We use the solution to monitor throughout the enterprise. We get alerts and create incidents and use it in our ticketing tool.
IT specialist and splunk admin at a computer software company with 501-1,000 employees
Reduces alerts, offers good performance metrics and has helpful support
Pros and Cons
- "Our mean time to detect is down to five minutes."
- "We're getting alerts with delays of maybe five minutes, however, we'd like to see real-time alerting in the future."
What is our primary use case?
How has it helped my organization?
We have set up alerts so we can effectively monitor our infrastructure. Even small alerts the users face we can monitor.
We started small with a few users and once we saw the visibility we could achieve and the performance of the solution, we rolled it out on a larger scale.
What is most valuable?
The analysis and KPIs it provides are very useful. We can create episode monitoring.
The service analyzer is quite useful.
Its end-to-end visibility is very good. We can get to the root cause of troubleshooting. It makes the process easier. Troubleshooting happens very quickly - and that means we have less downtime.
We use the predictive analysis capabilities. It plays a major role as it allows us to act faster.
Our response time is almost instant. We can create alerts and check reports. It checks everything in real-time so that we can jump into action much faster.
It's helped with incident management. It's helped us reduce incidents while improving performance and visibility. It reduces the amount of work we need to do as well. We've likely reduced work by 30% or so.
Since it's reduced alerts, it's reduced alert noise. We do have triggers for alerts, and we can shortlist them and troubleshoot the ones that create the most noise.
Our performance metrics have improved. Alert noise has dropped by 60%. We've been able to maintain everything much easier. Handling the infra is simpler.
Our mean time to detect is down to 5 minutes. That's down from 15 to 20 minutes in the past.
What needs improvement?
We're getting alerts with delays of maybe five minutes, however, we'd like to see real-time alerting in the future.
From a predictive analysis point of view, we'd like to see emails corresponding to the alerts we get. That would be an added benefit.
Buyer's Guide
Splunk ITSI (IT Service Intelligence)
October 2024
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
For how long have I used the solution?
I've been using the solution at least 2 years.
What do I think about the stability of the solution?
Every time we upgrade, we do find some issue, however, it does get resolved. Overall, I'd rate stability 9 out of 10. Most of the time, it's stable.
What do I think about the scalability of the solution?
We have two to three people using the solution. We have the solution across multiple locations.
The solution is very scalable.
How are customer service and support?
Technical support is very good. I'm satisfied with the level of knowledge the techs have and the response time.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did not use any other solutions.
How was the initial setup?
The initial setup is not complex. I'm not sure exactly how long it takes to implement as it was already in place when I began.
There is some maintenance required. You may have to run regular upgrades.
What was our ROI?
We've seen an ROI in the lack of downtime, which has improved by 80%.
What's my experience with pricing, setup cost, and licensing?
I don't have any visibility on the cost of the product.
What other advice do I have?
I'm a Splunk customer.
We don't have Splunk integrated with any other solutions.
For someone who already has an APM solution, but is considering switching to Splunk ITSI, I'd advise them to take a look at it against other solutions. However, Splunk is very, very good. It's likely to help any organization. I'd recommend it over a different monitoring solution. It eliminates much broader downtime and allows teams to act on alerts faster.
resilience is very important to us and Splunk helps us maintain that. It's very reliable.
I'd recommend the solution to others.
It's a good idea to go through the documentation so that everyone is on the same page with the setup.
I'd rate the solution ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 12, 2024
Flag as inappropriateManager at Norwin Technologies
We can optimize business processes and systems, and reduce alert noise
Pros and Cons
- "ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use."
- "Splunk ITSI consumes a lot of CPU resources."
What is our primary use case?
We use Splunk ITSI for better CMDB management and control of all infrastructure devices.
We had many old devices and legacy systems, and architects used to configure them as they saw fit. To streamline and standardize our operations, we had to rely on Splunk. Splunk invented device discovery, which allowed us to learn what devices are on the network, what type they are, and how to classify them. Splunk ITSI has been very helpful to us.
We deployed Splunk ITSI on-premises, and it can also be deployed in the cloud.
How has it helped my organization?
Splunk ITSI helps the advisory board's cab team increase efficiency by instilling trust in systems over manual administrators. Splunk ITSI also provides a central source for the documentation of our application dependencies.
Splunk ITSI provides end-to-end visibility into our network environment, which reduces the manual effort required to capture configuration data and helps us identify weaknesses in our network.
Once we have implemented the CMDB to meet our requirements, Splunk ITSI's predictive analytics can identify any devices that will be affected by planned changes and provide us with that information. This will allow us to prioritize incidents based on their criticality and notify stakeholders accordingly.
Splunk ITSI has helped our organization in many ways. It has centralized all resources for administrators and service personnel. Architects can plan better using the environmental details provided by ITSI. The CAB team can provide approvals quickly because the information is easily accessible. Splunk ITSI is reliable, and its AI-driven predictive analytics help identify potential component or device failures.
Splunk ITSI streamlined our incident management by allowing Splunk administrators to easily see all incident details and cascade them down to relevant stakeholders and customers. This enabled us to inform the service desk team so they could better prepare responses to end-user queries. We can also easily identify and address infrastructure challenges affecting specific companies.
It helps reduce our alert noise by a minimum of ten percent and it can go significantly more. We categorize and close alerts directly through ServiceNow after integrating our account. This automated process frees up our admins' time to focus on more important tasks.
Splunk ITSI has reduced our MTTD by over ten percent. We can meet our SLAs with Splunk ITSI 99.8 percent of the time. It has also reduced our MTTR by five to ten percent each quarter. We can resolve almost 90 percent of our tickets.
What is most valuable?
With Splunk ITSI, we can optimize business processes and systems. ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use. This also enables proactive responses to trends and events, as events are already segregated based on how they have been mapped.
What needs improvement?
Splunk ITSI consumes a lot of CPU resources. I would like a more lightweight solution in terms of resource consumption.
The price has room for improvement.
For how long have I used the solution?
I have been using Splunk ITSI for five years.
What do I think about the stability of the solution?
Splunk ITSI is stable.
Resilience is valuable because it functions perfectly, helping to reduce risk and assist our admins and architects.
What do I think about the scalability of the solution?
Splunk ITSI is scalable.
Which solution did I use previously and why did I switch?
We previously used our internal CMDB solution, which was not streamlined and depended on a few key architects. We wanted more control and better governance, so we switched to Splunk ITSI.
How was the initial setup?
The difficulty level of the deployment depends on the knowledge of those doing the implementation. A person with moderate knowledge will require some time to do all the configurations.
Our deployment took around four to six weeks to complete.
What was our ROI?
I have seen ROI from Splunk ITSI of close to 30 percent at both my current and previous organizations. The returns have been presented to leadership.
What's my experience with pricing, setup cost, and licensing?
The cost of the modules is a bit high for non-global companies, making it difficult for them to afford Splunk ITSI.
What other advice do I have?
I would rate Splunk ITSI eight out of ten.
Splunk ITSI is the best application performance monitoring tool because it helps administrators do their jobs better, has more computing power, and allows staff to focus on governance and automation.
Organizations may benefit from considering a point monitoring system instead of Splunk ITSI, depending on their environment.
We achieved time to value with Splunk ITSI within the first four to six weeks of deployment.
Splunk ITSI is deployed across multiple departments in our organization and there are 20 users.
Maintenance is required for updates.
I recommend Splunk ITSI. The solution can discover all types of devices in our environment.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Splunk ITSI (IT Service Intelligence)
October 2024
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Splunk Engineer at a logistics company with 10,001+ employees
Helps optimize the business by speeding up trouble ticket resolutions
Pros and Cons
- "We have a lot of teams using Splunk and they would be blind without it."
- "We have problems doing upgrades and operating alternate new versions."
What is our primary use case?
Our customer is an internal department. We have about 150 teams that use Splunk and we provide Splunk for all of them. Our IT is currently setting it up for one of them. This customer is really impressed by the Glass Tables, possibilities for management, and the Showcase.
The department that uses ITSI runs the public buses for Switzerland. They use it to collect data about the cars. We will build Glass Tables for them. It's a management summary for tickets. They use it to collect data about the solution flow regarding the response time and ticketing flow.
How has it helped my organization?
It helps optimize the business by speeding up trouble ticket resolutions.
We have a lot of teams using Splunk and they would be blind without it.
What needs improvement?
We have problems doing upgrades and operating alternate new versions.
The migration of the existing glass tables needs improvement. There were at least two upgrades where we had to heavily update the existing glass tables to get them to work with the new version.
That's something that Splunk could improve on. They should simplify the upgrade process.
How are customer service and support?
I have never used their support. We solve our problems by ourselves.
What other advice do I have?
I would rate Splunk's ability to predict, identify, and solve problems in real-time a five out of ten.
I would rate Splunk an eight out of ten. It has great potential but it is a little complex to set up.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Software Engineer (E3) at a tech services company with 1,001-5,000 employees
We can create visualizations, monitor product performance, and track metrics
Pros and Cons
- "The most valuable features of Splunk ITSI are event analytics and service insight."
- "Splunk ITSI's UI needs to be more interactive and user-friendly."
What is our primary use case?
We use Splunk ITSI to empower users to visualize their data and transform it into actionable insights. For instance, if they desire to monitor CPU memory usage, they can leverage this tool to achieve that. Additionally, users can effectively search for alerts and trigger email notifications based on specific criteria. Moreover, Splunk ITSI supports the creation of entities that can represent physical or abstract concepts. This flexibility allows users to conduct any desired search on their data and subsequently create informative dashboards for visualization purposes.
We implement Splunk ITSI for our customers because it is the best in the market.
How has it helped my organization?
The most significant organizational benefit is leveraging data for various purposes. Based on the data collected, organizations can create visualizations, monitor product performance, and track metrics like CPU and RAM usage to identify potential issues and optimize operations.
Splunk ITSI helps to right-size the resources required to match demands. Splunk also offers on-prem and cloud options.
The incident management team of Splunk is helpful when we have to escalate an issue.
Splunk ITSI assists our customers in decreasing the number of incidents. They can escalate cases and seek help for any issue, as Splunk can potentially identify the problem as related to an add-on, a different application, or something else entirely. This allows them to contact the appropriate team and work towards a resolution promptly.
It helps customers reduce the mean time to detection by using a real-time search rules engine feature. This enables users to process events in real time, leading to faster detection and response times.
Splunk ITSI assists customers in decreasing the mean time to resolution. A dedicated episode review page allows customers to create and manage groups of related events. Customers have complete control over their episodes and can acknowledge, resolve, build, or take other actions. A specialized dashboard with visualizations facilitates the resolution process, enabling customers to resolve episodes or actively automate this task. Both manual and automated options are available for episode resolution.
The analytics module includes a policy feature that allows users to automate actions, trigger events, add comments, and modify episode status.
What is most valuable?
The most valuable features of Splunk ITSI are event analytics and service insight. Event analytics allows me to set up any query on raw data logs and ingest them into Splunk. This data can then be used to trigger events based on specific conditions. For example, I can create a ServiceNow incident, send an email, add comments, or perform custom actions when the system's CPU usage exceeds 90 percent. The Glass Table feature enables users to create dashboards, add services, and visualize data through various queries and tables.
What needs improvement?
Splunk ITSI's UI needs to be more interactive and user-friendly.
The real-time search functionality is reliant on Splunk. Occasionally, ITSI customers encounter problems due to real-time search issues. As of the most recent release, a resolution for this issue has not been implemented. Additionally, search clusters are not currently supported in the cloud environment.
For how long have I used the solution?
I have been using Splunk ITSI for two years.
What do I think about the stability of the solution?
If the data volume is excessive, we may encounter stability issues. Splunk can handle datasets as large as one or two million, but performance might be affected due to the time required for REST calls. Overall, however, Splunk is a reliable solution.
What do I think about the scalability of the solution?
Splunk ITSI is scalable.
How are customer service and support?
The technical support team is highly responsive and helpful. Customers can contact them directly for assistance with any issues they encounter. The team will diligently work to identify the root cause of the problem and, if necessary, consult with developers for further investigation. Developers will then promptly analyze the issue and provide a workaround or solution as soon as possible.
How would you rate customer service and support?
Positive
How was the initial setup?
Customers are responsible for the infrastructure and deployment of Splunk ITSI on-premises. However, the Splunk TechOps team can assist customers throughout the cloud-based deployment process.
The deployment is straightforward. First, we must install Splunk and extract ITSI in the apps folder. One person can handle the deployment.
What other advice do I have?
I rate Splunk ITSI nine out of ten.
Splunk ITSI is loaded with features and keeps adding more with each release.
The cloud version of Splunk ITSI requires no maintenance, unlike the on-premises version. While maintaining the on-premises version isn't complex, any issues arising from setup or parameter changes become my responsibility. In contrast, TechOps handles cloud maintenance, ensuring complete care.
I would recommend Splunk ITSI to others.
The cloud version of Splunk ITSI is more accessible to work with and to scale.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Integrator
Last updated: Sep 2, 2024
Flag as inappropriatePrincipal architect at a retailer with 1-10 employees
Offers a return on investment but needs to improve in the area of revolving around dashboards
Pros and Cons
- "The solution's scalability is fine."
- "The dashboard function inside the individual episodes, not at the ITSI Notable Event Aggregation Policy level but actually at the correlation search layer, is an area where improvements are required."
What is our primary use case?
I use the solution in my company for event management and areas consisting of episodes.
How has it helped my organization?
Splunk ITSI (IT Service Intelligence) has helped our organization correlate events into episodes.
What is most valuable?
The most valuable feature of the solution is event analytics, and it is because that was our core function when we moved from NOC to IBM Netcool Network Management and then from IBM Netcool Network Management to Splunk ITSI (IT Service Intelligence).
The main benefit I have experienced from using Splunk ITSI is that it has been helpful to have one consolidated tool.
My organization monitors multiple cloud environments using the product. In terms of the ease or difficulty one may have when trying to monitor multiple cloud environments, it is tricky. You have to learn and test things out.
It is important for our organization that Splunk ITSI (IT Service Intelligence) provides visibility into our cloud-native environment, but I would say that it is done in the dev and production environments.
Splunk ITSI (IT Service Intelligence) has helped us with the organization's business resilience. My impression of Splunk's ability to predict, identify, and solve problems in real-time, is that with the new AI feature set coming in, users can apply that logic to the episodes.
I have experienced cost efficiencies by switching to Splunk ITSI (IT Service Intelligence). The doc suggests that too has one pane of glass to go into the system and do automation straight from one page because they get hit with thousands of alerts and alarms every day, and we try to correlate that to a simplistic event.
I have experienced time to value using Splunk ITSI (IT Service Intelligence) over a couple of months.
Splunk's unified platform helps consolidate networking and IT observability tools but not security because our company is not in that space. The consolidation of tools impacts our organization since I feel it is easier to have fewer tools than more.
What needs improvement?
The dashboard function inside the individual episodes, not at the ITSI Notable Event Aggregation Policy level but actually at the correlation search layer, is an area where improvements are required.
In the next release of the tool, the product should offer a dashboard ID in the correlation search.
For how long have I used the solution?
I have been using Splunk ITSI (IT Service Intelligence) for five years.
What do I think about the stability of the solution?
In the early days, the Java-based engine was kinda buggy, and some of the interfaces for Splunk ITSI (IT Service Intelligence) and event analytics needed to feel new and not outdated. It still kinda feels outdated, and I feel like Splunk hasn't really put a lot of thought into such a specific area in the last few years.
What do I think about the scalability of the solution?
The solution's scalability is fine.
How are customer service and support?
The solution's technical support team is okay. For most of the stuff I escalate, I have to always wait for a response from tier-two or tier-three level support.
I am used to solving stuff myself and providing a lot of debugging as to what tier-one or tier-two level support would do, and by the time I get to the aforementioned spot, I see that I have to wait and explain a lot of cycles because I am doing the same research as level one or level two support. I rate the technical support a five out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have experience with Tivoli Netcool, which is a legacy event system from IBM that has the same or similar approach as Splunk ITSI (IT Service Intelligence). I saw that Splunk ITSI (IT Service Intelligence) provides the same features as Tivoli Netcool.
How was the initial setup?
When it came to the deployment part, Splunk's professional services did not know much of what our company needed, considering the level that we were expecting from the product. I come from a telco background where the company used to deal with 1,00,000 alarms a day, and event analytics wasn't something that was really built for it in the beginning when I first deployed it. There were a lot of learning curves that I had to go through to deal with the tool. As I continued to grow with the product, I started pitching probably around 20 ideas at a time to the team, and a lot of my ideas actually made it to Splunk's GA launches. I worked with Isha, Ross Wilkinson, and another person who was right in the middle between them. Though I had spoken to the senior VP of a particular sector and pitched the idea of using Fandom for IT automation, it eventually died out.
The solution is deployed on an on-premises model. I use the cloud services from AWS.
What about the implementation team?
Splunk directly helped with the product's deployment.
What was our ROI?
I have experienced an ROI using the tool, considering the efficiency it offers so that we do not have to take care of certain functions.
What's my experience with pricing, setup cost, and licensing?
Pricing was pretty good, and it is possible to just add on the features we want.
Which other solutions did I evaluate?
I considered Resolve systems for automation and a tool named Moogsoft. Moogsoft has a lot better visual capabilities and looks better than Splunk ITSI (IT Service Intelligence) when it comes to event analytics. I am hoping that with a better dashboard, Splunk ITSI (IT Service Intelligence) can build a better UI layer.
What other advice do I have?
I feel like there is a lot more that can be done in the tool, but I don't know if it is going to be a dying product or if Splunk Observability will try to take over some of the core functions of Splunk ITSI (IT Service Intelligence).
I rate the solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 8, 2024
Flag as inappropriateSoftware Designer at a financial services firm with 501-1,000 employees
Provides end-to-end visibility, improves our incident management process, and reduces our alert noise
Pros and Cons
- "One particularly useful feature of Splunk ITSI is the ability to create custom services."
- "We experience occasional delays in receiving solutions from Splunk technical support. Splunk's support for P3 cases seems inadequate, as they frequently switch support personnel. For instance, in a single P3 case, we had three different technical support representatives assigned. We were ultimately forced to escalate the issue to our account manager to get it resolved. In essence, we never receive complete support from a single point of contact; instead, the support team keeps changing, necessitating us to explain the problem from scratch each time."
What is our primary use case?
We use Splunk ITSI to collect the infrastructure metrics and visualize them.
How has it helped my organization?
Splunk ITSI provides end-to-end visibility into your IT environment. It displays key performance indicators for various services. If a KPI is red, indicating an issue, clicking on the corresponding service will take you to the server for further investigation. Splunk ITSI can also automatically trigger incidents for critical issues, allowing your support team to resolve them quickly.
It has significantly improved our incident management process. Previously, we relied solely on a service indicator that simply displayed the service status. If the indicator turned red, we would then manually create an incident report. Now, we've implemented static thresholds that automatically trigger incidents to be added to our queue. This is a major advantage.
Splunk ITSI has reduced our alert noise by 30 percent.
Since implementing Splunk ITSI, we've significantly reduced our mean time to detection. Previously, we relied on receiving incident reports, which caused delays.
Splunk ITSI has reduced our mean time to resolve.
What is most valuable?
We collect infrastructure metrics from various servers, including Windows Services. One particularly useful feature of Splunk ITSI is the ability to create custom services. This functionality makes it easy to identify specific functions that are malfunctioning or experiencing problems. With this information, we can quickly troubleshoot and fix the issues.
What needs improvement?
In Splunk ITSI, thresholds automatically trigger incidents when a service value falls below the threshold. This prevents us from automatically triggering alerts for situations where the service value is within the acceptable range. We've identified this as an issue with the ITSI product and are working with Splunk for guidance on how to implement the desired behavior.
While the overall Splunk documentation is detailed, the documentation for specific premium apps, like Splunk ITSI, is more brief.
The technical support has room for improvement.
For how long have I used the solution?
I have been using Splunk ITSI for one year.
What do I think about the stability of the solution?
I would rate the stability of Splunk ITSI nine out of ten.
What do I think about the scalability of the solution?
Splunk ITSI is a scalable solution, meaning it can handle increasing amounts of data and users as our needs grow.
How are customer service and support?
We experience occasional delays in receiving solutions from Splunk technical support. Splunk's support for P3 cases seems inadequate, as they frequently switch support personnel. For instance, in a single P3 case, we had three different technical support representatives assigned. We were ultimately forced to escalate the issue to our account manager to get it resolved. In essence, we never receive complete support from a single point of contact; instead, the support team keeps changing, necessitating us to explain the problem from scratch each time.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial deployment is a straightforward process. However, the time it takes can vary depending on whether we're installing for the first time or performing an upgrade. For a first-time installation, Splunk ITSI typically takes around 30 minutes. Upgrading an existing installation requires additional time to clean up previous configurations; this process usually takes about 40 minutes to complete.
Two people were involved in the deployment.
Which other solutions did I evaluate?
We are using Splunk Enterprise software. We contacted Splunk to demo ITSI, and we were impressed with its functionality and the included options. Therefore, we decided to try ITSI exclusively and did not evaluate any other vendors.
What other advice do I have?
I would rate Splunk ITSI eight out of ten.
We're currently working on implementing adaptive thresholds. This functionality would analyze service trends over the past seven days automatically set thresholds and generate incidents based on that data. Successfully implementing this would be a significant achievement, but we're encountering some technical challenges. We've opened a support case with Splunk to address these issues, and we're hopeful for a resolution within the next few weeks.
We have around 150 people using Splunk ITSI.
Two people are responsible for the maintenance of Splunk ITSI in our organization.
I would rate the resilience of Splunk ITSI nine out of ten.
In my experience starting my career with Splunk, I haven't encountered any marketing tools that can quite compare. Splunk offers a comprehensive set of features and well-organized documentation. The detailed and clear documentation that Splunk provides is something I particularly appreciate.
I recommend Splunk ITSI.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 28, 2024
Flag as inappropriateIT Operations Manager at 3M Company
Enables us to quickly identify what services are impacted by underlying infrastructure concerns
Pros and Cons
- "The modeling required to setup ITSI has been very helpful in providing us a better understanding and a logical view of our services. The modeling is flexible and can be as granular or high level as our needs dictate."
- "ITSI could benefit from a security model that would allow operations team members to get involved in model building, KPI implementation, and model maintenance, while maintaining appropriate segregation of duties."
What is our primary use case?
We use ITSI mainly for IT Infrastructure Operations Monitoring. The service model health scores allow us to identify when KPIs are starting to impact our services and to proactively manage our environments. To date, we have leveraged this data within Splunk to enable alerting so that we can solve incidents in real-time, but we are growing into our usage of the ITSI model for predictive modeling of our environment. Our infrastructure includes commodity hardware, mid-range, mainframe, on-premise data center, and cloud offerings. (Please note that these views are my personal opinions and not those of my employer)
How has it helped my organization?
The modeling required to setup ITSI has been very helpful in providing us a better understanding and a logical view of our services. The modeling is flexible and can be as granular or high level as our needs dictate. This flexibility also means that you need to gather a detailed understanding of your services, processes, and applications in order to build a useful model. ITSI is allowing us to more quickly identify what services are impacted by underlying infrastructure concerns.
What is most valuable?
The health scores and glass tables are extremely valuable and useful. These provide flexible visibility options to convey the meaning of the big data analysis being performed by Splunk behind the scenes. Glass tables allow you to create graphical displays that convey critical meaning with a simple clean look and feel. The deep dive also provides the ability to dig into metrics and KPIs, which are useful to isolate the time frame involved and that should be focused on. Once in the deep dive, you can quickly identify the first KPI or metric to impact the health score and focus your efforts on it.
What needs improvement?
ITSI could benefit from a security model that would allow operations team members to get involved in model building, KPI implementation, and model maintenance while maintaining appropriate segregation of duties. To date, all of our ITSI development is being done by our Splunk Admins, while our KPIs and much of the modeling work are managed by our Splunk developers. Future development of templates and ready to use add-ons could facilitate faster time to value, as many IT infra and even Packaged Application data models are consistent across organizations and could be plugged in easily.
For how long have I used the solution?
I have been using Splunk ITSI for two years.
What do I think about the stability of the solution?
This is a stable solution.
What do I think about the scalability of the solution?
It is extremely scalable, and can have high data storage costs.
How are customer service and technical support?
Customer service has been very responsive to our needs.
Which solution did I use previously and why did I switch?
No, we did not replace another solution with ITSI. We used it to enhance existing solutions.
How was the initial setup?
The initial setup was fairly straightforward, but we had help from Splunk professional services.
What about the implementation team?
We had help from Splunk professional services. They were extremely knowledgeable.
What's my experience with pricing, setup cost, and licensing?
Which other solutions did I evaluate?
I was not involved in the evaluation for ITSI.
What other advice do I have?
This is a powerful solution requiring configuration to meet your needs.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director INTS IT Resiliency at a financial services firm with 10,001+ employees
Can predict incidents before they impact your customers
Pros and Cons
- "We liked the built-in calculation of health scores."
- "We also faced challenges relating to UI development."
What is our primary use case?
I work for the Royal Bank of Canada. I work in a group called Investor and Treasury Services IT. We take care of all the IT systems within the Investor and Treasury Services arm, which is a global unit. My role is to ensure that we have the visibility and capabilities to ensure our systems are resilient so we can resolve any problems that may arise very quickly, and move on. My role generally deals with everything from application performance management to maintenance automation. Overall, my single goal is to increase the resiliency of our applications and gain better insight into how our operations are working from an IT operations and application maintenance perspective.
What is most valuable?
We liked the built-in calculation of health scores. We were able to adjust the different parameters, and really build out that health score — the RAG status (Red, Amber, Green), which is very powerful from an executive perspective. At the time, we were having a lot of issues from a stability perspective. It condensed everything, allowing our executives to easily ensure that everything was running smoothly: were there any incidents overnight? Those kinds of things. That way, when our CIO woke up and got the call from the head of IMTS, he knew whether or not there was going to be trouble.
What needs improvement?
Something that we did find with the product (they may have resolved since then), had to do with the ability to contextualize the data sources. For example, we might bring in data for 50 applications from one source, but for each one of those applications, we would have to set up a different data source connection. Because of this, I had to set up one connection each for application A and then B and then C, rather than being able to set up one connection and then segregate the data coming in for those dashboards. That was probably the biggest challenge that we faced. We also faced challenges relating to UI development — being able to get the UI the way we wanted it to look performance-wise. Some of the customization levels of the UI just weren't there.
For how long have I used the solution?
We used this solution for roughly one year. We were in a POC state for about a year, but we decided not to move forward with the prospect as a whole. The organization didn't want to invest in the product.
What do I think about the stability of the solution?
The stability issues we experienced were not with the Splunk ITSI product itself. The biggest challenge that we ran into was getting good, consistent data. We're a very large organization; getting at some of the data can be very difficult, especially since a lot of the data isn't centralized in one area.
Overall, it's a very stable product. It ran really well during the time that it was up and running. We didn't have any production issues at all with it.
What do I think about the scalability of the solution?
We were running just a single instance, but we were pulling in data for about 250 applications.
How are customer service and technical support?
The technical support with Splunk is really good. We didn't have any issues. Now, part of that is, we are Royal Bank of Canada and because of that, we have a certain cache with the vendors and they tend to bend over backward to make sure that they take care of us.
I wouldn't say it's special for the Royal Bank of Canada, but I would say that like any other support, having the right relationship with the vendor makes all the difference in the world. With Royal Bank of Canada being the largest financial institution in Canada, the top 15 in the world, we're afforded certain privileges. A smaller IT operations shop is probably not going to get the same kind of visibility into the products as a company like RBC, mainly because when Splunk wants to advertise that they're doing something, they want to be able to say that they're doing it with RBC, not an unknown corporation down the street.
Which solution did I use previously and why did I switch?
No. We weren't using a different solution at all before; Splunk IT Service Intelligence was an opportunity area that we were looking into.
We had already had Splunk in our environment more than anything else. We've been running Splunk from a log aggregation and search perspective for about six or seven years now. When we were looking at what that next step looked like, it was just a natural evolution to move into ITSI.
How was the initial setup?
The initial setup was straightforward.
Deployment was relatively quick mainly because it was a POC. We didn't go through all the regular rigor that we would with a production application. So we were able to have it up and running in production in a matter of three to four weeks. That included provision of the service, which takes time within a large organization like ours.
What other advice do I have?
My biggest piece of advice would be to make sure you have access to the data that you need and know what that data is. The product itself is going to do what it's going to do; there are no issues with that. However, it's gaining access to all those things in the background, that's the problem. If you're a smaller organization or you're highly centralized, getting access to that data may be really simple. For an organization the size of RBC, with the amount of segregation across the organization and the amount of division within the organization, it's more challenging. For this reason, our infrastructure partners use a different tool. They don't use Splunk, they use ELK. They're very much down that road, so getting access to data when the team that you're trying to partner with has a different solution, can sometimes be more difficult.
On a scale from one to ten, I would give this solution a rating of eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Splunk ITSI (IT Service Intelligence) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
IT Alerting and Incident Management Application Performance Monitoring (APM) and ObservabilityPopular Comparisons
Splunk Enterprise Security
Elastic Observability
SolarWinds NPM
PRTG Network Monitor
ServiceNow IT Operations Management
Buyer's Guide
Download our free Splunk ITSI (IT Service Intelligence) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- What is an incident response playbook and how is it used in SOAR?
- What is the difference between mitigation and remediation in incident response?
- What tools and solutions do you use for automated incident response in an enterprise in 2022?
- What measures should a business have in place to enable an effective incident response for data breaches?
- Why a Security Operations Center (SOC) is important?
- What are some Incident management best practices to keep in mind?
- GoDaddy has been hacked again. What can be done better?