I work for a consulting company that contracts with an organization to provide operation center services. We use Splunk ITSI as one of our key centralized monitoring tools for the organization. Our goal is to collect data from both the organization's centralized database, Spine, and their cloud platforms, such as AWS and Azure, and send it to Splunk for monitoring. Splunk then creates reports, alerts, and dashboards that we use to visualize the data and make the most of it.
Senior Infrastructure Consultant at Netcompany
Brings our searches to life, create multiple services, and create complex saved searches
Pros and Cons
- "ITSI includes a feature called a glass table."
- "Quality-of-life features have room for improvement."
What is our primary use case?
How has it helped my organization?
ITSI has many benefits, but its visualization for monitoring is particularly great. We have been able to identify notable events that have occurred, track them back through history, and see what data is available for a long period of time. One of the best reasons we use ITSI is because of its indexing system. We can collect data from various sources in different formats and then operate on that data, even though we have different data from AWS and Azure. Splunk does a good job of ensuring that the data is compatible with different reporting methods.
Splunk ITSI has helped us streamline our incident management process. We have a custom configuration that outputs some alerts to Slack and others to email. We package only alerts and episodes, and when an alert is triggered, an email is sent and a ServiceNow incident is raised. This has significantly streamlined our analysis process.
Splunk ITSI helped reduce our mean time to detect by ten percent.
What is most valuable?
Splunk ITSI is similar to Splunk Cloud, but it includes some additional features that are specifically useful for IT service management.
We still get the standard package with ITSI, including alerts, reports, and dashboards. However, ITSI also includes a feature called alerts and episodes, which is similar to an ITSM tool. This feature allows us to bring our searches to life and create service trees that focus on business context.
For example, if we create multiple services, we can arrange them in a tree structure. ITSI then uses a traffic light system to indicate the health of each service and its dependencies. This allows us to see the overall health of our IT environment at a glance.
ITSI also includes a powerful KPI system that allows us to create complex saved searches that power multiple different areas of our dashboard. This is very useful for tracking key performance indicators and identifying potential problems early on.
Finally, ITSI includes a feature called a glass table. This feature allows us to create visually appealing dashboards that display our KPIs and other data in a clear and concise way.
What needs improvement?
One issue we have with Splunk Cloud is that the service team is sometimes not very helpful. This is because the team is outsourced, and they often cannot provide us with the information we need. This is a major complaint of mine, and it is unacceptable given the large amount of money we pay for the service. Splunk Cloud outsources its support team, and the people who are supposed to be helping us are not very knowledgeable. They often give us unhelpful or incorrect answers.
The UI needs improvement. With real-time monitoring, we can have a service structure, but we cannot easily adjust the graphical interface. For example, if we have a long name or a 2005 feature, we cannot easily move it slightly to the right on the web page. This can be a real pain.
Our large-scale system is noisy, making it difficult to pinpoint the exact cause. This is a trade-off for using Splunk as a central monitoring tool, as we cannot give everyone access to everyone else's AWS environment. We are investigating ways to reduce the noise, but I am not sure if it is a specific ITSI problem.
Quality-of-life features have room for improvement. The search function and other features are fine, but there are a few UI changes I would make. For example, I would like to be able to extend the graphical user interface so that we can see the full name by moving the window around. It is currently difficult to work with.
We can create a correlation search, but when we save the page, it redirects us to the search system. We should be able to save the page and stay on the page, which is a bit annoying.
We have a lookup file, but it doesn't work very well. In fact, it doesn't work at all. I hope Splunk fixes this at some point. When we make a change, it completely wipes out the change. It also says to type in the search bar, click on what we need, and if we make a slight adjustment, it will completely wipe out the search bar and we have to start over. This is very annoying.
Buyer's Guide
Splunk ITSI (IT Service Intelligence)
June 2026
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
902,988 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Splunk ITSI for two years.
What do I think about the stability of the solution?
Splunk ITSI is stable. Resilience is essential for our organization. We need it to be active all the time. It is incredibly important because some of our services are platinum-level. If anything goes wrong, we want to know about it instantly. It is very important that ITSI is stable and works as expected, which it does. We have not had too many problems where things have gone wrong. Most likely, these problems have been configuration issues, rather than our availability going down and us being unable to access Splunk. Splunk is up all the time and rarely goes down.
What do I think about the scalability of the solution?
Splunk ITSI is scalable, and scaling is a primary feature of cloud products. With an enterprise license, we can scale as much as we need. However, scalability also depends on our hardware. If we purchase good hardware to run Splunk on, we should be able to scale easily by creating shared clusters, index clusters, and other types of clusters, and pairing them together.
How are customer service and support?
Splunk's technical support is not very good. They outsource their support, and the outsourced support team is not very knowledgeable. I believe that in-house technical support would be better.
Which solution did I use previously and why did I switch?
The organization was using Splunk Enterprise which is similar to ITSI.
What's my experience with pricing, setup cost, and licensing?
Splunk ITSI is expensive. We pay for the package once the sales team has priced all of our data and other relevant factors. We don't incur any further costs if we pay for a package. On its own, Splunk ITSI can be quite expensive, which is what scares many customers away. If a customer has the budget to use Splunk ITSI, then it is an excellent choice. It is one of those products where we may need to start weighing up different solutions. Splunk was recently sold to Cisco, and it could become the centralized monitoring tool for the organization for x, y, and z. I believe that our package is one of the lowest priced in the UK, even though we are squeezing as much value as possible out of the service. I would say that we should prioritize longevity over making an extra million pounds or so because that will come with time. However, I don't think that everyone sees it that way.
What other advice do I have?
I would rate Splunk ITSI eight out of ten.
The visibility is good, but the issue we are interested in is split into different factions in some parts. Currently, we are not using ITSI to its full potential. The organization is enterprise-scale, which is huge. It is therefore very difficult to implement some of the ITSI best practices because we have so many different areas, each doing things differently. Standardization is difficult to achieve because everything is so massive. We could better use ITSI to its full capacity, but that is on us. However, I think it would work much better if it were a bit smaller in scale.
Cost is definitely a concern. Splunk can be quite expensive, especially if we are tied into a contract. However, it offers more features and capabilities than other solutions. I don't have a lot of experience with Splunk, but the way it aggregates data is very good. It can also parse and strap data, and search and operate on the data that is sent in. This is also very good. I suggest cleaning up the data before sending it to Splunk. This will make it easier to get real-time monitoring of the data needed. We pay for ingestion and storage, so it makes sense to only send in the data that we need. Splunk is a very good tool to use for building and operating real-time analytics dashboards. It has very good visualization, data separation, and real-time analytics capabilities. It can also create very complex queries that can do a lot.
We have over 50 users spread across the organization, and we implement around 100 or more services. Each service may have a tech lead in x and y and an architect in z. Therefore, Splunk ITSI reaches out to many different people in those departments.
Splunk Cloud takes care of all the maintenance. We simply open a case and they implement any new version as needed.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Senior Manager Ict & Innovations at Bangalore International Airport Limited
Empowers organizations to efficiently monitor, analyze, and optimize complex IT environments
Pros and Cons
- "The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes."
- "It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs."
What is our primary use case?
It has enabled effective monitoring, allowing for a comprehensive view of the growing complexity within the IT infrastructure.
How has it helped my organization?
The enhancement to our organization stems from its ability to consistently run rules, actively identifying significant events. This involves an ongoing process of aggregating and configuring notable events into a coherent resource. Additionally, the container version automates website functionalities, including tasks like email reception, providing a heightened level of control.
It has proven highly effective in real-time monitoring of service assistance and KPIs. There has been a noticeable enhancement in automated event clustering. Additionally, the platform facilitates comprehensive analysis for proactive incident prevention.
The end-to-end visibility provided into our network environment is a potent tool for real-time monitoring. It significantly contributes to the monitoring and analysis of complex multi-cloud IT solutions, playing a pivotal role in ensuring efficiency.
Leveraging predictive analytics to proactively prevent incidents before they manifest empowers operations to establish effective management and automation of information related to business processes.
It aids in minimizing alert noise, proving highly effective in incident management. Furthermore, it facilitates root cause analysis.
What is most valuable?
The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes. It promptly raises a red flag, signaling an effective early warning system.
The resilience it provides is invaluable. It ensures continuous application of rules, specifically for identifying notable events, and utilizes revision policies to configure hardware solutions into edge servers. This is essential for my operations to seamlessly proceed.
What needs improvement?
It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs.
For how long have I used the solution?
I have been using it for one year.
What do I think about the scalability of the solution?
It provides good scalability. Approximately, a hundred users use it effectively.
How are customer service and support?
I would rate the customer service and support eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
The installation involves developing a strategy to comprehend the essential services for proper monitoring. Additionally, it entails determining the specific type of intelligent alerts, clusters, and dashboards needed for effective planning. It was done in-house by one individual.
What was our ROI?
The implementation of this solution quickly demonstrated its value.
It resulted in a time reduction of six hours through its implementation.
It contributed to a six-hour reduction in the meantime to detect incidents.
It assisted in decreasing the mean time to resolve by four hours.
What other advice do I have?
Choosing IT Service Intelligence (ITSI) over other vendors is a superior option now, as it operates on a data platform capable of efficiently collecting and managing large volumes of machine-generated data. It would greatly support the utilization of proper predictive analytics due to the capability to preemptively prevent incidents ten to twenty minutes in advance. Overall, I would rate it eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Splunk ITSI (IT Service Intelligence)
June 2026
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
902,988 professionals have used our research since 2012.
Splunk Architect at a government with 501-1,000 employees
The time it takes to pinpoint an issue, from when it's triggered to resolution is quick
Pros and Cons
- "Having a structure on how to resolve incidents is the most valuable aspect."
- "They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve."
What is our primary use case?
We have a couple of different use cases including incident management, correlation, and mapping out incidents.
What is most valuable?
Having a structure on how to resolve incidents is the most valuable aspect.
It is pretty important to us that it offers end-to-end visibility. That's how we do the ITSI incident setup. It needs to have an overview.
It has helped improve the business' resilience. Splunk's ability to predict, identify and solve problems in real-time is pretty good. I've been a Splunk customer for almost six years.
The time it takes to pinpoint an issue, from when it's triggered to resolution is where I've seen the most value out of Splunk.
We have seen time to value using ITSI. It took a few months to see this value.
What needs improvement?
They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve.
For how long have I used the solution?
I have been using Splunk ITSI for one year.
What do I think about the stability of the solution?
The product is pretty stable.
How are customer service and support?
We had a support person who was instrumental in getting it set up.
I would rate support an eight out of ten. It's nice to have the help but we'd also like to be independent and that's taking a bit of time to get onboarded.
How was the initial setup?
The initial setup is easy. We had someone come in. It took around a month or so and he's still with us helping to implement.
What other advice do I have?
Overall, I rate the solution a seven out of ten. I'm getting up to speed with it.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Software Designer at a financial services firm with 501-1,000 employees
Provides end-to-end visibility, improves our incident management process, and reduces our alert noise
Pros and Cons
- "One particularly useful feature of Splunk ITSI is the ability to create custom services."
- "We experience occasional delays in receiving solutions from Splunk technical support. Splunk's support for P3 cases seems inadequate, as they frequently switch support personnel. For instance, in a single P3 case, we had three different technical support representatives assigned. We were ultimately forced to escalate the issue to our account manager to get it resolved. In essence, we never receive complete support from a single point of contact; instead, the support team keeps changing, necessitating us to explain the problem from scratch each time."
What is our primary use case?
We use Splunk ITSI to collect the infrastructure metrics and visualize them.
How has it helped my organization?
Splunk ITSI provides end-to-end visibility into your IT environment. It displays key performance indicators for various services. If a KPI is red, indicating an issue, clicking on the corresponding service will take you to the server for further investigation. Splunk ITSI can also automatically trigger incidents for critical issues, allowing your support team to resolve them quickly.
It has significantly improved our incident management process. Previously, we relied solely on a service indicator that simply displayed the service status. If the indicator turned red, we would then manually create an incident report. Now, we've implemented static thresholds that automatically trigger incidents to be added to our queue. This is a major advantage.
Splunk ITSI has reduced our alert noise by 30 percent.
Since implementing Splunk ITSI, we've significantly reduced our mean time to detection. Previously, we relied on receiving incident reports, which caused delays.
Splunk ITSI has reduced our mean time to resolve.
What is most valuable?
We collect infrastructure metrics from various servers, including Windows Services. One particularly useful feature of Splunk ITSI is the ability to create custom services. This functionality makes it easy to identify specific functions that are malfunctioning or experiencing problems. With this information, we can quickly troubleshoot and fix the issues.
What needs improvement?
In Splunk ITSI, thresholds automatically trigger incidents when a service value falls below the threshold. This prevents us from automatically triggering alerts for situations where the service value is within the acceptable range. We've identified this as an issue with the ITSI product and are working with Splunk for guidance on how to implement the desired behavior.
While the overall Splunk documentation is detailed, the documentation for specific premium apps, like Splunk ITSI, is more brief.
The technical support has room for improvement.
For how long have I used the solution?
I have been using Splunk ITSI for one year.
What do I think about the stability of the solution?
I would rate the stability of Splunk ITSI nine out of ten.
What do I think about the scalability of the solution?
Splunk ITSI is a scalable solution, meaning it can handle increasing amounts of data and users as our needs grow.
How are customer service and support?
We experience occasional delays in receiving solutions from Splunk technical support. Splunk's support for P3 cases seems inadequate, as they frequently switch support personnel. For instance, in a single P3 case, we had three different technical support representatives assigned. We were ultimately forced to escalate the issue to our account manager to get it resolved. In essence, we never receive complete support from a single point of contact; instead, the support team keeps changing, necessitating us to explain the problem from scratch each time.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial deployment is a straightforward process. However, the time it takes can vary depending on whether we're installing for the first time or performing an upgrade. For a first-time installation, Splunk ITSI typically takes around 30 minutes. Upgrading an existing installation requires additional time to clean up previous configurations; this process usually takes about 40 minutes to complete.
Two people were involved in the deployment.
Which other solutions did I evaluate?
We are using Splunk Enterprise software. We contacted Splunk to demo ITSI, and we were impressed with its functionality and the included options. Therefore, we decided to try ITSI exclusively and did not evaluate any other vendors.
What other advice do I have?
I would rate Splunk ITSI eight out of ten.
We're currently working on implementing adaptive thresholds. This functionality would analyze service trends over the past seven days automatically set thresholds and generate incidents based on that data. Successfully implementing this would be a significant achievement, but we're encountering some technical challenges. We've opened a support case with Splunk to address these issues, and we're hopeful for a resolution within the next few weeks.
We have around 150 people using Splunk ITSI.
Two people are responsible for the maintenance of Splunk ITSI in our organization.
I would rate the resilience of Splunk ITSI nine out of ten.
In my experience starting my career with Splunk, I haven't encountered any marketing tools that can quite compare. Splunk offers a comprehensive set of features and well-organized documentation. The detailed and clear documentation that Splunk provides is something I particularly appreciate.
I recommend Splunk ITSI.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Site Reliability Engineering Manager & DevOps Lead Global at a tech vendor with 10,001+ employees
Reduces time to resolve and alert noise but is missing a release comparison feature
Pros and Cons
- "The root cause analysis is very helpful for us."
- "Predictive analytics, in terms of preventing incidents before they occur, still needs time to mature."
What is our primary use case?
We use the solution for event management, observability, application management, application performance management, anomaly detection, problem detection, and creating different rules for the anomalies for different events. It's application performance monitoring. The entire area of service is managed by ITSI, and offers automated detection and everything.
What is most valuable?
The root cause analysis is very helpful for us.
There's one feature which is a prediction and detection feature that we have gone through. We are not thoroughly using it. However, for us, I would say that root cause analysis, problem detection, and anomaly detection are the most helpful features.
The end-to-end visibility of IT assigned to our network environment is great. The endpoint visibility is definitely helpful, and that is mainly for the application team. We can take a deep dive into the incident. In the everyday work that we do, we don't really use endpoint visibility since that is not required if we look at normal and general use cases. That said, when it comes to an incident during an outage, end-to-end visibility helps us deep dive or drill down to find out the root cause and how to make the platform better for the future.
The product has helped to streamline our incident management with end-to-end visibility. It helps in streamlining the incidents that are coming in. For example, for the authentication service that we have, users for certain regions are not able to authenticate completely. That likely means there's an issue with that region. That is an incident. In that case, I would look at endpoint visibility from the infrastructure to the end of the service call, including all the scans, tracing, and everything. Looking at it helps provide a resolution.
Our alert noise has been reduced.
Our main time to detect has been reduced as well. Previously, we used to take a lot of time getting to the root cause of what happened. We've been able to resolve this quicker, and our main time to detect has been drastically reduced.
In addition, we've been able to reduce the time to resolve.
What needs improvement?
Predictive analytics, in terms of preventing incidents before they occur, still needs time to mature. I am not very, I would say, convinced of the prediction feature's capabilities.
It does not have a release comparison on the server comparison feature. For example, if you have an application, and you introduce a new feature, and you're going to deploy it, then the release comparisons should show automatically or generate a report to show the impact of the feature on the overall application. It should show what you can do to optimize it.
For how long have I used the solution?
I've used the solution for around five years.
What do I think about the stability of the solution?
The stability has been good.
What do I think about the scalability of the solution?
The solution is highly scalable and flexible.
How are customer service and support?
I've contacted support multiple times. Their service is average. They are not very quick.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I've used a few different solutions, like Dynatrace and Datadog. I've used Elasticsearch and Moogsoft as well.
Dynatrace is an overall package. I'd choose it over ITSI. Splunk is never a package. It does not provide application performance monitoring. Dynatrace is a full-fledged APM tool that includes infrastructure, APM, synthetic monitoring, and user monitoring alongside AI ops, which are very strong. It's a mature platform.
How was the initial setup?
I was involved in the initial setup. It's a very straightforward process. Deploying the platform takes a couple of hours at a maximum. The configuration is more subjective in terms of how long it takes. For example, how many applications do you have? How many environments? We have three environments in the US, and with approvals, it took us around 20 days.
It's a SaaS solution and does not require maintenance. It's a one-click upgrade if you want to upgrade anything.
What about the implementation team?
Once you buy a license, Splunk is involved and can help with the deployment. They have three or four free consulting sessions initially. They are very involved in the pilot phase. post-pilot, you have regular support.
What's my experience with pricing, setup cost, and licensing?
The product is expensive. It's one of the most expensive options, although maybe not as expensive as Datadog.
What other advice do I have?
We might be partners with Splunk.
It's readily available. You don't have to wait very long to witness the benefits of the solution.
I'd rate the solution seven out of ten.
If you are looking for an AI solution alongside APM, use a platform with everything in place. However, if you still want to go for a dedicated AIS platform, make sure it integrates with your existing logging and APM tools. However, my position is that it's better to use one platform for the entire opportunity.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Manager at Norwin Technologies
We can optimize business processes and systems, and reduce alert noise
Pros and Cons
- "ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use."
- "Splunk ITSI consumes a lot of CPU resources."
What is our primary use case?
We use Splunk ITSI for better CMDB management and control of all infrastructure devices.
We had many old devices and legacy systems, and architects used to configure them as they saw fit. To streamline and standardize our operations, we had to rely on Splunk. Splunk invented device discovery, which allowed us to learn what devices are on the network, what type they are, and how to classify them. Splunk ITSI has been very helpful to us.
We deployed Splunk ITSI on-premises, and it can also be deployed in the cloud.
How has it helped my organization?
Splunk ITSI helps the advisory board's cab team increase efficiency by instilling trust in systems over manual administrators. Splunk ITSI also provides a central source for the documentation of our application dependencies.
Splunk ITSI provides end-to-end visibility into our network environment, which reduces the manual effort required to capture configuration data and helps us identify weaknesses in our network.
Once we have implemented the CMDB to meet our requirements, Splunk ITSI's predictive analytics can identify any devices that will be affected by planned changes and provide us with that information. This will allow us to prioritize incidents based on their criticality and notify stakeholders accordingly.
Splunk ITSI has helped our organization in many ways. It has centralized all resources for administrators and service personnel. Architects can plan better using the environmental details provided by ITSI. The CAB team can provide approvals quickly because the information is easily accessible. Splunk ITSI is reliable, and its AI-driven predictive analytics help identify potential component or device failures.
Splunk ITSI streamlined our incident management by allowing Splunk administrators to easily see all incident details and cascade them down to relevant stakeholders and customers. This enabled us to inform the service desk team so they could better prepare responses to end-user queries. We can also easily identify and address infrastructure challenges affecting specific companies.
It helps reduce our alert noise by a minimum of ten percent and it can go significantly more. We categorize and close alerts directly through ServiceNow after integrating our account. This automated process frees up our admins' time to focus on more important tasks.
Splunk ITSI has reduced our MTTD by over ten percent. We can meet our SLAs with Splunk ITSI 99.8 percent of the time. It has also reduced our MTTR by five to ten percent each quarter. We can resolve almost 90 percent of our tickets.
What is most valuable?
With Splunk ITSI, we can optimize business processes and systems. ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use. This also enables proactive responses to trends and events, as events are already segregated based on how they have been mapped.
What needs improvement?
Splunk ITSI consumes a lot of CPU resources. I would like a more lightweight solution in terms of resource consumption.
The price has room for improvement.
For how long have I used the solution?
I have been using Splunk ITSI for five years.
What do I think about the stability of the solution?
Splunk ITSI is stable.
Resilience is valuable because it functions perfectly, helping to reduce risk and assist our admins and architects.
What do I think about the scalability of the solution?
Splunk ITSI is scalable.
Which solution did I use previously and why did I switch?
We previously used our internal CMDB solution, which was not streamlined and depended on a few key architects. We wanted more control and better governance, so we switched to Splunk ITSI.
How was the initial setup?
The difficulty level of the deployment depends on the knowledge of those doing the implementation. A person with moderate knowledge will require some time to do all the configurations.
Our deployment took around four to six weeks to complete.
What was our ROI?
I have seen ROI from Splunk ITSI of close to 30 percent at both my current and previous organizations. The returns have been presented to leadership.
What's my experience with pricing, setup cost, and licensing?
The cost of the modules is a bit high for non-global companies, making it difficult for them to afford Splunk ITSI.
What other advice do I have?
I would rate Splunk ITSI eight out of ten.
Splunk ITSI is the best application performance monitoring tool because it helps administrators do their jobs better, has more computing power, and allows staff to focus on governance and automation.
Organizations may benefit from considering a point monitoring system instead of Splunk ITSI, depending on their environment.
We achieved time to value with Splunk ITSI within the first four to six weeks of deployment.
Splunk ITSI is deployed across multiple departments in our organization and there are 20 users.
Maintenance is required for updates.
I recommend Splunk ITSI. The solution can discover all types of devices in our environment.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Officer at State Street
Enables us to consolidate tools but it should improve its pricing
Pros and Cons
- "Alerts and episodes are valuable to me."
- "The solution should integrate more features in NEAP."
What is our primary use case?
We use the solution to monitor our own internal applications. We monitor analogs and various other DB Connect sources.
How has it helped my organization?
The tool has replaced some other products in our organization. It’s coming in very handy.
What is most valuable?
Alerts and episodes are valuable to me. These features put all notable events together and give us an opportunity to take action.
What needs improvement?
We can take actions based on NEAPs, like emails and service now tickets. It is pretty basic at the moment. The solution should integrate more features in NEAP.
For how long have I used the solution?
I have been using the solution for about a year.
What do I think about the stability of the solution?
The solution is pretty stable.
What do I think about the scalability of the solution?
The product is extremely scalable.
How are customer service and support?
I work with a lot of Splunk’s support people. I like them. They're all good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using a software called Genius. We use Splunk IT Service Intelligence now, and it's more cost-effective overall.
What about the implementation team?
I have been maintaining the solution. The product is straightforward to maintain. We just need to follow the best practices, and it works. We have a lot of users, so it's difficult controlling what the users do in the environment.
What was our ROI?
The tool is a centralized place to collect all our data and compute against it. It has the potential for an ROI.
What's my experience with pricing, setup cost, and licensing?
Pricing has some room for improvement.
Which other solutions did I evaluate?
We evaluated other options, but Splunk seemed to be the best. It is the industry leader, so it was a no-brainer.
What other advice do I have?
We have an on-prem instance. Everything's pretty much on-prem. We work with cloud logs. Monitoring multiple cloud environments using the solution is pretty straightforward and easy. It is extremely important to us that the solution has end-to-end visibility into our cloud-native environment.
The solution has helped reduce our mean time to resolve. The product has helped improve our organization’s business resilience. Its ability to predict, identify, and solve problems in real-time is pretty good as long as the source is good and we use it well.
The tool’s ability to provide business resilience by empowering staff is alright. We have experienced cost efficiencies by switching to Splunk IT Service Intelligence. I know it used to be ingestion, and now it's like a CPU. It's always evolving. I was not involved in the initial setup. The solution still has some room for improvement.
Overall, I rate the product a six or seven out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Technical Associate at Positka
It gives our customer complete visibility from one dashboard, helping them to develop a proactive response
Pros and Cons
- "We save substantial time on monitoring tasks because we don't have to search for what we need. Everything is packed, so you can drill down to the end values by just doing the kit. We don't spend a lot of time on this. Splunk ITSI is easy to use and not time-consuming."
- "We're using predictive analytics, and there are three or four algorithms. It would be helpful if this process were more standardized and scalable."
What is our primary use case?
We use Splunk ITSI for IT monitoring. It helps us monitor all our servers for things like CPU utilization and other performance metrics. We can integrate complex architectures with the service and connect the core to multiple data sources. Our customers' environments vary. In the last project, they had around eight departments and 75 employees, so I needed a web server for each department.
How has it helped my organization?
Before we shifted our customers to Splunk ITSI, they had issues getting insights in some circumstances. Now they have complete visibility from one dashboard. It helps them monitor and develop a proactive response to address the problems before they cause trouble.
One issue we faced before implementing Splunk was that our customers couldn't predict how long it would take to reach their storage limit. Now we can categorize issues according to severity.
Splunk ITSI has enabled us to streamline incident management by adopting aggregated policies. Instead of getting rid of incidents, we are placing these into several groups and removing the duplicates to see some insights based on previous incidents.
We've been able to reduce alert noise using policies. By grouping the policies, we're able to avoid redundant alerts. When we used the other solution, we would sometimes get repeated warnings, but we eliminated that by implementing aggregate policies.
From IPSI, we can see the metrics and drill down. We can build a tool to check the metrics based on severity. Instead of taking every event's logs, we are directly getting the root cause of the issue. From there, we can see that it obviously reduces the rest of the time.
The solution has reduced our mean time to resolve issues. Before implementing it, we typically needed around six to eight hours to close a ticket. When we had an alert, we had to review all the native logs to find the correct server. With ITSI, I can see a score that tells me about potential issues before they arise. I can see if there is a critical problem with a server or application based on the data flows and resolve it.
What is most valuable?
I like ITSI's service analyzer. We can integrate and group the service, then create multiple KPIs in the service analyzer we can monitor. We can use multiple connectors to get end-to-end network visibility. Many organizations prefer appliances, and we can completely integrate the appliance with the source to gain complex insights throughout the network.
We are getting real-time insights from the service and the vendor and doing some projects using security analytics to check the path. We can monitor the behavior of an appliance or the organization and how they are using it. For example, you might see high usage on specific days and low usage on weekends. If we can identify patterns from this, it can help us predict the future.
What needs improvement?
We're using predictive analytics, and there are three or four algorithms. It would be helpful if this process were more standardized and scalable.
For how long have I used the solution?
I have used Splunk ITSI for nearly a year.
What do I think about the stability of the solution?
Splunk ITSI is stable. The latest version is more stable than the previous one.
What do I think about the scalability of the solution?
Splunk ITSI is scalable. We can compare multiple APIs and services, so everything is organized and manageable. We can drill down to the bottom of all the logs on events.
How are customer service and support?
I rate Splunk technical support a nine out of ten. If we work with cloud architecture, we usually need some help from Splunk, so we often need to contact support and ask for changes. We prepare the case, have a conversation with them, and get it done.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using service providers, but we had a log management solution and some other open source tools. We relied on custom builds of open source solutions.
How was the initial setup?
Splunk ITSI can be deployed in the cloud or on-prem depending on the customer's requirements. For example, if someone is running this in a closed environment, we can go with the on-prem deployment. Otherwise, customers will mostly go for a cloud deployment. We use AWS.
When I started the training, it seemed somewhat complicated, but once you learn a bit, it becomes straightforward. It isn't terribly complex. The deployment strategy depends on the scope of the project, such as whether you have a cluster or a distributed environment.
You can deploy it with a team of three or four. Someone needs to take care of the prerequisites like clustering and another person might take care of the integration. Another will configure the dashboards. The process takes about five days.
What was our ROI?
We save substantial time on monitoring tasks because we don't have to search for what we need. Everything is packed, so you can drill down to the end values by just doing the kit. We don't spend a lot of time on this. Splunk ITSI is easy to use and not time-consuming.
The time to value is fast. The implementation takes time, but the customer can see value immediately once everything is configured, permissions are set, and we're ready to move.
What other advice do I have?
I rate Splunk ITSI a 10 out of 10. We need our website up 24/7, or we'll lose business. Every minute that it's down we lose money. I would recommend this to anyone who runs a business online and needs to monitor their infrastructure.
If you're considering a point monitoring system instead of ITSI, I would say it depends on the information you are using. Generally, Splunk ITSI is the advanced option that gives you multiple features together with service intelligence and analytics. You can make wonderful dashboards. Comparatively, this is enough to monitor the company's infrastructure.
In ITSI, we can also integrate application and database logs, so the customer might get some research to predict when the database goes down. ITSI can be helpful to manage the customer infrastructure and minimize the impact on their business.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Splunk Architect at a tech vendor with 10,001+ employees
Provides a comprehensive analysis, and end-to-end visibility, but predictive analytics has room for improvement
Pros and Cons
- "The most valuable features are the mapping of the entities, which provides a comprehensive analysis, and the service analyzer for thresholding."
- "Splunk ITSI generates numerous false positives and has the potential for enhancement."
What is our primary use case?
We typically utilize Splunk ITSI to monitor our infrastructure and applications. Essentially, its purpose is to map our technical services and business services up to the host level, enabling us to monitor all the key performance indicators associated with them. Additionally, it serves as a primary tool for root cause analysis and event generation.
We needed a better method for monitoring our infrastructure and applications. Both infrastructure monitoring and application monitoring rely on data files. With Splunk ITSI, we are able to visualize the mapping of end-user entities to the business service. This enables us to easily monitor the impact of our technical services on our business, as well as the underlying information, using Splunk ITSI.
We deploy on Splunk Cloud and, in addition, we utilize ITSI on top of Splunk Cloud. We have another setup where we use Splunk on-premise along with ITSI. Therefore, our team has employed both models. However, if we have a high injection rate and operate in a large environment, we leverage Splunk Cloud with ITSI since we are already utilizing it.
How has it helped my organization?
End-to-end visibility is achievable with Splunk ITSI. The key requirement is to successfully onboard the data into our robust Splunk ITSI environment, allowing us to gain insight and visibility into all our services within Splunk ITSI.
Splunk ITSI has helped improve our organization by enhancing bandwidth efficiency and serving as a unified resource for monitoring, root cause analysis, and infrastructure monitoring. Instead of relying on multiple monitoring solutions like Elasticsearch, ThousandEyes, SolarWinds, and Netcool for network monitoring, Splunk ITSI enables us to accomplish all these tasks with a single tool. In order to determine if it is deriving its value or not, we cannot state with absolute certainty that we are assessing the value. However, for certain use cases, we can observe the value within a week. But for the majority of complex scenarios, in order to fully utilize the potential of Splunk ITSI, it would take at least a month for us to realize its complete value.
Splunk ITSI has the capability to reduce our alert noise. The maturity of Splunk ITSI depends on the data we have and the level of expertise of the engineer implementing it. Since its implementation, the alert noise has been significantly reduced.
Splunk ITSI has helped us reduce the meantime associated with deep dive services.
Splunk ITSI has helped us reduce the meantime resolve. Instead of searching for multiple resources to identify the exact points, we can now analyze deep dives and services to pinpoint where the issue is occurring before it affects our system.
What is most valuable?
The most valuable features are the mapping of the entities, which provides a comprehensive analysis, and the service analyzer for thresholding.
What needs improvement?
Splunk ITSI's predictive analytics has room for improvement. Currently, it is limited to predicting only the health score for the next thirty minutes of the business. Consequently, we are unable to predict our health score for a full day or even for seven days. The system's capability is limited to the next thirty days, and we need enhancements to enable us to predict the health score at least seven days in advance. Furthermore, the available algorithms are also quite limited, with only around eight to nine algorithms, including linear regression and classification. We lack a diverse range of machine learning algorithms within Splunk ITSI, which is a contributing factor to the issue. Additionally, the implementation process for Splunk ITSI is quite challenging, as we struggle to find well-trained resources capable of translating our business use cases into technical outcomes effectively using Splunk ITSI. This is a crucial aspect that needs attention.
Splunk ITSI generates numerous false positives and has the potential for enhancement.
For how long have I used the solution?
I have been using Splunk ITSI for over four years.
What do I think about the stability of the solution?
Stability depends on the infrastructure being used in ITSI. If we use their infrastructure, it means the entire server has acquired performance capability, resulting in good stability. However, when it comes to the cloud, stability is not a concern as everything is managed by Splunk. Therefore, the majority of our focus in ITSI is on the implementation part, where we need to translate the application team's requirements into technical use cases. This process requires a significant investment of our time.
What do I think about the scalability of the solution?
We can scale Splunk ITSI based on our requirements with no limitations.
How are customer service and support?
The technical support is good, but not excellent.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We previously used ThousandEyes, SolarWinds, and Netcool before migrating to Splunk and implementing Splunk ITSI.
What was our ROI?
Our team can enhance the value of Splunk ITSI by providing a single-pane-of-glass solution. This allows them to quickly identify potential performance issues in both their applications and infrastructure and conduct root cause analysis within a short timeframe. Previously, they had to consult multiple sources and correlate information, but now this process has become significantly easier. This is how we derive value from Splunk ITSI. Additionally, the team benefits from a single dashboard that enables them to pinpoint the exact location of performance issues, whether it's in the infrastructure layer, the malware layer, or within the application itself. They are capable of doing this effectively.
What's my experience with pricing, setup cost, and licensing?
Splunk ITSI is an expensive tool, and we need to purchase the utility license. Our sales team handles the license cost, so I'm not aware of the exact amount we need to pay, but it's significantly higher compared to other tool sets.
Which other solutions did I evaluate?
We evaluated AppDynamics and Dynatrace, but when considering factors such as cost per data localization and other considerations, since we had already invested in Splunk and found it beneficial, we decided to choose Splunk ITSI over AppDynamics and Dynatrace.
What other advice do I have?
I give Splunk ITSI a six out of ten.
In terms of incident management, we can integrate Splunk ITSI with our ITAM or ITSM layer, such as ServiceNow. However, the problem is that we often receive events and scheduled episodes from Splunk ITSI that do not meet our expectations when it comes to implementing filter sorting. As a result, we have to deal with a lot of false positives that need to be addressed before integrating with Splunk ITSM.
There are certain features, such as synthetic monitoring, analysis monitoring, and alert directors, that are not available with Splunk ITSI. Users need to be aware of the features they require before choosing an APM solution.
We have around fifty people using Splunk ITSI.
We require periodic maintenance from our end. Once we create all the key performance indicators, we need to handle additional use cases that need to be developed. If there are any issues, the team intends to onboard new data and add more servers to this particular part. They are mapping it to the KPIs, but we need to take care of it.
When evaluating Splunk ITSI, the first thing we should be clear about is the desired outcome we want to achieve from ITSI. We need to determine whether we are hiring it for specific requests or if the identified use cases by our teams can be effectively implemented using ITSI. We should not overlook this aspect. While ITSI has the potential to work wonders, implementing it can be quite challenging. It requires expertise in configuring services on the ITSI side, as it is data-intensive. Therefore, unless we have a highly skilled Splunk engineer who can handle ITSI, we won't be able to fully realize its value.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Software Engineer (E3) at a tech services company with 1,001-5,000 employees
We can create visualizations, monitor product performance, and track metrics
Pros and Cons
- "The most valuable features of Splunk ITSI are event analytics and service insight."
- "Splunk ITSI's UI needs to be more interactive and user-friendly."
What is our primary use case?
We use Splunk ITSI to empower users to visualize their data and transform it into actionable insights. For instance, if they desire to monitor CPU memory usage, they can leverage this tool to achieve that. Additionally, users can effectively search for alerts and trigger email notifications based on specific criteria. Moreover, Splunk ITSI supports the creation of entities that can represent physical or abstract concepts. This flexibility allows users to conduct any desired search on their data and subsequently create informative dashboards for visualization purposes.
We implement Splunk ITSI for our customers because it is the best in the market.
How has it helped my organization?
The most significant organizational benefit is leveraging data for various purposes. Based on the data collected, organizations can create visualizations, monitor product performance, and track metrics like CPU and RAM usage to identify potential issues and optimize operations.
Splunk ITSI helps to right-size the resources required to match demands. Splunk also offers on-prem and cloud options.
The incident management team of Splunk is helpful when we have to escalate an issue.
Splunk ITSI assists our customers in decreasing the number of incidents. They can escalate cases and seek help for any issue, as Splunk can potentially identify the problem as related to an add-on, a different application, or something else entirely. This allows them to contact the appropriate team and work towards a resolution promptly.
It helps customers reduce the mean time to detection by using a real-time search rules engine feature. This enables users to process events in real time, leading to faster detection and response times.
Splunk ITSI assists customers in decreasing the mean time to resolution. A dedicated episode review page allows customers to create and manage groups of related events. Customers have complete control over their episodes and can acknowledge, resolve, build, or take other actions. A specialized dashboard with visualizations facilitates the resolution process, enabling customers to resolve episodes or actively automate this task. Both manual and automated options are available for episode resolution.
The analytics module includes a policy feature that allows users to automate actions, trigger events, add comments, and modify episode status.
What is most valuable?
The most valuable features of Splunk ITSI are event analytics and service insight. Event analytics allows me to set up any query on raw data logs and ingest them into Splunk. This data can then be used to trigger events based on specific conditions. For example, I can create a ServiceNow incident, send an email, add comments, or perform custom actions when the system's CPU usage exceeds 90 percent. The Glass Table feature enables users to create dashboards, add services, and visualize data through various queries and tables.
What needs improvement?
Splunk ITSI's UI needs to be more interactive and user-friendly.
The real-time search functionality is reliant on Splunk. Occasionally, ITSI customers encounter problems due to real-time search issues. As of the most recent release, a resolution for this issue has not been implemented. Additionally, search clusters are not currently supported in the cloud environment.
For how long have I used the solution?
I have been using Splunk ITSI for two years.
What do I think about the stability of the solution?
If the data volume is excessive, we may encounter stability issues. Splunk can handle datasets as large as one or two million, but performance might be affected due to the time required for REST calls. Overall, however, Splunk is a reliable solution.
What do I think about the scalability of the solution?
Splunk ITSI is scalable.
How are customer service and support?
The technical support team is highly responsive and helpful. Customers can contact them directly for assistance with any issues they encounter. The team will diligently work to identify the root cause of the problem and, if necessary, consult with developers for further investigation. Developers will then promptly analyze the issue and provide a workaround or solution as soon as possible.
How would you rate customer service and support?
Positive
How was the initial setup?
Customers are responsible for the infrastructure and deployment of Splunk ITSI on-premises. However, the Splunk TechOps team can assist customers throughout the cloud-based deployment process.
The deployment is straightforward. First, we must install Splunk and extract ITSI in the apps folder. One person can handle the deployment.
What other advice do I have?
I rate Splunk ITSI nine out of ten.
Splunk ITSI is loaded with features and keeps adding more with each release.
The cloud version of Splunk ITSI requires no maintenance, unlike the on-premises version. While maintaining the on-premises version isn't complex, any issues arising from setup or parameter changes become my responsibility. In contrast, TechOps handles cloud maintenance, ensuring complete care.
I would recommend Splunk ITSI to others.
The cloud version of Splunk ITSI is more accessible to work with and to scale.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Integrator
Buyer's Guide
Download our free Splunk ITSI (IT Service Intelligence) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2026
Product Categories
IT Alerting and Incident Management Application Performance Monitoring (APM) and ObservabilityPopular Comparisons
Splunk AppDynamics
Splunk Observability Cloud
Elastic Observability
Amazon OpenSearch Service
VMware Aria Operations for Applications
PagerDuty Operations Cloud
Buyer's Guide
Download our free Splunk ITSI (IT Service Intelligence) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- What is an incident response playbook and how is it used in SOAR?
- What is the difference between mitigation and remediation in incident response?
- What tools and solutions do you use for automated incident response in an enterprise in 2022?
- What measures should a business have in place to enable an effective incident response for data breaches?
- Why a Security Operations Center (SOC) is important?
- When evaluating Incident Management Software, what aspect do you think is the most important to look for?
- What are some Incident management best practices to keep in mind?
- GoDaddy has been hacked again. What can be done better?
- Why is IT Alerting and Incident Management important for companies?



















