Splunk ITSI (IT Service Intelligence) Reviews

We use the solution to monitor throughout the enterprise. We get alerts and create incidents and use it in our ticketing tool. 

We have set up alerts so we can effectively monitor our infrastructure. Even small alerts the users face we can monitor. 

We started small with a few users and once we saw the visibility we could achieve and the performance of the solution, we rolled it out on a larger scale. 

The analysis and KPIs it provides are very useful. We can create episode monitoring. 

The service analyzer is quite useful. 

Its end-to-end visibility is very good. We can get to the root cause of troubleshooting. It makes the process easier. Troubleshooting happens very quickly - and that means we have less downtime. 

We use the predictive analysis capabilities. It plays a major role as it allows us to act faster. 

Our response time is almost instant. We can create alerts and check reports. It checks everything in real-time so that we can jump into action much faster.

It's helped with incident management. It's helped us reduce incidents while improving performance and visibility. It reduces the amount of work we need to do as well. We've likely reduced work by 30% or so. 

Since it's reduced alerts, it's reduced alert noise. We do have triggers for alerts, and we can shortlist them and troubleshoot the ones that create the most noise. 

Our performance metrics have improved. Alert noise has dropped by 60%. We've been able to maintain everything much easier. Handling the infra is simpler. 

Our mean time to detect is down to 5 minutes. That's down from 15 to 20 minutes in the past.

We're getting alerts with delays of maybe five minutes, however, we'd like to see real-time alerting in the future. 

From a predictive analysis point of view, we'd like to see emails corresponding to the alerts we get. That would be an added benefit. 

I've been using the solution at least 2 years. 

Every time we upgrade, we do find some issue, however, it does get resolved. Overall, I'd rate stability 9 out of 10. Most of the time, it's stable. 

We have two to three people using the solution. We have the solution across multiple locations. 

The solution is very scalable. 

Technical support is very good. I'm satisfied with the level of knowledge the techs have and the response time. 

Positive

We did not use any other solutions. 

The initial setup is not complex. I'm not sure exactly how long it takes to implement as it was already in place when I began.

There is some maintenance required. You may have to run regular upgrades. 

We've seen an ROI in the lack of downtime, which has improved by 80%.

I don't have any visibility on the cost of the product.

I'm a Splunk customer. 

We don't have Splunk integrated with any other solutions. 

For someone who already has an APM solution, but is considering switching to Splunk ITSI, I'd advise them to take a look at it against other solutions. However, Splunk is very, very good. It's likely to help any organization. I'd recommend it over a different monitoring solution. It eliminates much broader downtime and allows teams to act on alerts faster. 

resilience is very important to us and Splunk helps us maintain that. It's very reliable. 

I'd recommend the solution to others. 

It's a good idea to go through the documentation so that everyone is on the same page with the setup.

I'd rate the solution ten out of ten.

We use Splunk ITSI for better CMDB management and control of all infrastructure devices.

We had many old devices and legacy systems, and architects used to configure them as they saw fit. To streamline and standardize our operations, we had to rely on Splunk. Splunk invented device discovery, which allowed us to learn what devices are on the network, what type they are, and how to classify them. Splunk ITSI has been very helpful to us.

We deployed Splunk ITSI on-premises, and it can also be deployed in the cloud.

Splunk ITSI helps the advisory board's cab team increase efficiency by instilling trust in systems over manual administrators. Splunk ITSI also provides a central source for the documentation of our application dependencies.

Splunk ITSI provides end-to-end visibility into our network environment, which reduces the manual effort required to capture configuration data and helps us identify weaknesses in our network.

Once we have implemented the CMDB to meet our requirements, Splunk ITSI's predictive analytics can identify any devices that will be affected by planned changes and provide us with that information. This will allow us to prioritize incidents based on their criticality and notify stakeholders accordingly.

Splunk ITSI has helped our organization in many ways. It has centralized all resources for administrators and service personnel. Architects can plan better using the environmental details provided by ITSI. The CAB team can provide approvals quickly because the information is easily accessible. Splunk ITSI is reliable, and its AI-driven predictive analytics help identify potential component or device failures.

Splunk ITSI streamlined our incident management by allowing Splunk administrators to easily see all incident details and cascade them down to relevant stakeholders and customers. This enabled us to inform the service desk team so they could better prepare responses to end-user queries. We can also easily identify and address infrastructure challenges affecting specific companies.

It helps reduce our alert noise by a minimum of ten percent and it can go significantly more. We categorize and close alerts directly through ServiceNow after integrating our account. This automated process frees up our admins' time to focus on more important tasks.

Splunk ITSI has reduced our MTTD by over ten percent. We can meet our SLAs with Splunk ITSI 99.8 percent of the time. It has also reduced our MTTR by five to ten percent each quarter. We can resolve almost 90 percent of our tickets.

With Splunk ITSI, we can optimize business processes and systems. ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use. This also enables proactive responses to trends and events, as events are already segregated based on how they have been mapped.

Splunk ITSI consumes a lot of CPU resources. I would like a more lightweight solution in terms of resource consumption.

The price has room for improvement.

I have been using Splunk ITSI for five years.

Splunk ITSI is stable.

Resilience is valuable because it functions perfectly, helping to reduce risk and assist our admins and architects.

Splunk ITSI is scalable.

We previously used our internal CMDB solution, which was not streamlined and depended on a few key architects. We wanted more control and better governance, so we switched to Splunk ITSI.

The difficulty level of the deployment depends on the knowledge of those doing the implementation. A person with moderate knowledge will require some time to do all the configurations.

Our deployment took around four to six weeks to complete.

I have seen ROI from Splunk ITSI of close to 30 percent at both my current and previous organizations. The returns have been presented to leadership.

The cost of the modules is a bit high for non-global companies, making it difficult for them to afford Splunk ITSI.

I would rate Splunk ITSI eight out of ten.

Splunk ITSI is the best application performance monitoring tool because it helps administrators do their jobs better, has more computing power, and allows staff to focus on governance and automation.

Organizations may benefit from considering a point monitoring system instead of Splunk ITSI, depending on their environment.

We achieved time to value with Splunk ITSI within the first four to six weeks of deployment.

Splunk ITSI is deployed across multiple departments in our organization and there are 20 users.

Maintenance is required for updates.

I recommend Splunk ITSI. The solution can discover all types of devices in our environment.

Our customer is an internal department. We have about 150 teams that use Splunk and we provide Splunk for all of them. Our IT is currently setting it up for one of them. This customer is really impressed by the Glass Tables, possibilities for management, and the Showcase.

The department that uses ITSI runs the public buses for Switzerland. They use it to collect data about the cars. We will build Glass Tables for them. It's a management summary for tickets. They use it to collect data about the solution flow regarding the response time and ticketing flow. 

It helps optimize the business by speeding up trouble ticket resolutions.

We have a lot of teams using Splunk and they would be blind without it.

We have problems doing upgrades and operating alternate new versions.

The migration of the existing glass tables needs improvement. There were at least two upgrades where we had to heavily update the existing glass tables to get them to work with the new version. 

That's something that Splunk could improve on. They should simplify the upgrade process. 

I have never used their support. We solve our problems by ourselves. 

I would rate Splunk's ability to predict, identify, and solve problems in real-time a five out of ten.

I would rate Splunk an eight out of ten. It has great potential but it is a little complex to set up.

We use Splunk ITSI to empower users to visualize their data and transform it into actionable insights. For instance, if they desire to monitor CPU memory usage, they can leverage this tool to achieve that. Additionally, users can effectively search for alerts and trigger email notifications based on specific criteria. Moreover, Splunk ITSI supports the creation of entities that can represent physical or abstract concepts. This flexibility allows users to conduct any desired search on their data and subsequently create informative dashboards for visualization purposes.

We implement Splunk ITSI for our customers because it is the best in the market.

The most significant organizational benefit is leveraging data for various purposes. Based on the data collected, organizations can create visualizations, monitor product performance, and track metrics like CPU and RAM usage to identify potential issues and optimize operations.

Splunk ITSI helps to right-size the resources required to match demands. Splunk also offers on-prem and cloud options. 

The incident management team of Splunk is helpful when we have to escalate an issue.

Splunk ITSI assists our customers in decreasing the number of incidents. They can escalate cases and seek help for any issue, as Splunk can potentially identify the problem as related to an add-on, a different application, or something else entirely. This allows them to contact the appropriate team and work towards a resolution promptly.

It helps customers reduce the mean time to detection by using a real-time search rules engine feature. This enables users to process events in real time, leading to faster detection and response times.

Splunk ITSI assists customers in decreasing the mean time to resolution. A dedicated episode review page allows customers to create and manage groups of related events. Customers have complete control over their episodes and can acknowledge, resolve, build, or take other actions. A specialized dashboard with visualizations facilitates the resolution process, enabling customers to resolve episodes or actively automate this task. Both manual and automated options are available for episode resolution.

The analytics module includes a policy feature that allows users to automate actions, trigger events, add comments, and modify episode status. 

The most valuable features of Splunk ITSI are event analytics and service insight. Event analytics allows me to set up any query on raw data logs and ingest them into Splunk. This data can then be used to trigger events based on specific conditions. For example, I can create a ServiceNow incident, send an email, add comments, or perform custom actions when the system's CPU usage exceeds 90 percent. The Glass Table feature enables users to create dashboards, add services, and visualize data through various queries and tables. 

Splunk ITSI's UI needs to be more interactive and user-friendly.

The real-time search functionality is reliant on Splunk. Occasionally, ITSI customers encounter problems due to real-time search issues. As of the most recent release, a resolution for this issue has not been implemented. Additionally, search clusters are not currently supported in the cloud environment.

I have been using Splunk ITSI for two years.

If the data volume is excessive, we may encounter stability issues. Splunk can handle datasets as large as one or two million, but performance might be affected due to the time required for REST calls. Overall, however, Splunk is a reliable solution.

Splunk ITSI is scalable.

The technical support team is highly responsive and helpful. Customers can contact them directly for assistance with any issues they encounter. The team will diligently work to identify the root cause of the problem and, if necessary, consult with developers for further investigation. Developers will then promptly analyze the issue and provide a workaround or solution as soon as possible.

Positive

Customers are responsible for the infrastructure and deployment of Splunk ITSI on-premises. However, the Splunk TechOps team can assist customers throughout the cloud-based deployment process.

The deployment is straightforward. First, we must install Splunk and extract ITSI in the apps folder. One person can handle the deployment.

I rate Splunk ITSI nine out of ten.

Splunk ITSI is loaded with features and keeps adding more with each release.

The cloud version of Splunk ITSI requires no maintenance, unlike the on-premises version. While maintaining the on-premises version isn't complex, any issues arising from setup or parameter changes become my responsibility. In contrast, TechOps handles cloud maintenance, ensuring complete care.

I would recommend Splunk ITSI to others.

The cloud version of Splunk ITSI is more accessible to work with and to scale.

I use the solution in my company for event management and areas consisting of episodes.

Splunk ITSI (IT Service Intelligence) has helped our organization correlate events into episodes.

The most valuable feature of the solution is event analytics, and it is because that was our core function when we moved from NOC to IBM Netcool Network Management and then from IBM Netcool Network Management to Splunk ITSI (IT Service Intelligence).

The main benefit I have experienced from using Splunk ITSI is that it has been helpful to have one consolidated tool.

My organization monitors multiple cloud environments using the product. In terms of the ease or difficulty one may have when trying to monitor multiple cloud environments, it is tricky. You have to learn and test things out.

It is important for our organization that Splunk ITSI (IT Service Intelligence) provides visibility into our cloud-native environment, but I would say that it is done in the dev and production environments.

Splunk ITSI (IT Service Intelligence) has helped us with the organization's business resilience. My impression of Splunk's ability to predict, identify, and solve problems in real-time, is that with the new AI feature set coming in, users can apply that logic to the episodes.

I have experienced cost efficiencies by switching to Splunk ITSI (IT Service Intelligence). The doc suggests that too has one pane of glass to go into the system and do automation straight from one page because they get hit with thousands of alerts and alarms every day, and we try to correlate that to a simplistic event.

I have experienced time to value using Splunk ITSI (IT Service Intelligence) over a couple of months.

Splunk's unified platform helps consolidate networking and IT observability tools but not security because our company is not in that space. The consolidation of tools impacts our organization since I feel it is easier to have fewer tools than more.

The dashboard function inside the individual episodes, not at the ITSI Notable Event Aggregation Policy level but actually at the correlation search layer, is an area where improvements are required.

In the next release of the tool, the product should offer a dashboard ID in the correlation search.

I have been using Splunk ITSI (IT Service Intelligence) for five years.

In the early days, the Java-based engine was kinda buggy, and some of the interfaces for Splunk ITSI (IT Service Intelligence) and event analytics needed to feel new and not outdated. It still kinda feels outdated, and I feel like Splunk hasn't really put a lot of thought into such a specific area in the last few years.

The solution's scalability is fine.

The solution's technical support team is okay. For most of the stuff I escalate, I have to always wait for a response from tier-two or tier-three level support.

I am used to solving stuff myself and providing a lot of debugging as to what tier-one or tier-two level support would do, and by the time I get to the aforementioned spot, I see that I have to wait and explain a lot of cycles because I am doing the same research as level one or level two support. I rate the technical support a five out of ten.

Neutral

I have experience with Tivoli Netcool, which is a legacy event system from IBM that has the same or similar approach as Splunk ITSI (IT Service Intelligence). I saw that Splunk ITSI (IT Service Intelligence) provides the same features as Tivoli Netcool.

When it came to the deployment part, Splunk's professional services did not know much of what our company needed, considering the level that we were expecting from the product. I come from a telco background where the company used to deal with 1,00,000 alarms a day, and event analytics wasn't something that was really built for it in the beginning when I first deployed it. There were a lot of learning curves that I had to go through to deal with the tool. As I continued to grow with the product, I started pitching probably around 20 ideas at a time to the team, and a lot of my ideas actually made it to Splunk's GA launches. I worked with Isha, Ross Wilkinson, and another person who was right in the middle between them. Though I had spoken to the senior VP of a particular sector and pitched the idea of using Fandom for IT automation, it eventually died out.

The solution is deployed on an on-premises model. I use the cloud services from AWS.

Splunk directly helped with the product's deployment.

I have experienced an ROI using the tool, considering the efficiency it offers so that we do not have to take care of certain functions.

Pricing was pretty good, and it is possible to just add on the features we want.

I considered Resolve systems for automation and a tool named Moogsoft. Moogsoft has a lot better visual capabilities and looks better than Splunk ITSI (IT Service Intelligence) when it comes to event analytics. I am hoping that with a better dashboard, Splunk ITSI (IT Service Intelligence) can build a better UI layer.

I feel like there is a lot more that can be done in the tool, but I don't know if it is going to be a dying product or if Splunk Observability will try to take over some of the core functions of Splunk ITSI (IT Service Intelligence).

I rate the solution a seven out of ten.

We use Splunk ITSI to collect the infrastructure metrics and visualize them.

Splunk ITSI provides end-to-end visibility into your IT environment. It displays key performance indicators for various services. If a KPI is red, indicating an issue, clicking on the corresponding service will take you to the server for further investigation. Splunk ITSI can also automatically trigger incidents for critical issues, allowing your support team to resolve them quickly.

It has significantly improved our incident management process. Previously, we relied solely on a service indicator that simply displayed the service status. If the indicator turned red, we would then manually create an incident report. Now, we've implemented static thresholds that automatically trigger incidents to be added to our queue. This is a major advantage.

Splunk ITSI has reduced our alert noise by 30 percent.

Since implementing Splunk ITSI, we've significantly reduced our mean time to detection. Previously, we relied on receiving incident reports, which caused delays.

Splunk ITSI has reduced our mean time to resolve.

We collect infrastructure metrics from various servers, including Windows Services. One particularly useful feature of Splunk ITSI is the ability to create custom services. This functionality makes it easy to identify specific functions that are malfunctioning or experiencing problems. With this information, we can quickly troubleshoot and fix the issues.

In Splunk ITSI, thresholds automatically trigger incidents when a service value falls below the threshold. This prevents us from automatically triggering alerts for situations where the service value is within the acceptable range. We've identified this as an issue with the ITSI product and are working with Splunk for guidance on how to implement the desired behavior.

While the overall Splunk documentation is detailed, the documentation for specific premium apps, like Splunk ITSI, is more brief.

The technical support has room for improvement.

I have been using Splunk ITSI for one year.

I would rate the stability of Splunk ITSI nine out of ten.

Splunk ITSI is a scalable solution, meaning it can handle increasing amounts of data and users as our needs grow.

We experience occasional delays in receiving solutions from Splunk technical support. Splunk's support for P3 cases seems inadequate, as they frequently switch support personnel. For instance, in a single P3 case, we had three different technical support representatives assigned. We were ultimately forced to escalate the issue to our account manager to get it resolved. In essence, we never receive complete support from a single point of contact; instead, the support team keeps changing, necessitating us to explain the problem from scratch each time.

Neutral

The initial deployment is a straightforward process. However, the time it takes can vary depending on whether we're installing for the first time or performing an upgrade. For a first-time installation, Splunk ITSI typically takes around 30 minutes. Upgrading an existing installation requires additional time to clean up previous configurations; this process usually takes about 40 minutes to complete.

Two people were involved in the deployment.

We are using Splunk Enterprise software. We contacted Splunk to demo ITSI, and we were impressed with its functionality and the included options. Therefore, we decided to try ITSI exclusively and did not evaluate any other vendors.

I would rate Splunk ITSI eight out of ten.

We're currently working on implementing adaptive thresholds. This functionality would analyze service trends over the past seven days automatically set thresholds and generate incidents based on that data. Successfully implementing this would be a significant achievement, but we're encountering some technical challenges. We've opened a support case with Splunk to address these issues, and we're hopeful for a resolution within the next few weeks.

We have around 150 people using Splunk ITSI.

Two people are responsible for the maintenance of Splunk ITSI in our organization.

I would rate the resilience of Splunk ITSI nine out of ten.

In my experience starting my career with Splunk, I haven't encountered any marketing tools that can quite compare. Splunk offers a comprehensive set of features and well-organized documentation. The detailed and clear documentation that Splunk provides is something I particularly appreciate.

I recommend Splunk ITSI.

We use ITSI mainly for IT Infrastructure Operations Monitoring. The service model health scores allow us to identify when KPIs are starting to impact our services and to proactively manage our environments. To date, we have leveraged this data within Splunk to enable alerting so that we can solve incidents in real-time, but we are growing into our usage of the ITSI model for predictive modeling of our environment. Our infrastructure includes commodity hardware, mid-range, mainframe, on-premise data center, and cloud offerings. (Please note that these views are my personal opinions and not those of my employer)

The modeling required to setup ITSI has been very helpful in providing us a better understanding and a logical view of our services. The modeling is flexible and can be as granular or high level as our needs dictate. This flexibility also means that you need to gather a detailed understanding of your services, processes, and applications in order to build a useful model. ITSI is allowing us to more quickly identify what services are impacted by underlying infrastructure concerns.  

The health scores and glass tables are extremely valuable and useful. These provide flexible visibility options to convey the meaning of the big data analysis being performed by Splunk behind the scenes. Glass tables allow you to create graphical displays that convey critical meaning with a simple clean look and feel. The deep dive also provides the ability to dig into metrics and KPIs, which are useful to isolate the time frame involved and that should be focused on. Once in the deep dive, you can quickly identify the first KPI or metric to impact the health score and focus your efforts on it. 

ITSI could benefit from a security model that would allow operations team members to get involved in model building, KPI implementation, and model maintenance while maintaining appropriate segregation of duties. To date, all of our ITSI development is being done by our Splunk Admins, while our KPIs and much of the modeling work are managed by our Splunk developers. Future development of templates and ready to use add-ons could facilitate faster time to value, as many IT infra and even Packaged Application data models are consistent across organizations and could be plugged in easily. 

I have been using Splunk ITSI for two years. 

This is a stable solution.

It is extremely scalable, and can have high data storage costs. 

Customer service has been very responsive to our needs. 

No, we did not replace another solution with ITSI. We used it to enhance existing solutions. 

The initial setup was fairly straightforward, but we had help from Splunk professional services. 

We had help from Splunk professional services. They were extremely knowledgeable. 

I was not involved in the evaluation for ITSI. 

This is a powerful solution requiring configuration to meet your needs. 

I work for the Royal Bank of Canada. I work in a group called Investor and Treasury Services IT. We take care of all the IT systems within the Investor and Treasury Services arm, which is a global unit. My role is to ensure that we have the visibility and capabilities to ensure our systems are resilient so we can resolve any problems that may arise very quickly, and move on. My role generally deals with everything from application performance management to maintenance automation. Overall, my single goal is to increase the resiliency of our applications and gain better insight into how our operations are working from an IT operations and application maintenance perspective. 

We liked the built-in calculation of health scores. We were able to adjust the different parameters, and really build out that health score — the RAG status (Red, Amber, Green), which is very powerful from an executive perspective. At the time, we were having a lot of issues from a stability perspective. It condensed everything, allowing our executives to easily ensure that everything was running smoothly: were there any incidents overnight? Those kinds of things. That way, when our CIO woke up and got the call from the head of IMTS, he knew whether or not there was going to be trouble.

Something that we did find with the product (they may have resolved since then), had to do with the ability to contextualize the data sources. For example, we might bring in data for 50 applications from one source, but for each one of those applications, we would have to set up a different data source connection. Because of this, I had to set up one connection each for application A and then B and then C, rather than being able to set up one connection and then segregate the data coming in for those dashboards. That was probably the biggest challenge that we faced. We also faced challenges relating to UI development — being able to get the UI the way we wanted it to look performance-wise. Some of the customization levels of the UI just weren't there.

We used this solution for roughly one year. We were in a POC state for about a year, but we decided not to move forward with the prospect as a whole. The organization didn't want to invest in the product.

The stability issues we experienced were not with the Splunk ITSI product itself. The biggest challenge that we ran into was getting good, consistent data. We're a very large organization; getting at some of the data can be very difficult, especially since a lot of the data isn't centralized in one area.

Overall, it's a very stable product. It ran really well during the time that it was up and running. We didn't have any production issues at all with it.

We were running just a single instance, but we were pulling in data for about 250 applications.

The technical support with Splunk is really good. We didn't have any issues. Now, part of that is, we are Royal Bank of Canada and because of that, we have a certain cache with the vendors and they tend to bend over backward to make sure that they take care of us.

I wouldn't say it's special for the Royal Bank of Canada, but I would say that like any other support, having the right relationship with the vendor makes all the difference in the world. With Royal Bank of Canada being the largest financial institution in Canada, the top 15 in the world, we're afforded certain privileges. A smaller IT operations shop is probably not going to get the same kind of visibility into the products as a company like RBC, mainly because when Splunk wants to advertise that they're doing something, they want to be able to say that they're doing it with RBC, not an unknown corporation down the street.

No. We weren't using a different solution at all before; Splunk IT Service Intelligence was an opportunity area that we were looking into.

We had already had Splunk in our environment more than anything else. We've been running Splunk from a log aggregation and search perspective for about six or seven years now. When we were looking at what that next step looked like, it was just a natural evolution to move into ITSI.

The initial setup was straightforward.

Deployment was relatively quick mainly because it was a POC. We didn't go through all the regular rigor that we would with a production application. So we were able to have it up and running in production in a matter of three to four weeks. That included provision of the service, which takes time within a large organization like ours. 

My biggest piece of advice would be to make sure you have access to the data that you need and know what that data is. The product itself is going to do what it's going to do; there are no issues with that. However, it's gaining access to all those things in the background, that's the problem. If you're a smaller organization or you're highly centralized, getting access to that data may be really simple. For an organization the size of RBC, with the amount of segregation across the organization and the amount of division within the organization, it's more challenging. For this reason, our infrastructure partners use a different tool. They don't use Splunk, they use ELK. They're very much down that road, so getting access to data when the team that you're trying to partner with has a different solution, can sometimes be more difficult.

On a scale from one to ten, I would give this solution a rating of eight.