than a year.
What do I think about the stability of the solution?
From my perspective, it's pretty much stable. We haven't experienced anything bad or any technical downtime apart from the scheduled downtime. So, for me, the stability is really good.
What do I think about the scalability of the solution?
It is scalable, but we didn't get to experience the scalability part because it was developer- and admin-related.
For just one location, we have more than 500 people who can access Splunk ITSI, including the technical and monitoring teams. Considering the different locations as well, it would be in the thousands, but I'm not sure about the exact count.
How are customer service and support?
The customer service and support are quite useful. Whenever we faced an issue on our Splunk ITSI server, or if alerts weren't updating, showing proper data, or generating detailed alerts, we reached out to the Splunk technical teams for support.
They are really supportive, with quick responses and a solution-oriented mindset. They provide solutions right on time. The DevOps support provided is really good.
It was pretty good. I didn't have any bad experiences.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We had several tools before introducing Splunk ITSI. We had several other tools to monitor network, Windows, Linux, or other portal alerts.
While having Splunk ITSI, we integrated everything into that. We have decommissioned all of the other tools, and everything is on the IT side.
I have worked on ThousandEyes and Spectrum. These tools were used to identify network alerts. We had Spectrum alerts used for network device alerts. And for ThousandEyes, we used it for the portal alerts, for each and every infrastructure component or service. We had different tools integrated to have such alerts on the board.
So, to reduce having multiple tools, our management team introduced Splunk ITSI because everything is integrated into it. It was really helpful to have just one tool for all of our components instead of multiple app tools.
How was the initial setup?
For us, it's on-prem, not on the cloud. We were planning to move it to the cloud, but it's currently on-prem.
Splunk ITSI requires maintenance. From time to time, we have downtime to integrate other tools into ITSI.
The integration of ITSI with other tools enhanced our operational capabilities and has been really helpful. To access a few other tools apart from ITSI, we have to do several things to get the data from the tools themselves. And I find that these tools are pretty slow.
Getting the data or accessing anything on those tools is really time-consuming but ITSI was quick. We don't require special tools or special access to that environment. We have IDs created for our individuals, and we just need to access ITSI. It was pretty quick, and we didn't need to do much hard work to access all the data. It's really quite useful in that aspect.
What about the implementation team?
It was already introduced by the technical teams or maybe the administrator or developer. We just had it served on a plate, so I don't have much exposure to the development part.
It was deployed for multiple locations and departments. The network, database, Windows, and Linux departments also have the same dashboard and infrastructure to integrate their servers and alerts into Splunk ITSI. So, having exposure to multiple departments and on-prem environments is really helpful.
What was our ROI?
It was an easy tool when we also used other tools, such as ITSI. To access those tools, we had to log into VPNs and other stuff to get access to our dashboard.
But with Splunk ITSI, I find it really useful. It was quick, it had all the information you needed, and it was customizable. You don't need to do much to access our infrastructure data.
Within just a few clicks, you can get whatever you need from ITSI. I find it quite useful. I'll compare it to the other tools as well. It provides good insight.
It saves a lot of time. Whenever we have an incident in the environment, we use to do our priority checks on Splunk ITSI. Whenever we see such an incident, we have to investigate the previous data, see if any previous incidents happened in the environment, or maybe check if any alerts were generated in the system related to that issue. So it is quite helpful whenever we see incidents in the environment.
We have several tools along with Splunk ITSI, but I find Splunk ITSI very useful compared to the others. So I would rate it 70%. I'm satisfied with that. We don't have admin or developer access to Splunk ITSI. But whatever we have access to, I'm definitely 70% sure that ITSI is really good to have in the environment.
On the manpower, it has been reduced by one or two candidates because, obviously, we also use several tools as well, so we have a lot of strength there. However, after we integrated everything on the Splunk ITSI, we reduced our manpower, and it's less time-consuming. Each one can double their task for maybe two weeks their actions as quickly as possible as compared to the other two. Manpower, it's really helpful.
What other advice do I have?
I would recommend Splunk ITSI because it gives you access to all the information you need, and it's just a few clicks away. You just need to know how to navigate through the tool. Apart from that, everything can be done on Splunk ITSI. It's just a matter of how much knowledge you have to access the data in Splunk ITSI.
Splunk ITSI is really helpful because whatever data you need, you're just a few clicks away from it. That's a really helpful thing to have.
I would definitely recommend it to other users because it gives you really good exposure to the environment. Whatever data you need is quickly accessible.
Overall, I would rate it an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.