Splunk ITSI (IT Service Intelligence) Reviews

I use the solution in my company for event management and areas consisting of episodes.

Splunk ITSI (IT Service Intelligence) has helped our organization correlate events into episodes.

The most valuable feature of the solution is event analytics, and it is because that was our core function when we moved from NOC to IBM Netcool Network Management and then from IBM Netcool Network Management to Splunk ITSI (IT Service Intelligence).

The main benefit I have experienced from using Splunk ITSI is that it has been helpful to have one consolidated tool.

My organization monitors multiple cloud environments using the product. In terms of the ease or difficulty one may have when trying to monitor multiple cloud environments, it is tricky. You have to learn and test things out.

It is important for our organization that Splunk ITSI (IT Service Intelligence) provides visibility into our cloud-native environment, but I would say that it is done in the dev and production environments.

Splunk ITSI (IT Service Intelligence) has helped us with the organization's business resilience. My impression of Splunk's ability to predict, identify, and solve problems in real-time, is that with the new AI feature set coming in, users can apply that logic to the episodes.

I have experienced cost efficiencies by switching to Splunk ITSI (IT Service Intelligence). The doc suggests that too has one pane of glass to go into the system and do automation straight from one page because they get hit with thousands of alerts and alarms every day, and we try to correlate that to a simplistic event.

I have experienced time to value using Splunk ITSI (IT Service Intelligence) over a couple of months.

Splunk's unified platform helps consolidate networking and IT observability tools but not security because our company is not in that space. The consolidation of tools impacts our organization since I feel it is easier to have fewer tools than more.

The dashboard function inside the individual episodes, not at the ITSI Notable Event Aggregation Policy level but actually at the correlation search layer, is an area where improvements are required.

In the next release of the tool, the product should offer a dashboard ID in the correlation search.

I have been using Splunk ITSI (IT Service Intelligence) for five years.

In the early days, the Java-based engine was kinda buggy, and some of the interfaces for Splunk ITSI (IT Service Intelligence) and event analytics needed to feel new and not outdated. It still kinda feels outdated, and I feel like Splunk hasn't really put a lot of thought into such a specific area in the last few years.

The solution's scalability is fine.

The solution's technical support team is okay. For most of the stuff I escalate, I have to always wait for a response from tier-two or tier-three level support.

I am used to solving stuff myself and providing a lot of debugging as to what tier-one or tier-two level support would do, and by the time I get to the aforementioned spot, I see that I have to wait and explain a lot of cycles because I am doing the same research as level one or level two support. I rate the technical support a five out of ten.

Neutral

I have experience with Tivoli Netcool, which is a legacy event system from IBM that has the same or similar approach as Splunk ITSI (IT Service Intelligence). I saw that Splunk ITSI (IT Service Intelligence) provides the same features as Tivoli Netcool.

When it came to the deployment part, Splunk's professional services did not know much of what our company needed, considering the level that we were expecting from the product. I come from a telco background where the company used to deal with 1,00,000 alarms a day, and event analytics wasn't something that was really built for it in the beginning when I first deployed it. There were a lot of learning curves that I had to go through to deal with the tool. As I continued to grow with the product, I started pitching probably around 20 ideas at a time to the team, and a lot of my ideas actually made it to Splunk's GA launches. I worked with Isha, Ross Wilkinson, and another person who was right in the middle between them. Though I had spoken to the senior VP of a particular sector and pitched the idea of using Fandom for IT automation, it eventually died out.

The solution is deployed on an on-premises model. I use the cloud services from AWS.

Splunk directly helped with the product's deployment.

I have experienced an ROI using the tool, considering the efficiency it offers so that we do not have to take care of certain functions.

Pricing was pretty good, and it is possible to just add on the features we want.

I considered Resolve systems for automation and a tool named Moogsoft. Moogsoft has a lot better visual capabilities and looks better than Splunk ITSI (IT Service Intelligence) when it comes to event analytics. I am hoping that with a better dashboard, Splunk ITSI (IT Service Intelligence) can build a better UI layer.

I feel like there is a lot more that can be done in the tool, but I don't know if it is going to be a dying product or if Splunk Observability will try to take over some of the core functions of Splunk ITSI (IT Service Intelligence).

I rate the solution a seven out of ten.

We use the solution to monitor throughout the enterprise. We get alerts and create incidents and use it in our ticketing tool. 

We have set up alerts so we can effectively monitor our infrastructure. Even small alerts the users face we can monitor. 

We started small with a few users and once we saw the visibility we could achieve and the performance of the solution, we rolled it out on a larger scale. 

The analysis and KPIs it provides are very useful. We can create episode monitoring. 

The service analyzer is quite useful. 

Its end-to-end visibility is very good. We can get to the root cause of troubleshooting. It makes the process easier. Troubleshooting happens very quickly - and that means we have less downtime. 

We use the predictive analysis capabilities. It plays a major role as it allows us to act faster. 

Our response time is almost instant. We can create alerts and check reports. It checks everything in real-time so that we can jump into action much faster.

It's helped with incident management. It's helped us reduce incidents while improving performance and visibility. It reduces the amount of work we need to do as well. We've likely reduced work by 30% or so. 

Since it's reduced alerts, it's reduced alert noise. We do have triggers for alerts, and we can shortlist them and troubleshoot the ones that create the most noise. 

Our performance metrics have improved. Alert noise has dropped by 60%. We've been able to maintain everything much easier. Handling the infra is simpler. 

Our mean time to detect is down to 5 minutes. That's down from 15 to 20 minutes in the past.

We're getting alerts with delays of maybe five minutes, however, we'd like to see real-time alerting in the future. 

From a predictive analysis point of view, we'd like to see emails corresponding to the alerts we get. That would be an added benefit. 

I've been using the solution at least 2 years. 

Every time we upgrade, we do find some issue, however, it does get resolved. Overall, I'd rate stability 9 out of 10. Most of the time, it's stable. 

We have two to three people using the solution. We have the solution across multiple locations. 

The solution is very scalable. 

Technical support is very good. I'm satisfied with the level of knowledge the techs have and the response time. 

Positive

We did not use any other solutions. 

The initial setup is not complex. I'm not sure exactly how long it takes to implement as it was already in place when I began.

There is some maintenance required. You may have to run regular upgrades. 

We've seen an ROI in the lack of downtime, which has improved by 80%.

I don't have any visibility on the cost of the product.

I'm a Splunk customer. 

We don't have Splunk integrated with any other solutions. 

For someone who already has an APM solution, but is considering switching to Splunk ITSI, I'd advise them to take a look at it against other solutions. However, Splunk is very, very good. It's likely to help any organization. I'd recommend it over a different monitoring solution. It eliminates much broader downtime and allows teams to act on alerts faster. 

resilience is very important to us and Splunk helps us maintain that. It's very reliable. 

I'd recommend the solution to others. 

It's a good idea to go through the documentation so that everyone is on the same page with the setup.

I'd rate the solution ten out of ten.

We use Splunk ITSI to collect the infrastructure metrics and visualize them.

Splunk ITSI provides end-to-end visibility into your IT environment. It displays key performance indicators for various services. If a KPI is red, indicating an issue, clicking on the corresponding service will take you to the server for further investigation. Splunk ITSI can also automatically trigger incidents for critical issues, allowing your support team to resolve them quickly.

It has significantly improved our incident management process. Previously, we relied solely on a service indicator that simply displayed the service status. If the indicator turned red, we would then manually create an incident report. Now, we've implemented static thresholds that automatically trigger incidents to be added to our queue. This is a major advantage.

Splunk ITSI has reduced our alert noise by 30 percent.

Since implementing Splunk ITSI, we've significantly reduced our mean time to detection. Previously, we relied on receiving incident reports, which caused delays.

Splunk ITSI has reduced our mean time to resolve.

We collect infrastructure metrics from various servers, including Windows Services. One particularly useful feature of Splunk ITSI is the ability to create custom services. This functionality makes it easy to identify specific functions that are malfunctioning or experiencing problems. With this information, we can quickly troubleshoot and fix the issues.

In Splunk ITSI, thresholds automatically trigger incidents when a service value falls below the threshold. This prevents us from automatically triggering alerts for situations where the service value is within the acceptable range. We've identified this as an issue with the ITSI product and are working with Splunk for guidance on how to implement the desired behavior.

While the overall Splunk documentation is detailed, the documentation for specific premium apps, like Splunk ITSI, is more brief.

The technical support has room for improvement.

I have been using Splunk ITSI for one year.

I would rate the stability of Splunk ITSI nine out of ten.

Splunk ITSI is a scalable solution, meaning it can handle increasing amounts of data and users as our needs grow.

We experience occasional delays in receiving solutions from Splunk technical support. Splunk's support for P3 cases seems inadequate, as they frequently switch support personnel. For instance, in a single P3 case, we had three different technical support representatives assigned. We were ultimately forced to escalate the issue to our account manager to get it resolved. In essence, we never receive complete support from a single point of contact; instead, the support team keeps changing, necessitating us to explain the problem from scratch each time.

Neutral

The initial deployment is a straightforward process. However, the time it takes can vary depending on whether we're installing for the first time or performing an upgrade. For a first-time installation, Splunk ITSI typically takes around 30 minutes. Upgrading an existing installation requires additional time to clean up previous configurations; this process usually takes about 40 minutes to complete.

Two people were involved in the deployment.

We are using Splunk Enterprise software. We contacted Splunk to demo ITSI, and we were impressed with its functionality and the included options. Therefore, we decided to try ITSI exclusively and did not evaluate any other vendors.

I would rate Splunk ITSI eight out of ten.

We're currently working on implementing adaptive thresholds. This functionality would analyze service trends over the past seven days automatically set thresholds and generate incidents based on that data. Successfully implementing this would be a significant achievement, but we're encountering some technical challenges. We've opened a support case with Splunk to address these issues, and we're hopeful for a resolution within the next few weeks.

We have around 150 people using Splunk ITSI.

Two people are responsible for the maintenance of Splunk ITSI in our organization.

I would rate the resilience of Splunk ITSI nine out of ten.

In my experience starting my career with Splunk, I haven't encountered any marketing tools that can quite compare. Splunk offers a comprehensive set of features and well-organized documentation. The detailed and clear documentation that Splunk provides is something I particularly appreciate.

I recommend Splunk ITSI.

There are multiple use cases, which include heat maps, glass tables, and predictive analysis.

The first one is mainly related to heat maps. For example, if you want to monitor the health of a server, you can prepare heat maps for that. When you set up any kind of alerts, they can get missed because people are too busy to check their emails. With these heat maps, the color changes automatically. The Cron job runs behind the scenes, and you don't need to run them manually. 

You can also set up a glass table in ITSI for the architecture. For example, a setup like Amazon would have web services, databases, queues, and other things. For the purchase and other things, it has to connect to the external world, so you need to place the complete architecture over there, and you can assign the threshold value. If there is an issue with any of the points, for example, there is an issue with the connectivity of the database, the heat maps would change in color, which helps you to easily identify that there is an issue.

It also has a concept called predictive analysis. For example, your WhatsApp chat backup happens every 24 hours or 7 hours, but you cannot predict how much bandwidth it's going to use during the backup. It might even use 100% of the bandwidth. You cannot set a proper threshold. In such cases, you can use predictive analysis. It'll analyze the data patterns, and based on the data pattern, it predicts if everything is good or if something is bad. It can predict if something is going to fail.

You can have an integration with the ticketing tools. For example, if something happens on any server or PC and you've directly integrated the tickets from Splunk to ServiceNow, it's automatically going to create a ticket in ServiceNow.

There's also a concept of episode review wherein it groups the alerts so that there's no ticket spam in ServiceNow. For example, if you are monitoring a server and it's down, there might be 10 to 20 alerts, which would create 10 or 20 separate tickets and spam your ticketing system. In such cases, you can use the episode review feature. It will merge all those tickets into one and include all the details in that.

Splunk ITSI allowed us to monitor the health of servers. We can also completely monitor an application and identify data patterns. Automation of ticketing tools can also be done with this. We can also do log monitoring with Splunk ITSI.

It's also helpful for developers. When they create an application, if there is an issue in their code, based on the output data, a request is automatically triggered to the engineering team stating that there is an issue with the code.

The visibility into an application is very good if you configure everything properly. You first have to analyze the application by using any of the monitoring tools such as Elastic, Splunk, etc. You have to analyze the application in and out, and afterward, you have to place the monitors in particular places for end-to-end visibility. For example, in the case of a home security system, to completely secure the home, you have to place the devices in a proper place. Until and unless you place the devices in a proper place, you cannot say that it's completely secured. If you are not keeping the cameras at the main entrance and the windows, or you haven't placed them properly, you can't say that the home is properly secured.

Splunk ITSI is very good for predictive analytics for preventing incidents before they occur. For everything, there are patterns, and based on the algorithm, you are allowing the machine to analyze the data and predict whether the data patterns are coming in a proper way or not. Splunk analyzes the data patterns based on the historical information that we give it. After analyzing the historical information, it creates triggers. If the data that we are feeding into the machine is incorrect, it's not going to work the same way.

There's the accuracy of alerts. In Splunk, the data is almost in real-time, so we get tickets in real-time. If there's a failure, we can roll over to the backup applications immediately. It saved about a million euros for one of our clients. They were having an issue with the Symantec antivirus that blocked the complete Citrix environment, so the workers were not able to sign in and access the application, which led to an outage. Within a matter of minutes, Splunk triggered a ticket, and they identified that they were having an issue with this particular antivirus, and they blocked it.

Splunk ITSI has helped streamline our incident management. There is efficiency in terms of clubbing the tickets and sending tickets with meaningful information, so mainly with the alerting system, you can configure as much information as you want using the Splunk monitoring tools. You can send some links in the ticket, or you can send a separate set of guidelines for the engineers on what has to be done. The clubbing of tickets has also helped a lot to avoid spamming.

Splunk ITSI has reduced our mean time to detect. Based on my experience and the feedback from others who are using it, it has saved a lot of time. The time reduction is significant when compared to other tools in the market.

It has reduced our mean time to resolve. Glass tables have been very helpful. With the help of Splunk ITSI, you can place the heat maps and services in place based on the application architecture to easily identify where the issue is coming from.

I find the episode review, glass tables, and correlation search features very useful.

Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well.

I've been using Splunk ITSI for five or six years.

I'd rate it a nine out of ten in terms of stability.

I'd rate it a nine out of ten in terms of scalability.

It isn't 100% satisfactory for all the cases. About 80% of the time, they are good, and about 20% of the time, they aren't as good. They can be very slow. We also had an incident where we asked them to upgrade to a version, but in that latest update, Splunk had removed some concepts because of price issues. As a result of removing a particular module, our complete environment failed. It took us a day to roll back the version and go back to normal. Overall, I'd rate them a seven out of ten.

Neutral

I used VMware vSphere and a CA Technologies tool. We switched to ITSI because the optimization was very less in them. There is also a significant difference in data parsing. We also have real-time data. 

At the beginning of my career, I found it to be complex because you need to know a lot of areas, such as network and firewall rules, routing methodologies, and the cluster concept. I kept on learning along with my teammates, and it's pretty good now.

In the beginning, my teammates helped me, but now I don't need any help. Depending on the load and the environment, I can build things.

One of our clients was paying two hundred thousand to three hundred thousand dollars for a report based on the complete data, whereas they could also get the data by running a couple of queries from the database. After the implementation of Splunk, we used something called DB Connect. It was a small tweak, and after that, the price was reduced to a hundred dollars or eighty dollars per annum. All they are doing now is creating or running SQL queries, getting the data back in Splunk, and based on that, triggering and sending a report. That's it. It was all about preparing proper monitoring. The data was already available. We prepared the alerts. Along with the alerts, we also prepared dashboards for the users to visually review the historical information for the past one or two years. They can even see the report month-wise. Two hundred thousand dollars to less than a hundred dollars is incomparable.

Its pricing has been changed as per the market. You get a good support service with it as well. They have 24/7 customer support. There is a portal, and if you are having issues, they are available in order to resolve them. So, its pricing isn't too much.

I'd advise learning the tool properly, understanding its capabilities, and utilizing it efficiently. One of our clients was paying hundreds of dollars towards the license, but they were utilizing it only for server monitoring. 

To someone who already has an APM solution but is considering switching to Splunk ITSI, I'd say that switching to ITSI is going to help them a little bit more. The grouping of the ticket to the users can be easily planned. It's not rocket science. It's easier compared to the other tools where you need to create a lot of configuration for that. The configuration has been segregated, which makes it easy for the applications team to set up their own monitoring and group them to avoid the number of tickets generated. You also have predictive analysis along with heat maps and glass tables, which aren't available in other APM tools in the market right now.

Overall, I'd rate Splunk ITSI an eight out of ten.

I just had to monitor the dashboard and infrastructure alerts and escalate them to the appropriate teams.  

I used it for both performance monitoring and incident management. We had an IT infrastructure setup on Splunk ITSI itself. There were dedicated dashboards created by the admins, and we had to monitor these dashboards for the performance of our infrastructure assets, such as the database or infrastructure access. 

We had to monitor these alerts and escalate them to the appropriate teams. For example, if a network alert showed up on the system board, we had to escalate it to the network team, such as, "We are seeing this kind of alert on the ITSI app board; please have a look into it." So, that's the main task on the Splunk ITSI app.

Splunk was initiated for monitoring dashboards and to have our infrastructure integrated into Splunk itself. We have several servers, databases, and multiple services running. We have applications that were dedicated to the service provider. So we had our Splunk IT set up on those servers.

Basically, to keep these applications running smoothly or to have a smooth flow of these applications, we integrated everything on Splunk. And, we need to be resilient and proactive so it doesn't cause any impact to the customers and clients and doesn't go down. We set up our monitoring dashboard on ITSI, which keeps us in touch with how the performance and health checks are going on for these components and applications.

It has a clear understanding of how different environments are related to each other. It has pretty much everything integrated within it. You just need to click a few on the board and whatever details you require are there. So, I find it pretty useful.

For predictive analysis, we have access to pull-out reports on whatever packets are integrated into our system, whatever the packet reinsurance, packet alerts, or whatever has been generated in the system. We pull out these reports based on the previous data and incidents or alerts in the environment. 

Then, after analyzing the previous data, we identify what was causing the incidents or alerts. Based on that, we have taken action to prevent incidents in the environment. So that was a really helpful feature as well because having access to the backend itself helps to identify the previous causes or incidents in the environment.

I liked how it's integrated in such a way that it's really user-friendly. You don't have to do much. Within a few clicks, you get all the data that you need, like what the server is, what the issue is, and how it can be resolved. It was all integrated into the tool itself.

I found it very easy to identify the server or the root cause. So, it helps to resolve the issue on a priority basis or as soon as possible.

The event analytics in Splunk is integrated to help avoid such incidents. Whenever we see such alerts on the board, we have to take immediate action to avoid any incidents in the future.

Sometimes, an incident happens, like the application goes down, and we receive the incident. At the same time, we receive multiple alerts on our dashboard. So, we have to escalate these alerts along with the incident call and incident procedure. We keep the teams involved by saying, "We are seeing this kind of alert on our ITSI dashboard. Please have a look into it or try to get it resolved." It provides the information IT needs about the server, database, and network connectivity. So, it was easy to identify issues when we had such alerts on the board.

Reduced incident volume: ITSI reduced our incident volume by 20 to 25%. It was really quick, and we were able to investigate whatever incidents or alerts happened in the environment. It was really good. It was really quick to identify such issues and previous issues in the environment. So, it has reduced the MTTR, the mean time to resolve an incident, by 20 to 25%. So it's really helpful.

Alert noise: I didn't see it reduced because whenever we introduce a ticket to ITSI, our system is already integrated into the service. And along with that, we are already migrating from other tools to ITSI itself. So, I'm not quite sure that it reduced it because we are continuously adding servers to ITSI. It increased our count of alerts. But I couldn't comment on that because we are continuously adding our infrastructure to ITSI. So, I haven't identified any reduction.

ITSI reduced our mean time to detect whenever we have seen any meantime to detect alerts in the environment; we get them within a fraction of a second, so we get to see the alerts on the board immediately. It is reduced by 20% to 30% as well.

It continuously refreshes itself within two to three minutes, so it's really reduced our time to detect that part. 

Splunk ITSI helped us automate routine tasks. For example, we have a daily task where we have to pull out the daily report. Based on that, we have to access whatever incidents or alerts happened or occurred during the day. 

We have to pull out the report and get all kinds of data, the details of what we have done and the kind of alerts we have seen in the day. Then this action has been taken or maybe escalated. So it was really helpful to get such data on a daily basis.

From my perspective (since I don't have administrator or developer access to Splunk ITSI), we could have a better user interface. The Splunk ITSI user interface can be improved because whenever we see the dashboard, it's mostly in text format. It doesn't have a graphical view.

It's easy to identify issues or alerts if you have a graphical representation on the dashboard. I have seen several dashboards in Splunk ITSI which have a really good graphical interface, but the integrated dashboards we have do not.

I'm not sure if it is configured in such a way or not. Maybe a developer or administrator can access that, but I feel like Splunk ITSI having a good graphical user interface would really improve the visibility of the dashboard and alerts.

I have been using it for more than a year. 

From my perspective, it's pretty much stable. We haven't experienced anything bad or any technical downtime apart from the scheduled downtime. So, for me,  the stability is really good.

It is scalable, but we didn't get to experience the scalability part because it was developer- and admin-related.

For just one location, we have more than 500 people who can access Splunk ITSI, including the technical and monitoring teams. Considering the different locations as well, it would be in the thousands, but I'm not sure about the exact count.

The customer service and support are quite useful. Whenever we faced an issue on our Splunk ITSI server, or if alerts weren't updating, showing proper data, or generating detailed alerts, we reached out to the Splunk technical teams for support. 

They are really supportive, with quick responses and a solution-oriented mindset. They provide solutions right on time. The DevOps support provided is really good.

It was pretty good. I didn't have any bad experiences.

Positive

We had several tools before introducing Splunk ITSI. We had several other tools to monitor network, Windows, Linux, or other portal alerts. 

While having Splunk ITSI, we integrated everything into that. We have decommissioned all of the other tools, and everything is on the IT side.

I have worked on ThousandEyes and Spectrum. These tools were used to identify network alerts. We had Spectrum alerts used for network device alerts. And for ThousandEyes, we used it for the portal alerts, for each and every infrastructure component or service. We had different tools integrated to have such alerts on the board.

So, to reduce having multiple tools, our management team introduced Splunk ITSI because everything is integrated into it. It was really helpful to have just one tool for all of our components instead of multiple app tools.

For us, it's on-prem, not on the cloud. We were planning to move it to the cloud, but it's currently on-prem.

Splunk ITSI requires maintenance. From time to time, we have downtime to integrate other tools into ITSI.

The integration of ITSI with other tools enhanced our operational capabilities and has been really helpful. To access a few other tools apart from ITSI, we have to do several things to get the data from the tools themselves. And I find that these tools are pretty slow. 

Getting the data or accessing anything on those tools is really time-consuming but ITSI was quick. We don't require special tools or special access to that environment. We have IDs created for our individuals, and we just need to access ITSI. It was pretty quick, and we didn't need to do much hard work to access all the data. It's really quite useful in that aspect.

It was already introduced by the technical teams or maybe the administrator or developer. We just had it served on a plate, so I don't have much exposure to the development part.

It was deployed for multiple locations and departments. The network, database, Windows, and Linux departments also have the same dashboard and infrastructure to integrate their servers and alerts into Splunk ITSI. So, having exposure to multiple departments and on-prem environments is really helpful.

It was an easy tool when we also used other tools, such as ITSI. To access those tools, we had to log into VPNs and other stuff to get access to our dashboard. 

But with Splunk ITSI, I find it really useful. It was quick, it had all the information you needed, and it was customizable. You don't need to do much to access our infrastructure data. 

Within just a few clicks, you can get whatever you need from ITSI. I find it quite useful. I'll compare it to the other tools as well. It provides good insight.

It saves a lot of time. Whenever we have an incident in the environment, we use to do our priority checks on Splunk ITSI. Whenever we see such an incident, we have to investigate the previous data, see if any previous incidents happened in the environment, or maybe check if any alerts were generated in the system related to that issue. So it is quite helpful whenever we see incidents in the environment.

We have several tools along with Splunk ITSI, but I find Splunk ITSI very useful compared to the others. So I would rate it 70%. I'm satisfied with that. We don't have admin or developer access to Splunk ITSI. But whatever we have access to, I'm definitely 70% sure that ITSI is really good to have in the environment.

On the manpower, it has been reduced by one or two candidates because, obviously, we also use several tools as well, so we have a lot of strength there. However, after we integrated everything on the Splunk ITSI, we reduced our manpower, and it's less time-consuming. Each one can double their task for maybe two weeks their actions as quickly as possible as compared to the other two. Manpower, it's really helpful.

I would recommend Splunk ITSI because it gives you access to all the information you need, and it's just a few clicks away. You just need to know how to navigate through the tool. Apart from that, everything can be done on Splunk ITSI. It's just a matter of how much knowledge you have to access the data in Splunk ITSI.  

Splunk ITSI is really helpful because whatever data you need, you're just a few clicks away from it. That's a really helpful thing to have.

I would definitely recommend it to other users because it gives you really good exposure to the environment. Whatever data you need is quickly accessible.

Overall, I would rate it an eight out of ten.

Splunk ITSI is our platform for data ingestion from various sources. We leverage it to manage Kubernetes configurations, licenses, reports, dashboards, and user permissions. Additionally, we utilize ITSI for field extraction and data model retrieval.

We successfully integrated Splunk ITSI with ServiceNow. The integration process was straightforward. We downloaded the Splunk Integration application from the ServiceNow app store and configured the ServiceNow account using the provided URL, username, password, and authentication method.

Splunk ITSI offers end-to-end visibility through a centralized admin console. This console allows us to monitor all aspects of our system, including indexing performance, daily resource usage, CPU utilization, and insights.

Splunk ITSI has helped our organization save time. We saw the benefits within the first three minutes of use.

We saw time to value within minutes of using Splunk ITSI.

The KPS used to automate the integration policy is the most valuable feature of Splunk ITSI.

After upgrading Splunk ITSI from version 4.11 to 4.13, the analyzer stopped finding values for KPS and services. We had to manually deploy a script to resolve this issue.

I have been using Splunk ITSI for three years.

Splunk ITSI is stable.

Splunk ITSI is a resilient solution able to recover quickly.

Splunk ITSI is scalable.

The technical support team is great. They've helped troubleshoot our issues. Once we raise a ticket, we can continue the process using a DLL file.

Positive

The initial deployment is straightforward. The setup is automated.

Five people were required for the deployment.

The implementation was completed in-house.

The licensing is based on data usage.

I would rate Splunk ITSI eight out of ten.

I recommend Splunk ITSI over other APMs because we can monitor everything from a single console.

Splunk ITSI is deployed across multiple locations.

No maintenance is required for Splunk ITSI.

We use the solution for intelligence. For example, if I have a website that sells games, it might have a lot of things like databases, servers, et cetera. I can see how many users have logged in, what purchases can be made, and so on. Splunk provides the logs to see all of the data for all actions on the site. I can see things on a technical level, like how CPUs are performing.

I can see things in real-time, and it's based on real data. This is the advantage Splunk has. There is complete visibility and I can monitor KPIs as well.

I can look at how my database looks, how my sales look, et cetera, and all metrics are in one place.

There's machine learning as well, including anomaly detection. You can look at and understand the date very easily. It helps us provide a complete understanding of business so that I can understand anomalies better and watch the daily data. It gives me alerts in which I can take a deeper dive.

I have a ticketing system. If I have a Splunk power user, they can look at the data and create a ticket for future inspection. People can correlate and collaborate on the same ticket.

Basically, everything you need you can find on Splunk. You can also create custom actions. 

We can do actions right on the Splunk UI. 

The compatibility is good.

The end-to-end visibility is okay. The only thing that is lacking is the application monitoring. We struggled with one use case where payments were failing and they couldn't understand if it was the infrastructure or bandwidth. The capability of recording any transaction is not possible in Splunk. You have to write your own scripts, however, it's not as user-friendly.

The predictive analytics are pretty good. I've seen people using it. That said, I'd say the admin needs a deep understanding of the infrastructure. It has a tendency to create noise. If you have a noisy system, when there's an alert, people tend to miss issues. 

Customers have noted the solution helps streamline incident management. At a single glance, there is a complete view of infrastructure. It's good for the customer on the technical side. Teams were able to map the availability of the system more accurately - up by 28%.

It's helped reduce alert noise. It can aggregate the alerts and just create an alert only when needed. From the UI, you can correlate the alerts using dynamic conditions (not just static ones).

We've been able to reduce the mean time to detect. It has a similar meantime to detect as Dynatrace. We've used it when there wasn't an existing system, and we would have had similar results with other tools in the market. It's helped with MTTR for sure. Previous to implementing Splunk, the mean time was one hour or so. Once we implemented it, the alert notification was automatically sent to people, so it automatically reduced the time to two to five minutes. 

The mean time to resolve has been reduced thanks to Splunk. 

If you are using Splunk ITS and Splunk Enterprise Security, you have to run different searches. You cannot run both on the same server. You can bifurcate it however you want, however.

The license cost is expensive. When I want a premium application it's extra. I need to pay for this on top of my base license. 

We'd like to see more use of artificial intelligence. There's no easy knowledge-base bot. It would help if they had a ChatGPT-like AI that could show them the knowledge base information they could use to address tickets.

I've used Splunk as a product for about five years. 

The solution is stable. 

The solution can scale. I'd rate it seven out of ten. There are some requirements on the backend in terms of scaling. If you want extra storage, it will cost more money. If you are adding a new server you will have to go and configure it and then you have to restart everything, so there may be downtime. 

I've contacted technical support. They were good in terms of experience. The cloud support is excellent. 

Positive

I did not previously use a different solution. 

You can install the solution on-premises or on the cloud. If you want to send the data to your own on-premises environment, you can do so.

I was involved in the initial deployment. The setup was very straightforward, however, the requirements gathering can be complex, as well as gathering the KPIs and developing an understanding of requirements. You need someone who has a complete understanding and a holistic view of the environment. 

How many people you need for the deployment depends on how big the infrastructure is, what you want to monitor, and the timeline you have.

The on-premises deployment requires maintenance as you have to monitor the server. The cloud requires less maintenance. 

We tend to implement the solution for our customers. 

The solution can be costly. You have to have a fixed license. It's very difficult for people to know beforehand how much they will be charged. 

We're Splunk partners. 

For someone who already has an APM solution and is considering switching to ITSI, I'd advise them to look at the licensing and their budget and to consider where their APM is currently lacking. If you aren't getting the alerts you need or you can't see how your infrastructure looks, it might make sense to switch. They need to be aware, however, there will be an extra cost.

Secondly, if you can't see the logs in your application and can't fetch the logs, for example, if you are on Dynatrace, and Dynatrace does not provide your login analysis, you can just go and write a query. However, it depends on what your end customer needs as well. If they need good dashboards and they need flexible dashboarding, to which you can add images, and customize the way you want, you may need something more robust, like Splunk. We were able to pull it off using Splunk ITSI as it gives you very easy-to-customize dashboards. 

To someone who's considering a point monitoring system instead of ITSI, I'll say that, depending on your infrastructure, it might be a good idea. If you have less data, and you can manage with the manual alerts, you're fine. However, if you're wasting a lot of time with the alerts and get a lot of alert noise, that means you can be missing major alerts. For major infrastructure, it's a good idea to have ITSI.

You need a minimum of 14 days before seeing time to value. 14 days is required in order to be able to use the complete solution. That allows the system to get good at anomaly detection. 

I'd rate the solution eight out of ten.

We have been using Splunk ITSI to detect anomalies in the services and monitor the health and overall performance of IT services.

We have implemented it for a few of our clients where we do monitor the entire IT infrastructure. It could be any server that they are running. It could be a mail server. It could be a web server. It could be any network device that is communicating. We monitor the health of these services and how they are performing. We check for any anomalies or threats associated with them. We create some kind of KPIs or key performance indicators that give insights into the health and services.

We are a Splunk partner. Our company provides solutions not just related to Splunk ITSI but for all the things covered by Splunk. We also provide our consultancy for all of their premium products such as SOAR and Enterprise Security. 

Splunk ITSI has a service-oriented approach to monitor the entire IT infrastructure. From a business perspective, people definitely do not want any downtime. Any downtime leads to a bad reputation for a company. Splunk ITSI is a solution that we can use to monitor every single service running within an organization. With the help of KPIs, we define the service needs. A person implementing ITSI needs to be aware of all of the services running so that they do not miss out on anything. With the predictive analysis of Splunk ITSI, we can monitor everything. If there is any anomaly, an alert gets triggered. The other thing is the integration part. We can integrate it with any of the ticketing platforms such as ServiceNow. As soon as the alerts get triggered, a ticket gets created so that a response can be made to a particular incident.

It is very integrable. It can be integrated with any network component, such as a router, or any of the logs. With the help of Glass Table, it becomes very easy to inspect if any of the services are down. If a person is trying DDoS on any of the IT servers, such as a web server, we will see a lot of packets getting injected. There will definitely be an increase in the number of packets that a server is receiving. With the help of Splunk ITSI, we can block that particular IP, so the actions can be taken at the same time.

With the help of machine learning and predictive analysis, it checks for any anomaly. It monitors the normal behavior of a service, and if there is an anomaly, it can definitely create an alert for the user. This is how Splunk ITSI works.

Splunk ITSI can integrate with various management tools for predictive analysis. It takes the data and tries to predict and see if anything is suspicious. It makes its own decision at that time, and based on the actions that are listed, it takes action on a particular incident.

Using Splunk ITSI in an IT environment is very helpful. It reduces the downtime and the time taken for a resolution. It can take certain actions on its own. We can monitor every service there. Splunk ITSI can be helpful to prevent something from going down and the users having to face any downtime, failures, or issues with the servers. There is a proactive approach where things can be fixed before they turn into a breach.

Nowadays, it has become very easy for attackers to perform any kind of attack on the servers. Every organization wants its servers to be up and running. So, there is definitely a lot of demand to monitor the entire IT infrastructure. Splunk ITSI is good for that. It plays a key role in the current era where organizations face a lot of attacks. It is a ten out of ten when it comes to being useful to fix all such issues.

Splunk ITSI completely integrates with the incident management platforms. For specific alerts or notable events, Splunk ITSI can also take action with the help of playbooks and defined workflows. With integrated incident management, we can take more advanced actions and make decisions for the environment.

Splunk ITSI helps reduce incident volume. It is business-centric and service-oriented. It provides visibility and is great for predictive analytics and incident management. It also reduces downtime and gives a clear picture of services from a business perspective. I do not have the metrics, but it reduced the incidents to a large volume.

Splunk ITSI reduces the mean time to detect through machine learning and predictive analytics. It observes the normal behavior of a service. If there is any anomaly, it triggers an alert based on the KPIs that are defined. If there is any suspicious behavior, Splunk ITSI can identify that.

We can define certain actions through playbooks for an alert. It can be integrated with SOAR. It can take certain actions as soon as an alert gets triggered. In the case of a DDoS attack, if an IP is sending a lot of packets, we want to block that particular IP to our firewalls. We can define this action within our playbooks, and Splunk ITSI will be able to sort that out in a quick manner.

We can integrate it with a SOAR to automate the workflows and take certain actions. Playbooks are useful for that. I do not have the data about time savings, but it saves a lot of time. Without it, a human will have to open the ticket and go through the incident before taking action, whereas Splunk ITSI can take certain actions on its own, saving a lot of time.

Splunk ITSI has saved money from the overall business perspective. No business wants to see downtime or failure of their services. For example, if you can proactively fix an issue and prevent a payment gateway service from going down, it will save you money. Splunk ITSI is very helpful in monitoring services, and certain actions can be taken to prevent them from going down. Any service going down costs a lot of money to a business.

Splunk ITSI can be easily integrated with the incident management platform. You can automate workflows and certain actions can be taken.

I like the KPIs aspect. If we have a number of services running, we can monitor each individual service. This is one thing that I find very useful. There is a feature in Splunk ITSI called Glass Table where we can visualize each service. We can check all the services there, and we can take a look from the high level to the low level. We can look at individual service. Glass Table is one of the features I like the most.

If they can somehow integrate it with AI in the near future, it will definitely be a game changer. Other than that, I do not see any issues with it. Overall, it suits our environment. Its scalability is good. The visualization is also good. The only thing we need to take care of is how we define the services. If the KPIs for a service are wrong, it is going to generate false positives and more alert noise.

It has been approximately three and a half years since I have been using Splunk along with this premium feature or the ITSI app. 

We have not faced any issues so far. It is a very stable tool. It is very helpful in monitoring overall IT infrastructure.

Scalability is definitely one of the key features. Splunk ITSI is very scalable. 

We have not faced any issues so far.

I have not used any solution other than Splunk ITSI. We have partnered with Splunk, and we provide consultancy with Splunk.

Splunk ITSI can be implemented on-premises or on a cloud such as Azure, AWS, or GCP. It is easy to deploy.

I was a part of the team that implemented it completely. I was involved in the initial setup and monitoring of the services. We defined all the KPIs. We completely set it up. 

The process is straightforward, but it depends on if you have a multi-site or single-site setup. For a single site, it is easy, but in the case of a multi-site, when we are doing a cluster setup, it can be challenging. However, it can be done, and it is possible to implement it with the help of the right KPIs.

The duration depends on the size and the number of resources a company holds. It depends on the size of the network they have. Ideally, you would want to integrate all of the services so that you have complete visibility and you can visualize it from an attacker's perspective.

In terms of implementation strategy, we need to be sure about the services that need to be monitored so that we do not miss anything. KPIs are important to reduce the noise. 

It is not difficult to maintain, but it does require maintenance. If there is any increase in services, Splunk ITSI needs to be scaled up, and there will be some costs for the licensing part.

We need the help of the security team. If it is going to be integrated with the service desk, we need to involve a system administrator. It depends on the privileges a company has. It varies from company to company.

It depends on how big an organization is. If we have a lot of resources, the licensing needs to be upgraded. If we have a small environment, the licensing cost is definitely going to be less.

To someone who already has an IT alerting and incident management solution but is considering switching to Splunk ITSI, I would say that it is a great move. Splunk gives you in-depth information about the health and performance of a particular service running within an organization. It will be a great move if they can implement Splunk ITSI in the organization.

Alert noise depends on how well you have defined the KPIs for your services. If KPIs are wrongly defined, you are definitely going to get more alert noise or false positives. To reduce that, you need to be very sure what a particular service is about and what could be a perfect KPI for that.

You need to assess the services you need to monitor. You should not miss any of the services. A small service can also be vulnerable. Based on the services, you need to define particular KPIs.

I would rate Splunk ITSI a ten out of ten.