Try our new research platform with insights from 80,000+ expert users
Tomesh Kumar Sahu - PeerSpot reviewer
Associate Consultant at a tech vendor with 11-50 employees
Consultant
Good scalability, in-depth visibility, and easy integration
Pros and Cons
  • "Splunk ITSI can be easily integrated with the incident management platform. You can automate workflows and certain actions can be taken."
  • "If they can somehow integrate it with AI in the near future, it will definitely be a game changer."

What is our primary use case?

We have been using Splunk ITSI to detect anomalies in the services and monitor the health and overall performance of IT services.

We have implemented it for a few of our clients where we do monitor the entire IT infrastructure. It could be any server that they are running. It could be a mail server. It could be a web server. It could be any network device that is communicating. We monitor the health of these services and how they are performing. We check for any anomalies or threats associated with them. We create some kind of KPIs or key performance indicators that give insights into the health and services.

We are a Splunk partner. Our company provides solutions not just related to Splunk ITSI but for all the things covered by Splunk. We also provide our consultancy for all of their premium products such as SOAR and Enterprise Security. 

How has it helped my organization?

Splunk ITSI has a service-oriented approach to monitor the entire IT infrastructure. From a business perspective, people definitely do not want any downtime. Any downtime leads to a bad reputation for a company. Splunk ITSI is a solution that we can use to monitor every single service running within an organization. With the help of KPIs, we define the service needs. A person implementing ITSI needs to be aware of all of the services running so that they do not miss out on anything. With the predictive analysis of Splunk ITSI, we can monitor everything. If there is any anomaly, an alert gets triggered. The other thing is the integration part. We can integrate it with any of the ticketing platforms such as ServiceNow. As soon as the alerts get triggered, a ticket gets created so that a response can be made to a particular incident.

It is very integrable. It can be integrated with any network component, such as a router, or any of the logs. With the help of Glass Table, it becomes very easy to inspect if any of the services are down. If a person is trying DDoS on any of the IT servers, such as a web server, we will see a lot of packets getting injected. There will definitely be an increase in the number of packets that a server is receiving. With the help of Splunk ITSI, we can block that particular IP, so the actions can be taken at the same time.

With the help of machine learning and predictive analysis, it checks for any anomaly. It monitors the normal behavior of a service, and if there is an anomaly, it can definitely create an alert for the user. This is how Splunk ITSI works.

Splunk ITSI can integrate with various management tools for predictive analysis. It takes the data and tries to predict and see if anything is suspicious. It makes its own decision at that time, and based on the actions that are listed, it takes action on a particular incident.

Using Splunk ITSI in an IT environment is very helpful. It reduces the downtime and the time taken for a resolution. It can take certain actions on its own. We can monitor every service there. Splunk ITSI can be helpful to prevent something from going down and the users having to face any downtime, failures, or issues with the servers. There is a proactive approach where things can be fixed before they turn into a breach.

Nowadays, it has become very easy for attackers to perform any kind of attack on the servers. Every organization wants its servers to be up and running. So, there is definitely a lot of demand to monitor the entire IT infrastructure. Splunk ITSI is good for that. It plays a key role in the current era where organizations face a lot of attacks. It is a ten out of ten when it comes to being useful to fix all such issues.

Splunk ITSI completely integrates with the incident management platforms. For specific alerts or notable events, Splunk ITSI can also take action with the help of playbooks and defined workflows. With integrated incident management, we can take more advanced actions and make decisions for the environment.

Splunk ITSI helps reduce incident volume. It is business-centric and service-oriented. It provides visibility and is great for predictive analytics and incident management. It also reduces downtime and gives a clear picture of services from a business perspective. I do not have the metrics, but it reduced the incidents to a large volume.

Splunk ITSI reduces the mean time to detect through machine learning and predictive analytics. It observes the normal behavior of a service. If there is any anomaly, it triggers an alert based on the KPIs that are defined. If there is any suspicious behavior, Splunk ITSI can identify that.

We can define certain actions through playbooks for an alert. It can be integrated with SOAR. It can take certain actions as soon as an alert gets triggered. In the case of a DDoS attack, if an IP is sending a lot of packets, we want to block that particular IP to our firewalls. We can define this action within our playbooks, and Splunk ITSI will be able to sort that out in a quick manner.

We can integrate it with a SOAR to automate the workflows and take certain actions. Playbooks are useful for that. I do not have the data about time savings, but it saves a lot of time. Without it, a human will have to open the ticket and go through the incident before taking action, whereas Splunk ITSI can take certain actions on its own, saving a lot of time.

Splunk ITSI has saved money from the overall business perspective. No business wants to see downtime or failure of their services. For example, if you can proactively fix an issue and prevent a payment gateway service from going down, it will save you money. Splunk ITSI is very helpful in monitoring services, and certain actions can be taken to prevent them from going down. Any service going down costs a lot of money to a business.

What is most valuable?

Splunk ITSI can be easily integrated with the incident management platform. You can automate workflows and certain actions can be taken.

I like the KPIs aspect. If we have a number of services running, we can monitor each individual service. This is one thing that I find very useful. There is a feature in Splunk ITSI called Glass Table where we can visualize each service. We can check all the services there, and we can take a look from the high level to the low level. We can look at individual service. Glass Table is one of the features I like the most.

What needs improvement?

If they can somehow integrate it with AI in the near future, it will definitely be a game changer. Other than that, I do not see any issues with it. Overall, it suits our environment. Its scalability is good. The visualization is also good. The only thing we need to take care of is how we define the services. If the KPIs for a service are wrong, it is going to generate false positives and more alert noise.

Buyer's Guide
Splunk ITSI (IT Service Intelligence)
October 2024
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.

For how long have I used the solution?

It has been approximately three and a half years since I have been using Splunk along with this premium feature or the ITSI app. 

What do I think about the stability of the solution?

We have not faced any issues so far. It is a very stable tool. It is very helpful in monitoring overall IT infrastructure.

What do I think about the scalability of the solution?

Scalability is definitely one of the key features. Splunk ITSI is very scalable. 

How are customer service and support?

We have not faced any issues so far.

Which solution did I use previously and why did I switch?

I have not used any solution other than Splunk ITSI. We have partnered with Splunk, and we provide consultancy with Splunk.

How was the initial setup?

Splunk ITSI can be implemented on-premises or on a cloud such as Azure, AWS, or GCP. It is easy to deploy.

I was a part of the team that implemented it completely. I was involved in the initial setup and monitoring of the services. We defined all the KPIs. We completely set it up. 

The process is straightforward, but it depends on if you have a multi-site or single-site setup. For a single site, it is easy, but in the case of a multi-site, when we are doing a cluster setup, it can be challenging. However, it can be done, and it is possible to implement it with the help of the right KPIs.

The duration depends on the size and the number of resources a company holds. It depends on the size of the network they have. Ideally, you would want to integrate all of the services so that you have complete visibility and you can visualize it from an attacker's perspective.

In terms of implementation strategy, we need to be sure about the services that need to be monitored so that we do not miss anything. KPIs are important to reduce the noise. 

It is not difficult to maintain, but it does require maintenance. If there is any increase in services, Splunk ITSI needs to be scaled up, and there will be some costs for the licensing part.

What about the implementation team?

We need the help of the security team. If it is going to be integrated with the service desk, we need to involve a system administrator. It depends on the privileges a company has. It varies from company to company.

What's my experience with pricing, setup cost, and licensing?

It depends on how big an organization is. If we have a lot of resources, the licensing needs to be upgraded. If we have a small environment, the licensing cost is definitely going to be less.

What other advice do I have?

To someone who already has an IT alerting and incident management solution but is considering switching to Splunk ITSI, I would say that it is a great move. Splunk gives you in-depth information about the health and performance of a particular service running within an organization. It will be a great move if they can implement Splunk ITSI in the organization.

Alert noise depends on how well you have defined the KPIs for your services. If KPIs are wrongly defined, you are definitely going to get more alert noise or false positives. To reduce that, you need to be very sure what a particular service is about and what could be a perfect KPI for that.

You need to assess the services you need to monitor. You should not miss any of the services. A small service can also be vulnerable. Based on the services, you need to define particular KPIs.

I would rate Splunk ITSI a ten out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Freelancer at a consultancy with 10,001+ employees
Real User
It's easy to navigate the solution's glass tables and find the information we need
Pros and Cons
  • "I like ITSI's glass tables. They're easy to navigate by clicking through them. The interface isn't that much different from other products I've used. It provides all the information we need in one place."
  • "We had issues with support that took a long time to resolve."

What is our primary use case?

We use ITSI for performance monitoring and incident management. How do you utilize it? I got it. And what problems were you trying to solve by implementing Splunk ITSI? That's good. 10 to 15 people use Splunk at my company.

How has it helped my organization?

ITSI helps us to monitor applications and identify performance problems or service degradation. It provides us with intelligence and enables us to act on it. We can reduce our incidents by about 10 percent. It has also reduced our time to resolve by 10 percent. 

What is most valuable?

I like ITSI's glass tables. They're easy to navigate by clicking through them. The interface isn't that much different from other products I've used. It provides all the information we need in one place. 

For how long have I used the solution?

I have used Splunk ITSI for seven months.

What do I think about the stability of the solution?

I rate Splunk ITSI eight out of 10 for stability. There are some minor issues. 

What do I think about the scalability of the solution?

I rate Splunk ITSI seven out of 10. Splunk is quite scalable, but we had some challenges in our environment.  

How are customer service and support?

I rate Splunk support seven out of 10. We had issues with support that took a long time to resolve.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously used a different solution. I don't recall which one. The license expired, so we switched to Splunk ITSI. 

How was the initial setup?

We have deployed Splunk ITSI on the cloud. The multisite deployment was complex.

What other advice do I have?

I rate Splunk ITSI eight out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Splunk ITSI (IT Service Intelligence)
October 2024
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Splunk Architect at a tech vendor with 10,001+ employees
Real User
Provides a comprehensive analysis, and end-to-end visibility, but predictive analytics has room for improvement
Pros and Cons
  • "The most valuable features are the mapping of the entities, which provides a comprehensive analysis, and the service analyzer for thresholding."
  • "Splunk ITSI generates numerous false positives and has the potential for enhancement."

What is our primary use case?

We typically utilize Splunk ITSI to monitor our infrastructure and applications. Essentially, its purpose is to map our technical services and business services up to the host level, enabling us to monitor all the key performance indicators associated with them. Additionally, it serves as a primary tool for root cause analysis and event generation.

We needed a better method for monitoring our infrastructure and applications. Both infrastructure monitoring and application monitoring rely on data files. With Splunk ITSI, we are able to visualize the mapping of end-user entities to the business service. This enables us to easily monitor the impact of our technical services on our business, as well as the underlying information, using Splunk ITSI.

We deploy on Splunk Cloud and, in addition, we utilize ITSI on top of Splunk Cloud. We have another setup where we use Splunk on-premise along with ITSI. Therefore, our team has employed both models. However, if we have a high injection rate and operate in a large environment, we leverage Splunk Cloud with ITSI since we are already utilizing it.

How has it helped my organization?

End-to-end visibility is achievable with Splunk ITSI. The key requirement is to successfully onboard the data into our robust Splunk ITSI environment, allowing us to gain insight and visibility into all our services within Splunk ITSI.

Splunk ITSI has helped improve our organization by enhancing bandwidth efficiency and serving as a unified resource for monitoring, root cause analysis, and infrastructure monitoring. Instead of relying on multiple monitoring solutions like Elasticsearch, ThousandEyes, SolarWinds, and Netcool for network monitoring, Splunk ITSI enables us to accomplish all these tasks with a single tool. In order to determine if it is deriving its value or not, we cannot state with absolute certainty that we are assessing the value. However, for certain use cases, we can observe the value within a week. But for the majority of complex scenarios, in order to fully utilize the potential of Splunk ITSI, it would take at least a month for us to realize its complete value.

Splunk ITSI has the capability to reduce our alert noise. The maturity of Splunk ITSI depends on the data we have and the level of expertise of the engineer implementing it. Since its implementation, the alert noise has been significantly reduced.

Splunk ITSI has helped us reduce the meantime associated with deep dive services.

Splunk ITSI has helped us reduce the meantime resolve. Instead of searching for multiple resources to identify the exact points, we can now analyze deep dives and services to pinpoint where the issue is occurring before it affects our system. 

What is most valuable?

The most valuable features are the mapping of the entities, which provides a comprehensive analysis, and the service analyzer for thresholding. 

What needs improvement?

Splunk ITSI's predictive analytics has room for improvement. Currently, it is limited to predicting only the health score for the next thirty minutes of the business. Consequently, we are unable to predict our health score for a full day or even for seven days. The system's capability is limited to the next thirty days, and we need enhancements to enable us to predict the health score at least seven days in advance. Furthermore, the available algorithms are also quite limited, with only around eight to nine algorithms, including linear regression and classification. We lack a diverse range of machine learning algorithms within Splunk ITSI, which is a contributing factor to the issue. Additionally, the implementation process for Splunk ITSI is quite challenging, as we struggle to find well-trained resources capable of translating our business use cases into technical outcomes effectively using Splunk ITSI. This is a crucial aspect that needs attention. 

Splunk ITSI generates numerous false positives and has the potential for enhancement.

For how long have I used the solution?

I have been using Splunk ITSI for over four years.

What do I think about the stability of the solution?

Stability depends on the infrastructure being used in ITSI. If we use their infrastructure, it means the entire server has acquired performance capability, resulting in good stability. However, when it comes to the cloud, stability is not a concern as everything is managed by Splunk. Therefore, the majority of our focus in ITSI is on the implementation part, where we need to translate the application team's requirements into technical use cases. This process requires a significant investment of our time.

What do I think about the scalability of the solution?

We can scale Splunk ITSI based on our requirements with no limitations.

How are customer service and support?

The technical support is good, but not excellent. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously used ThousandEyes, SolarWinds, and Netcool before migrating to Splunk and implementing Splunk ITSI.

What was our ROI?

Our team can enhance the value of Splunk ITSI by providing a single-pane-of-glass solution. This allows them to quickly identify potential performance issues in both their applications and infrastructure and conduct root cause analysis within a short timeframe. Previously, they had to consult multiple sources and correlate information, but now this process has become significantly easier. This is how we derive value from Splunk ITSI. Additionally, the team benefits from a single dashboard that enables them to pinpoint the exact location of performance issues, whether it's in the infrastructure layer, the malware layer, or within the application itself. They are capable of doing this effectively.

What's my experience with pricing, setup cost, and licensing?

Splunk ITSI is an expensive tool, and we need to purchase the utility license. Our sales team handles the license cost, so I'm not aware of the exact amount we need to pay, but it's significantly higher compared to other tool sets.

Which other solutions did I evaluate?

We evaluated AppDynamics and Dynatrace, but when considering factors such as cost per data localization and other considerations, since we had already invested in Splunk and found it beneficial, we decided to choose Splunk ITSI over AppDynamics and Dynatrace.

What other advice do I have?

I give Splunk ITSI a six out of ten.

In terms of incident management, we can integrate Splunk ITSI with our ITAM or ITSM layer, such as ServiceNow. However, the problem is that we often receive events and scheduled episodes from Splunk ITSI that do not meet our expectations when it comes to implementing filter sorting. As a result, we have to deal with a lot of false positives that need to be addressed before integrating with Splunk ITSM.

There are certain features, such as synthetic monitoring, analysis monitoring, and alert directors, that are not available with Splunk ITSI. Users need to be aware of the features they require before choosing an APM solution.

We have around fifty people using Splunk ITSI.

We require periodic maintenance from our end. Once we create all the key performance indicators, we need to handle additional use cases that need to be developed. If there are any issues, the team intends to onboard new data and add more servers to this particular part. They are mapping it to the KPIs, but we need to take care of it.

When evaluating Splunk ITSI, the first thing we should be clear about is the desired outcome we want to achieve from ITSI. We need to determine whether we are hiring it for specific requests or if the identified use cases by our teams can be effectively implemented using ITSI. We should not overlook this aspect. While ITSI has the potential to work wonders, implementing it can be quite challenging. It requires expertise in configuring services on the ITSI side, as it is data-intensive. Therefore, unless we have a highly skilled Splunk engineer who can handle ITSI, we won't be able to fully realize its value.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
IT Specialist at a computer software company with 1-10 employees
MSP
Integrates various tools and data sources, has real-time monitoring, and provides a clear understanding of how different environments and components are interconnected

What is our primary use case?

I just had to monitor the dashboard and infrastructure alerts and escalate them to the appropriate teams.  

I used it for both performance monitoring and incident management. We had an IT infrastructure setup on Splunk ITSI itself. There were dedicated dashboards created by the admins, and we had to monitor these dashboards for the performance of our infrastructure assets, such as the database or infrastructure access. 

We had to monitor these alerts and escalate them to the appropriate teams. For example, if a network alert showed up on the system board, we had to escalate it to the network team, such as, "We are seeing this kind of alert on the ITSI app board; please have a look into it." So, that's the main task on the Splunk ITSI app.

How has it helped my organization?

Splunk was initiated for monitoring dashboards and to have our infrastructure integrated into Splunk itself. We have several servers, databases, and multiple services running. We have applications that were dedicated to the service provider. So we had our Splunk IT set up on those servers.

Basically, to keep these applications running smoothly or to have a smooth flow of these applications, we integrated everything on Splunk. And, we need to be resilient and proactive so it doesn't cause any impact to the customers and clients and doesn't go down. We set up our monitoring dashboard on ITSI, which keeps us in touch with how the performance and health checks are going on for these components and applications.

It has a clear understanding of how different environments are related to each other. It has pretty much everything integrated within it. You just need to click a few on the board and whatever details you require are there. So, I find it pretty useful.

For predictive analysis, we have access to pull-out reports on whatever packets are integrated into our system, whatever the packet reinsurance, packet alerts, or whatever has been generated in the system. We pull out these reports based on the previous data and incidents or alerts in the environment. 

Then, after analyzing the previous data, we identify what was causing the incidents or alerts. Based on that, we have taken action to prevent incidents in the environment. So that was a really helpful feature as well because having access to the backend itself helps to identify the previous causes or incidents in the environment.

What is most valuable?

I liked how it's integrated in such a way that it's really user-friendly. You don't have to do much. Within a few clicks, you get all the data that you need, like what the server is, what the issue is, and how it can be resolved. It was all integrated into the tool itself.

I found it very easy to identify the server or the root cause. So, it helps to resolve the issue on a priority basis or as soon as possible.

The event analytics in Splunk is integrated to help avoid such incidents. Whenever we see such alerts on the board, we have to take immediate action to avoid any incidents in the future.

Sometimes, an incident happens, like the application goes down, and we receive the incident. At the same time, we receive multiple alerts on our dashboard. So, we have to escalate these alerts along with the incident call and incident procedure. We keep the teams involved by saying, "We are seeing this kind of alert on our ITSI dashboard. Please have a look into it or try to get it resolved." It provides the information IT needs about the server, database, and network connectivity. So, it was easy to identify issues when we had such alerts on the board.

Reduced incident volume: ITSI reduced our incident volume by 20 to 25%. It was really quick, and we were able to investigate whatever incidents or alerts happened in the environment. It was really good. It was really quick to identify such issues and previous issues in the environment. So, it has reduced the MTTR, the mean time to resolve an incident, by 20 to 25%. So it's really helpful.

Alert noise: I didn't see it reduced because whenever we introduce a ticket to ITSI, our system is already integrated into the service. And along with that, we are already migrating from other tools to ITSI itself. So, I'm not quite sure that it reduced it because we are continuously adding servers to ITSI. It increased our count of alerts. But I couldn't comment on that because we are continuously adding our infrastructure to ITSI. So, I haven't identified any reduction.

ITSI reduced our mean time to detect whenever we have seen any meantime to detect alerts in the environment; we get them within a fraction of a second, so we get to see the alerts on the board immediately. It is reduced by 20% to 30% as well.

It continuously refreshes itself within two to three minutes, so it's really reduced our time to detect that part. 

Splunk ITSI helped us automate routine tasks. For example, we have a daily task where we have to pull out the daily report. Based on that, we have to access whatever incidents or alerts happened or occurred during the day. 

We have to pull out the report and get all kinds of data, the details of what we have done and the kind of alerts we have seen in the day. Then this action has been taken or maybe escalated. So it was really helpful to get such data on a daily basis.

What needs improvement?

From my perspective (since I don't have administrator or developer access to Splunk ITSI), we could have a better user interface. The Splunk ITSI user interface can be improved because whenever we see the dashboard, it's mostly in text format. It doesn't have a graphical view.

It's easy to identify issues or alerts if you have a graphical representation on the dashboard. I have seen several dashboards in Splunk ITSI which have a really good graphical interface, but the integrated dashboards we have do not.

I'm not sure if it is configured in such a way or not. Maybe a developer or administrator can access that, but I feel like Splunk ITSI having a good graphical user interface would really improve the visibility of the dashboard and alerts.

For how long have I used the solution?

I have been using it for more than a year. 

What do I think about the stability of the solution?

From my perspective, it's pretty much stable. We haven't experienced anything bad or any technical downtime apart from the scheduled downtime. So, for me,  the stability is really good.

What do I think about the scalability of the solution?

It is scalable, but we didn't get to experience the scalability part because it was developer- and admin-related.

For just one location, we have more than 500 people who can access Splunk ITSI, including the technical and monitoring teams. Considering the different locations as well, it would be in the thousands, but I'm not sure about the exact count.

How are customer service and support?

The customer service and support are quite useful. Whenever we faced an issue on our Splunk ITSI server, or if alerts weren't updating, showing proper data, or generating detailed alerts, we reached out to the Splunk technical teams for support. 

They are really supportive, with quick responses and a solution-oriented mindset. They provide solutions right on time. The DevOps support provided is really good.

It was pretty good. I didn't have any bad experiences.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We had several tools before introducing Splunk ITSI. We had several other tools to monitor network, Windows, Linux, or other portal alerts. 

While having Splunk ITSI, we integrated everything into that. We have decommissioned all of the other tools, and everything is on the IT side.

I have worked on ThousandEyes and Spectrum. These tools were used to identify network alerts. We had Spectrum alerts used for network device alerts. And for ThousandEyes, we used it for the portal alerts, for each and every infrastructure component or service. We had different tools integrated to have such alerts on the board.

So, to reduce having multiple tools, our management team introduced Splunk ITSI because everything is integrated into it. It was really helpful to have just one tool for all of our components instead of multiple app tools.

How was the initial setup?

For us, it's on-prem, not on the cloud. We were planning to move it to the cloud, but it's currently on-prem.

Splunk ITSI requires maintenance. From time to time, we have downtime to integrate other tools into ITSI.

The integration of ITSI with other tools enhanced our operational capabilities and has been really helpful. To access a few other tools apart from ITSI, we have to do several things to get the data from the tools themselves. And I find that these tools are pretty slow. 

Getting the data or accessing anything on those tools is really time-consuming but ITSI was quick. We don't require special tools or special access to that environment. We have IDs created for our individuals, and we just need to access ITSI. It was pretty quick, and we didn't need to do much hard work to access all the data. It's really quite useful in that aspect.

What about the implementation team?

It was already introduced by the technical teams or maybe the administrator or developer. We just had it served on a plate, so I don't have much exposure to the development part.

It was deployed for multiple locations and departments. The network, database, Windows, and Linux departments also have the same dashboard and infrastructure to integrate their servers and alerts into Splunk ITSI. So, having exposure to multiple departments and on-prem environments is really helpful.

What was our ROI?

It was an easy tool when we also used other tools, such as ITSI. To access those tools, we had to log into VPNs and other stuff to get access to our dashboard. 

But with Splunk ITSI, I find it really useful. It was quick, it had all the information you needed, and it was customizable. You don't need to do much to access our infrastructure data. 

Within just a few clicks, you can get whatever you need from ITSI. I find it quite useful. I'll compare it to the other tools as well. It provides good insight.

It saves a lot of time. Whenever we have an incident in the environment, we use to do our priority checks on Splunk ITSI. Whenever we see such an incident, we have to investigate the previous data, see if any previous incidents happened in the environment, or maybe check if any alerts were generated in the system related to that issue. So it is quite helpful whenever we see incidents in the environment.

We have several tools along with Splunk ITSI, but I find Splunk ITSI very useful compared to the others. So I would rate it 70%. I'm satisfied with that. We don't have admin or developer access to Splunk ITSI. But whatever we have access to, I'm definitely 70% sure that ITSI is really good to have in the environment.

On the manpower, it has been reduced by one or two candidates because, obviously, we also use several tools as well, so we have a lot of strength there. However, after we integrated everything on the Splunk ITSI, we reduced our manpower, and it's less time-consuming. Each one can double their task for maybe two weeks their actions as quickly as possible as compared to the other two. Manpower, it's really helpful.

What other advice do I have?

I would recommend Splunk ITSI because it gives you access to all the information you need, and it's just a few clicks away. You just need to know how to navigate through the tool. Apart from that, everything can be done on Splunk ITSI. It's just a matter of how much knowledge you have to access the data in Splunk ITSI.  

Splunk ITSI is really helpful because whatever data you need, you're just a few clicks away from it. That's a really helpful thing to have.

I would definitely recommend it to other users because it gives you really good exposure to the environment. Whatever data you need is quickly accessible.

Overall, I would rate it an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Principle Software Engineer at a manufacturing company with 10,001+ employees
Real User
A stable solution that will hopefully save time and provide a high-level view
Pros and Cons
  • "The solution has been stable."
  • "It was an intimidating tool for us to jump into at the beginning."

What is our primary use case?

We are trying to take regular dashboards that we have for monitoring and pull them all together for a high-level view of what is going on.

How has it helped my organization?

We have not got very far with it yet. We have done a service decomposition. We had some KPIs set up, and we have got just a couple of health scores, but we have not really pulled it all together. We have not gotten value out of it yet, but we are getting there. We have not seen any improvements yet, but we have high hopes. 

Splunk has helped improve our company's business resilience, but with ITSI, we are not there yet. Splunk has been great so far in terms of the ability to predict, identify, and solve problems in real-time. I have not played around with any other IT ops platforms, but it has been fantastic for us for monitoring systems with dashboards, etc.

We have not yet experienced any cost efficiencies by switching to this solution, but Splunk has certainly saved time for our system maintainers because our dashboards now roll up alerts. We just need ITSI to pull all those alerts together so that we get one alert for one problem.

We have not had any time saving with ITSI yet. We are just not that far. It has also not yet helped to reduce our mean time to resolve, but hopefully, it will.

What is most valuable?

The solution has been stable. It seems like a great solution. We have not gotten far enough with our application to see its benefits yet, but we are getting there.

What needs improvement?

It has been a large learning curve. We used Splunk Enterprise. The dashboards are pretty simplistic for the developer at first, but when they went into ITSI, it was a different world. We lacked training. We played with it a little bit, and then we brought the Splunk team in, and they did a service decomposition and whiteboarding, and it made more sense, but it was an intimidating tool for us to jump into at the beginning.

For how long have I used the solution?

We have been using this solution for just about a year.

What do I think about the stability of the solution?

We have not had any issues related to stability.

What do I think about the scalability of the solution?

We are just starting. I have got a couple of services in there. We have not scaled anything yet.

How are customer service and support?

The support has been hit or miss. We are on a classified program, so we had clear points of contact assigned to us. There was a transition, and we have got some new ones. Everyone is busy and overwhelmed, and their hands are full, but the last couple of times that we reached out, we did not get much of a response.

In the past, their support was a nine out of ten, but recently, it has been a seven out of ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We had a homegrown user interface that had alerts, logs, and things like that, but it was painful to manage ourselves.

How was the initial setup?

We do not have any cloud. It is just on-prem. I was involved a little bit in its deployment. I was involved more as a lead but not hands-on.

We had deployed to bare metal servers at the beginning, and then we migrated to a cloud-like environment. It is not a cloud, but it is a service provider for us. At the same time, we moved to Kubernetes and containerized all of our systems. We thought we would use Splunk containers, but that did not work out for us, so we ended up pulling Splunk containers back out and installing Splunk back on VMs. That is where we are now. I do not remember the specifics, but we had trouble with deploying Splunk containers.

What about the implementation team?

We implemented it ourselves.

Which other solutions did I evaluate?

We did not evaluate other solutions because we were already using Splunk Enterprise, so it made sense.

What other advice do I have?

At this stage, I would rate it an eight out of ten because we do not have proof yet that we will get where we want to be.

Attending Splunk conferences gets me out of the office and lets me focus on Splunk for a week. They are super helpful.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
AIOPS Architect at a comms service provider with 1-10 employees
Real User
Top 20
The solution has a correlation layer where you can normalize the events from different sources
Pros and Cons
  • "What I like the most is the event correlations. It's a file structure, and ITSI has a correlation layer where you can normalize the events from different sources. Once these events are normalized, you set up rules to aggregate them into different or the same attributes. After the rules are defined, you can automate the process to solve the issue automatically."
  • "One thing ITSI could improve on is the maintenance windows. I have a huge case where I had to implement something related to the maintenance window. If you try to look up the issues in ITSI, you have to check the incidents individually, and putting hundreds of hosts in maintenance can be a hindrance."

What is our primary use case?

I use ITSI for different companies but with the same objective: to correlate alerts from different sources and assess them according to multiple frameworks. For example, I can combine the alerts from different sources into a single episode. The analyst can resolve the issue without looking in multiple places to get the necessary information.

How has it helped my organization?

ITSI was initially challenging, but you can pick it up quickly once you understand the concept. It also depends on the goal. Combining different sources into episodes is one thing, but integrating ITSI with automation or other ITSM solutions may take longer. 

The solution has a forecasting module. You must have a good infrastructure because AI takes a lot of processing, but it works well. Based on previous data, you can assess it in 30 minutes or so. Having that predictive ability is a lifesaver. 

It can streamline incident management. ITSI has a feature called Teams that lets you control access to different services to control which teams are responsible. You can control permissions and everything else. Everyone is assigned to a team with a unique experience while using the frame of the platform.

ITSI has a feature called NetFlow. It depends on what you plug into it, but in my use case, we usually click alerts before they become incidents and measure how many alerts become incidents to get an idea of how much it's helping to resolve things before they turn into incidents and have an impact. 

It has helped to reduce alert noise because we can group alerts from different sources into one ITSM ticket with information from various sources. This helps our team resolve the issue because they only need to look at a single ticket instead of opening multiple ITSMs to gather all the necessary information to assess the problem.

The amount of alert noise reduced depends on the maturity of the environment. When you set up rules to aggregate events, you have to know some information about those events, like the team that created them, the system they belong to, the impact, and whether they're infrastructure, a service, or an application. If you have those all set up, it could be a 75 percent noise reduction.

ITSI reduced our meantime to detection because ITSI is plugged into each search, and as soon as an event is detected, it's processed and sent to the responsible team. It has helped us to detect issues and resolve them faster so we can provide more information upfront to IT.

It helps the IT team resolve things faster, but it depends on the information that ITSI is grouping. If you have enough information to find the root cause, it can help to resolve everything quicker. For example, let's say an analyst is looking at five impacted services, but one of them is the root cause. If we can provide that information upfront to the analyst, he can resolve the issue much faster because he doesn't have to look at each separately to assess the cause. 

ITSI has helped us automate some tasks. Many issues aren't easily solved. You must have good communication with the team and analysts to see the steps they take to resolve something, but it can tackle the most common issues and free up time. But you must be careful not to automate something a developer should fix. Automation helps a lot, but you can't automate everything. 

What is most valuable?

What I like the most is the event correlations. It's a file structure, and ITSI has a correlation layer where you can normalize the events from different sources. Once these events are normalized, you set up rules to aggregate them into different or the same attributes. After the rules are defined, you can automate the process to solve the issue automatically. 

Generally, the visibility is decent, but you need to set it up properly to have good visibility in a way that makes sense to see the issues you need to see. In ITSI, you have the concept of services and a service tree. If it's set up correctly, it can help you find the root cause of a problem. You need someone who understands ITSI and your business. 

What needs improvement?

One thing ITSI could improve on is the maintenance windows. I have a huge case where I had to implement something related to the maintenance window. If you try to look up the issues in ITSI, you have to check the incidents individually, and putting hundreds of hosts in maintenance can be a hindrance. 

For how long have I used the solution?

I have used Splunk ITSI for four years.

What do I think about the stability of the solution?

I rate ITSI nine out of 10. I've had issues before, but they are usually caused by the configuration or infrastructure. You have to be careful when deploying Splunk across your infrastructure. 

What do I think about the scalability of the solution?

ITSI is scalable, but its engine is somewhat of a weakness. The engine runs on one machine, but ITSI is scalable because even though the engine runs on one machine, it assigns processes to other machines to work on. You can do well with ITSI horizontally, but sometimes, you need to think vertically because the processing takes some memory.

How are customer service and support?

I rate Splunk support seven out of 10. Like any support, how fast they respond depends on the priority. Overall, they've helped a lot and were willing to enter a call to see the environment and the issues themselves. I would say do a good job overall.

How would you rate customer service and support?

Neutral

How was the initial setup?

The complexity depends on your infrastructure. It's a lot easier if you have a single instance, but deploying on a cluster requires a little care. The package formats are specific to the roles of your cluster. We have to be careful with that. It's not too difficult. You can set it up in a day or two if you read the documentation. 

One person can set it up, depending on the size of the cluster. For example, if it only has two machines, one person can do it easily. You can set up a batch script to accelerate the installation. If you have that setup, you can do it easily in a day with one person. If you don't have that, it could take up to two days if you don't have much experience with ITSI.

What other advice do I have?

I rate Splunk ITSI eight out of 10. I would recommend Splunk ITSI, depending on the company's context. If the ITSM solution they have serves them well, I don't think it's necessary to switch to ITSI because it's costly. I would only recommend it to someone who knows they will get a return and have the capital to invest. Small companies probably have a bit of difficulty using ITSI. If you're a big company having issues, ITSI can help you out. 

I recommend new users read the documentation carefully and watch a few videos on it. The first thing is to wrap your head around the concept. If you try to speculate at once without understanding a few things, it could be a lot more difficult. It's helpful if they stop and read the documentation to understand each piece.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Splunk admin and splunk ITSI at Convergys Corporation
Real User
Top 20
Easily integrates, provides end-to-end visibility, and saves time
Pros and Cons
  • "The KPS used to automate the integration policy is the most valuable feature of Splunk ITSI."
  • "After upgrading Splunk ITSI from version 4.11 to 4.13, the analyzer stopped finding values for KPS and services."

What is our primary use case?

Splunk ITSI is our platform for data ingestion from various sources. We leverage it to manage Kubernetes configurations, licenses, reports, dashboards, and user permissions. Additionally, we utilize ITSI for field extraction and data model retrieval.

How has it helped my organization?

We successfully integrated Splunk ITSI with ServiceNow. The integration process was straightforward. We downloaded the Splunk Integration application from the ServiceNow app store and configured the ServiceNow account using the provided URL, username, password, and authentication method.

Splunk ITSI offers end-to-end visibility through a centralized admin console. This console allows us to monitor all aspects of our system, including indexing performance, daily resource usage, CPU utilization, and insights.

Splunk ITSI has helped our organization save time. We saw the benefits within the first three minutes of use.

We saw time to value within minutes of using Splunk ITSI.

What is most valuable?

The KPS used to automate the integration policy is the most valuable feature of Splunk ITSI.

What needs improvement?

After upgrading Splunk ITSI from version 4.11 to 4.13, the analyzer stopped finding values for KPS and services. We had to manually deploy a script to resolve this issue.

For how long have I used the solution?

I have been using Splunk ITSI for three years.

What do I think about the stability of the solution?

Splunk ITSI is stable.

Splunk ITSI is a resilient solution able to recover quickly.

What do I think about the scalability of the solution?

Splunk ITSI is scalable.

How are customer service and support?

The technical support team is great. They've helped troubleshoot our issues. Once we raise a ticket, we can continue the process using a DLL file.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial deployment is straightforward. The setup is automated.

Five people were required for the deployment.

What about the implementation team?

The implementation was completed in-house.

What's my experience with pricing, setup cost, and licensing?

The licensing is based on data usage.

What other advice do I have?

I would rate Splunk ITSI eight out of ten.

I recommend Splunk ITSI over other APMs because we can monitor everything from a single console.

Splunk ITSI is deployed across multiple locations.

No maintenance is required for Splunk ITSI.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Jamiu Olaide - PeerSpot reviewer
Data Consultant at a tech consulting company with 1,001-5,000 employees
Consultant
Top 10
Great service analyzer, infrastructure review, and the ability to retire an entity
Pros and Cons
  • "One of the excellent features is the service analyzer, which is truly impressive."
  • "I believe the refresh time should be faster."

What is our primary use case?

We utilize Splunk ITSI to enhance our IT operations within our infrastructure. Our goal is to monitor only the most critical KPIs. Additionally, we have access to a detailed overview of the KPI services and entities, allowing us to identify issues in real time. 

We deploy Splunk ITSI both on-premises and in the Splunk cloud. 

We implemented infrastructure monitoring using ITSI to track various aspects such as latencies and specific components like CPU and memory. I can now provide detailed information about the specific cause of CPU-related issues. The problem lies in determining the process through which we can obtain a high-level overview of our services. When we delve deeper, we have access to numerous details to identify the KPI responsible for disrupting the service application. I can now explore ways to monitor its performance and locate the service in question. With ITSI, we can receive alerts and easily navigate to the precise location to resolve the problem.

How has it helped my organization?

The end-to-end visibility of Splunk ITSI in our network environment depends on the individual utilizing it. While it may be present, it is crucial to possess a solid understanding of ITSI. In order to illustrate this aspect, we require a well-defined use case that demonstrates our intention to employ ITSI. Overall, I would describe the end-to-end view as highly effective. It facilitates seamless data acquisition and enables us to easily analyze the data afterward.

Splunk ITSI can be utilized for predictive analytics to prevent incidents before they happen. It is regarded as the superior option for observability. While observability is commendable, we also make efforts to view data from SignalFX and leverage ITSI's capabilities to analyze and access large volumes of data. ITSI serves as a tool for analytics, but we can also employ it for observability, albeit SignalFX remains our primary choice for that purpose.

Splunk ITSI has helped us streamline our incident management, particularly through its correlation searches and event policies. With these features, we can efficiently handle multiple tasks by grouping them together under correlations. We can easily search for and identify these tasks and then review them in-network, allowing us to determine the specific episode and identify any high alerts. This enables us to drill down and investigate further, depending on our proficiency with ITSI. Additionally, we have the ability to create a dashboard for editing reviews. This way, we can access our episodes, drill down into our dashboard, and examine the detailed information about the issues we are facing.

ITSI has helped reduce our alert noise by thirty percent. We don't need to extract a large amount of information from our correlation strategies. We can simply refine them and obtain the essential details, thus avoiding unnecessary noise in our environment. We just need to grasp the main idea.

Splunk ITSI has helped us reduce our mean time to detect by approximately fifteen percent. I have been collaborating with individuals who also utilize ITSI for the past five years, and we have observed its continuous improvement each year. The mean time to detect is contingent upon our level of dedication to ITSI in that aspect.

Splunk ITSI has helped us reduce our mean time to resolve by approximately fifteen percent. If we also have a good dashboard alongside it, we can drill down and go straight to the issue.

What is most valuable?

One of the excellent features is the service analyzer, which is truly impressive. Additionally, we have the infrastructure review, which allows us to assess our infrastructure comprehensively. That is fantastic! Furthermore, the latest ITSI connects the new tenant we have for tenant management. This feature enables us to retire an entity instead of merely deleting it, and if needed, we can easily reactivate it. There are numerous exciting new additions. Splunk ITSI itself is highly interactive, making the overall service experience truly remarkable.

What needs improvement?

Splunk ITSI could function even better, particularly when it comes to refreshing the service infrastructure. If we could have the option to go back not just sixty minutes, but also one or five minutes, it would enhance our capabilities.

The service analyzer component is excellent, particularly the default analyzer. However, I believe the refresh time should be faster. If it also takes five minutes to complete, as suggested by the KPI requirements, then the refresh time should be significantly reduced. If the data doesn't load within five minutes, our service and KPI will not function properly. Therefore, it is crucial to make it faster.

I would appreciate having more customizable dashboards to assist with in-depth analyses.

For how long have I used the solution?

I have been using Splunk ITSI for two years.

What do I think about the stability of the solution?

Since I started using Splunk ITSI, it has remained stable.

What do I think about the scalability of the solution?

Splunk ITSI is scalable.

How are customer service and support?

The documentation for Splunk Doctors is excellent, particularly when it comes to addressing installation issues. However, when it comes to Splunk Processing Language, Splunk itself is unable to assist us. I would recommend relying on the documentation as a valuable resource.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is complex. Even if we have installed ITSI, we still need to install the other apps that accompany ITSI. Perhaps we want to work on this matter, so it depends on whether I am deploying it in a large environment or just a single environment with minimal activity. Therefore, we need to include all of these in the architecture. The ITSI app is one component, but the other apps that derive from it must also be taken into consideration.

We have a tool that we use in our team to expedite the deployment process. However, we are unable to disclose the details as it is a proprietary system. On an average day, if we have access to ITSI, I can personally complete the task within a few hours due to my prior experience. However, for someone without technical expertise, it may take up to a day. Although one knowledgeable person can complete the deployment, it is easier with two people.

What was our ROI?

I have witnessed a significant return on investment in that aspect. However, it ultimately depends on the customer's use case. Everyone desires to acquire Splunk, but not everyone understands its functionality in that aspect. So, if we have a customer and a strong use case, and we know what they want, we will definitely be able to achieve it. But if we don't have a customer and lack knowledge about it, it will just remain as is.

What's my experience with pricing, setup cost, and licensing?

Splunk ITSI is expensive; however, with the appropriate use case, it justifies the cost.

Which other solutions did I evaluate?


What other advice do I have?

I rate Splunk ITSI an eight out of ten.

Anyone who is considering a point monitoring system instead of Splunk ITSI should know that with ITSI, we gain access to several other features. Even just with the service analyzer, we can observe our KPIs and identify their affected components. We can determine which settings are causing the issues and make informed decisions, such as trying alternative options. We can also evaluate if a particular KPI has significant importance, as it has a substantial impact on the overall order of operations. This provides us with a detailed perspective in terms of data and other relevant aspects. While it may not offer a purely granular view, having everything consolidated into a single interface is extremely convenient. Working with ITSI requires a considerable level of willingness and experience. However, as we are transitioning towards various new tools, including the ability to easily integrate plug-and-play devices, the only issue with ITSI might be the initial setup. Once we have it implemented, we will have the capability to accomplish all our desired tasks.

The way Splunk sells ITSI is not the way we use it. We can make much better use of ITSI. The most important aspect, in my opinion, of ITSI is the episode review. For instance, when we encounter an issue that is not immediately visible, how can we evaluate that aspect? Therefore, ITSI is beneficial. From my perspective, we need individuals to sit down and explain how it works, as it can be confusing initially. However, once we have a clear understanding, it works well.

In my organization, my team is the only one working with ITSI. We handle all deployments, and typically, we deploy on public cloud infrastructure such as Azure, AWS, and GCP. Nowadays, most deployments are cloud-based. Additionally, with the rapid growth of Splunk Cloud, installation is not a concern as it is taken care of. Our focus is on the implementation if we choose to go the Splunk Cloud route. However, we still handle the installation process ourselves, so we need to ensure our preparedness in that regard.

We have roughly 20 people in our organization that use Splunk ITSI.

In the beginning, we need to ensure that the data we receive is valid. Once we have confirmed its validity, we can rest assured that the system will generate alerts, eliminating the need to worry about maintenance.

I recommend Splunk ITSI for organizations that are interested in IT operations, monitoring, or analytics. By ensuring optimal utilization of Splunk ITSI, organizations can achieve a good return on investment that justifies the purchase.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free Splunk ITSI (IT Service Intelligence) Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free Splunk ITSI (IT Service Intelligence) Report and get advice and tips from experienced pros sharing their opinions.