Splunk ITSI (IT Service Intelligence) Reviews

We utilize Splunk ITSI to enhance our IT operations within our infrastructure. Our goal is to monitor only the most critical KPIs. Additionally, we have access to a detailed overview of the KPI services and entities, allowing us to identify issues in real time. 

We deploy Splunk ITSI both on-premises and in the Splunk cloud. 

We implemented infrastructure monitoring using ITSI to track various aspects such as latencies and specific components like CPU and memory. I can now provide detailed information about the specific cause of CPU-related issues. The problem lies in determining the process through which we can obtain a high-level overview of our services. When we delve deeper, we have access to numerous details to identify the KPI responsible for disrupting the service application. I can now explore ways to monitor its performance and locate the service in question. With ITSI, we can receive alerts and easily navigate to the precise location to resolve the problem.

The end-to-end visibility of Splunk ITSI in our network environment depends on the individual utilizing it. While it may be present, it is crucial to possess a solid understanding of ITSI. In order to illustrate this aspect, we require a well-defined use case that demonstrates our intention to employ ITSI. Overall, I would describe the end-to-end view as highly effective. It facilitates seamless data acquisition and enables us to easily analyze the data afterward.

Splunk ITSI can be utilized for predictive analytics to prevent incidents before they happen. It is regarded as the superior option for observability. While observability is commendable, we also make efforts to view data from SignalFX and leverage ITSI's capabilities to analyze and access large volumes of data. ITSI serves as a tool for analytics, but we can also employ it for observability, albeit SignalFX remains our primary choice for that purpose.

Splunk ITSI has helped us streamline our incident management, particularly through its correlation searches and event policies. With these features, we can efficiently handle multiple tasks by grouping them together under correlations. We can easily search for and identify these tasks and then review them in-network, allowing us to determine the specific episode and identify any high alerts. This enables us to drill down and investigate further, depending on our proficiency with ITSI. Additionally, we have the ability to create a dashboard for editing reviews. This way, we can access our episodes, drill down into our dashboard, and examine the detailed information about the issues we are facing.

ITSI has helped reduce our alert noise by thirty percent. We don't need to extract a large amount of information from our correlation strategies. We can simply refine them and obtain the essential details, thus avoiding unnecessary noise in our environment. We just need to grasp the main idea.

Splunk ITSI has helped us reduce our mean time to detect by approximately fifteen percent. I have been collaborating with individuals who also utilize ITSI for the past five years, and we have observed its continuous improvement each year. The mean time to detect is contingent upon our level of dedication to ITSI in that aspect.

Splunk ITSI has helped us reduce our mean time to resolve by approximately fifteen percent. If we also have a good dashboard alongside it, we can drill down and go straight to the issue.

One of the excellent features is the service analyzer, which is truly impressive. Additionally, we have the infrastructure review, which allows us to assess our infrastructure comprehensively. That is fantastic! Furthermore, the latest ITSI connects the new tenant we have for tenant management. This feature enables us to retire an entity instead of merely deleting it, and if needed, we can easily reactivate it. There are numerous exciting new additions. Splunk ITSI itself is highly interactive, making the overall service experience truly remarkable.

Splunk ITSI could function even better, particularly when it comes to refreshing the service infrastructure. If we could have the option to go back not just sixty minutes, but also one or five minutes, it would enhance our capabilities.

The service analyzer component is excellent, particularly the default analyzer. However, I believe the refresh time should be faster. If it also takes five minutes to complete, as suggested by the KPI requirements, then the refresh time should be significantly reduced. If the data doesn't load within five minutes, our service and KPI will not function properly. Therefore, it is crucial to make it faster.

I would appreciate having more customizable dashboards to assist with in-depth analyses.

I have been using Splunk ITSI for two years.

Since I started using Splunk ITSI, it has remained stable.

Splunk ITSI is scalable.

The documentation for Splunk Doctors is excellent, particularly when it comes to addressing installation issues. However, when it comes to Splunk Processing Language, Splunk itself is unable to assist us. I would recommend relying on the documentation as a valuable resource.

Positive

The initial setup is complex. Even if we have installed ITSI, we still need to install the other apps that accompany ITSI. Perhaps we want to work on this matter, so it depends on whether I am deploying it in a large environment or just a single environment with minimal activity. Therefore, we need to include all of these in the architecture. The ITSI app is one component, but the other apps that derive from it must also be taken into consideration.

We have a tool that we use in our team to expedite the deployment process. However, we are unable to disclose the details as it is a proprietary system. On an average day, if we have access to ITSI, I can personally complete the task within a few hours due to my prior experience. However, for someone without technical expertise, it may take up to a day. Although one knowledgeable person can complete the deployment, it is easier with two people.

I have witnessed a significant return on investment in that aspect. However, it ultimately depends on the customer's use case. Everyone desires to acquire Splunk, but not everyone understands its functionality in that aspect. So, if we have a customer and a strong use case, and we know what they want, we will definitely be able to achieve it. But if we don't have a customer and lack knowledge about it, it will just remain as is.

Splunk ITSI is expensive; however, with the appropriate use case, it justifies the cost.

I rate Splunk ITSI an eight out of ten.

Anyone who is considering a point monitoring system instead of Splunk ITSI should know that with ITSI, we gain access to several other features. Even just with the service analyzer, we can observe our KPIs and identify their affected components. We can determine which settings are causing the issues and make informed decisions, such as trying alternative options. We can also evaluate if a particular KPI has significant importance, as it has a substantial impact on the overall order of operations. This provides us with a detailed perspective in terms of data and other relevant aspects. While it may not offer a purely granular view, having everything consolidated into a single interface is extremely convenient. Working with ITSI requires a considerable level of willingness and experience. However, as we are transitioning towards various new tools, including the ability to easily integrate plug-and-play devices, the only issue with ITSI might be the initial setup. Once we have it implemented, we will have the capability to accomplish all our desired tasks.

The way Splunk sells ITSI is not the way we use it. We can make much better use of ITSI. The most important aspect, in my opinion, of ITSI is the episode review. For instance, when we encounter an issue that is not immediately visible, how can we evaluate that aspect? Therefore, ITSI is beneficial. From my perspective, we need individuals to sit down and explain how it works, as it can be confusing initially. However, once we have a clear understanding, it works well.

In my organization, my team is the only one working with ITSI. We handle all deployments, and typically, we deploy on public cloud infrastructure such as Azure, AWS, and GCP. Nowadays, most deployments are cloud-based. Additionally, with the rapid growth of Splunk Cloud, installation is not a concern as it is taken care of. Our focus is on the implementation if we choose to go the Splunk Cloud route. However, we still handle the installation process ourselves, so we need to ensure our preparedness in that regard.

We have roughly 20 people in our organization that use Splunk ITSI.

In the beginning, we need to ensure that the data we receive is valid. Once we have confirmed its validity, we can rest assured that the system will generate alerts, eliminating the need to worry about maintenance.

I recommend Splunk ITSI for organizations that are interested in IT operations, monitoring, or analytics. By ensuring optimal utilization of Splunk ITSI, organizations can achieve a good return on investment that justifies the purchase.

We are trying to take regular dashboards that we have for monitoring and pull them all together for a high-level view of what is going on.

We have not got very far with it yet. We have done a service decomposition. We had some KPIs set up, and we have got just a couple of health scores, but we have not really pulled it all together. We have not gotten value out of it yet, but we are getting there. We have not seen any improvements yet, but we have high hopes. 

Splunk has helped improve our company's business resilience, but with ITSI, we are not there yet. Splunk has been great so far in terms of the ability to predict, identify, and solve problems in real-time. I have not played around with any other IT ops platforms, but it has been fantastic for us for monitoring systems with dashboards, etc.

We have not yet experienced any cost efficiencies by switching to this solution, but Splunk has certainly saved time for our system maintainers because our dashboards now roll up alerts. We just need ITSI to pull all those alerts together so that we get one alert for one problem.

We have not had any time saving with ITSI yet. We are just not that far. It has also not yet helped to reduce our mean time to resolve, but hopefully, it will.

The solution has been stable. It seems like a great solution. We have not gotten far enough with our application to see its benefits yet, but we are getting there.

It has been a large learning curve. We used Splunk Enterprise. The dashboards are pretty simplistic for the developer at first, but when they went into ITSI, it was a different world. We lacked training. We played with it a little bit, and then we brought the Splunk team in, and they did a service decomposition and whiteboarding, and it made more sense, but it was an intimidating tool for us to jump into at the beginning.

We have been using this solution for just about a year.

We have not had any issues related to stability.

We are just starting. I have got a couple of services in there. We have not scaled anything yet.

The support has been hit or miss. We are on a classified program, so we had clear points of contact assigned to us. There was a transition, and we have got some new ones. Everyone is busy and overwhelmed, and their hands are full, but the last couple of times that we reached out, we did not get much of a response.

In the past, their support was a nine out of ten, but recently, it has been a seven out of ten.

Neutral

We had a homegrown user interface that had alerts, logs, and things like that, but it was painful to manage ourselves.

We do not have any cloud. It is just on-prem. I was involved a little bit in its deployment. I was involved more as a lead but not hands-on.

We had deployed to bare metal servers at the beginning, and then we migrated to a cloud-like environment. It is not a cloud, but it is a service provider for us. At the same time, we moved to Kubernetes and containerized all of our systems. We thought we would use Splunk containers, but that did not work out for us, so we ended up pulling Splunk containers back out and installing Splunk back on VMs. That is where we are now. I do not remember the specifics, but we had trouble with deploying Splunk containers.

We implemented it ourselves.

We did not evaluate other solutions because we were already using Splunk Enterprise, so it made sense.

At this stage, I would rate it an eight out of ten because we do not have proof yet that we will get where we want to be.

Attending Splunk conferences gets me out of the office and lets me focus on Splunk for a week. They are super helpful.

Our customer is an internal department. We have about 150 teams that use Splunk and we provide Splunk for all of them. Our IT is currently setting it up for one of them. This customer is really impressed by the Glass Tables, possibilities for management, and the Showcase.

The department that uses ITSI runs the public buses for Switzerland. They use it to collect data about the cars. We will build Glass Tables for them. It's a management summary for tickets. They use it to collect data about the solution flow regarding the response time and ticketing flow. 

It helps optimize the business by speeding up trouble ticket resolutions.

We have a lot of teams using Splunk and they would be blind without it.

We have problems doing upgrades and operating alternate new versions.

The migration of the existing glass tables needs improvement. There were at least two upgrades where we had to heavily update the existing glass tables to get them to work with the new version. 

That's something that Splunk could improve on. They should simplify the upgrade process. 

I have never used their support. We solve our problems by ourselves. 

I would rate Splunk's ability to predict, identify, and solve problems in real-time a five out of ten.

I would rate Splunk an eight out of ten. It has great potential but it is a little complex to set up.

Our use cases for Splunk ITSI have been created around our critical services like payment gateways.

Splunk ITSI lacks out-of-the-box solutions for enterprise users. Currently, everything needs to be created from scratch.

In their next release, Splunk should offer API integrations with products like ThousandEyes, and AppDynamics, or some other network monitoring tools or dashboards. 

I have been using Splunk IT Service Intelligence for two years.

Splunk ITSI is stable. We have less than 24 technical staff.

The solution is easy to scale. All you need is to procure another license from Splunk and add new users.

Our company has approximately 500 users of Splunk ITSI.

Technical support from Splunk is very good. I would rate them a five out of five for service and support.

Positive

The initial setup of Splunk ITSI is simple.

The pricing of Splunk is a bit high. I would rate it a four out of five when thinking about the affordability of the solution.

I would recommend this solution to all big enterprises that actually have live traffic, like banks or telecoms.

Overall, I would rate Splunk ITSI an eight out of ten.

We use Splunk IT Service Intelligence (ITSI) to find out about system outages and reports about the outages. We have a lot of platforms that monitor solutions, outages, and downtime. Still, we're keener on the reporting, and how fast the insights can be generated, so those are our prominent use cases for Splunk IT Service Intelligence (ITSI).

After understanding and learning more about Splunk IT Service Intelligence (ITSI), particularly its capabilities, the solution helped my company look into recommendations and insights shared with stakeholders on improving the company's product.

The feature that stood out to me most from Splunk IT Service Intelligence (ITSI) was automated dashboarding or reporting. The solution lists the severity level of issues, and the response times, for example, so automated reporting is what I like best about Splunk IT Service Intelligence (ITSI).

Integration is the most critical area to improve in Splunk IT Service Intelligence (ITSI). It wasn't a great experience because you had to do a little back and forth to integrate the solution.

I want more integrations in the next release of Splunk IT Service Intelligence (ITSI), and the solution should be seamlessly connected with other solutions during integration.

I've used Splunk IT Service Intelligence (ITSI) for about six months, and I'm still using the solution.

Splunk IT Service Intelligence (ITSI) is a stable solution.

If you have the money, then Splunk IT Service Intelligence (ITSI) is scalable. It could be limited if you have to make do with whatever capacity or seats you have.

I have no experience contacting Splunk IT Service Intelligence (ITSI) technical support.

The initial setup for Splunk IT Service Intelligence (ITSI) was straightforward because you only needed to log in and connect your APIs.

I've seen ROI from Splunk IT Service Intelligence (ITSI).

We evaluated Accenture myWizard.

I'm into IT service intelligence or products focusing on monitoring and understanding systems, such as Splunk IT Service Intelligence (ITSI).

I don't remember the Splunk IT Service Intelligence (ITSI) version, but my company signed up for it in June, so it should be the latest version.

Five people use Splunk IT Service Intelligence (ITSI) within the company, and the same people take care of the deployment and maintenance of the solution.

There's no plan to increase the usage of Splunk IT Service Intelligence (ITSI), and there won't be for a long time because what my company has right now fits the budget and spending.

My advice to anyone looking into implementing the solution is to have a clear picture of the integration process and the timeline and have internal and technical capabilities, so you can address any breakdown that could happen while setting up Splunk IT Service Intelligence (ITSI).

As Splunk IT Service Intelligence (ITSI) has value and potential, I'd rate it eight out of ten.

We use this solution both on the cloud and on-premises. We are currently using the most recent version.

The observability is great and valuable because it allows us to work with all our sets.

There are no areas I can pinpoint that need improvement because the product is working well. It would be good if an interface was included in the next release.

We have been using this solution for two years.

The solution has very good stability.

The solution is scalable.

We have had positive experiences using customer service and support.

The initial setup was straightforward. We are in a NOC solution, and we have 30 people. We used a team of five people to deploy the solution. 

We implemented this solution through our partner organization.

We would rate this solution a ten out of ten.

We primarily use the solution for monitoring our infra.

We use it for monitoring the potential application, depending on what the data source ingestion is. There are many use cases. Based on the data source, we can know the best recommendation use case to provide to the customer. For example, if you are ingesting data from the firewall, you can see any traffic from the firewall itself.

There are many use cases. You can use it for all kinds of ingested data. 

The solution is stable.

It's scalable and expands well. 

It's easy to use. 

We haven't come across any shortcomings. 

We'd like them to show more inputs on the dashboard. 

The Wizard should be easier to use. 

I've been dealing with Splunk for three years and this particular solution for two. 

The solution is very stable. There are no bugs or glitches and it doesn't crash or freeze. 

It is a scalable product. 

We have around ten people using it currently. 

I don't have any insights into technical support. It's the same level of support as Phanton, as far as I know. 

I don't directly handle the deployment. I can't speak to if the implementation is easy or hard. 

There is a licensing fee a company would have to pay. The amount would depend on the data ingestion. It varies according to a company's use. It's not overly expensive. 

We sell and support this product. 

The product can be deployed on-premises and the cloud. 

I'd rate the solution nine out of ten. We're quite pleased with its capabilities. 

I would recommend the solution for others who need to monitor their infrastructure. 

I work for the Royal Bank of Canada. I work in a group called Investor and Treasury Services IT. We take care of all the IT systems within the Investor and Treasury Services arm, which is a global unit. My role is to ensure that we have the visibility and capabilities to ensure our systems are resilient so we can resolve any problems that may arise very quickly, and move on. My role generally deals with everything from application performance management to maintenance automation. Overall, my single goal is to increase the resiliency of our applications and gain better insight into how our operations are working from an IT operations and application maintenance perspective. 

We liked the built-in calculation of health scores. We were able to adjust the different parameters, and really build out that health score — the RAG status (Red, Amber, Green), which is very powerful from an executive perspective. At the time, we were having a lot of issues from a stability perspective. It condensed everything, allowing our executives to easily ensure that everything was running smoothly: were there any incidents overnight? Those kinds of things. That way, when our CIO woke up and got the call from the head of IMTS, he knew whether or not there was going to be trouble.

Something that we did find with the product (they may have resolved since then), had to do with the ability to contextualize the data sources. For example, we might bring in data for 50 applications from one source, but for each one of those applications, we would have to set up a different data source connection. Because of this, I had to set up one connection each for application A and then B and then C, rather than being able to set up one connection and then segregate the data coming in for those dashboards. That was probably the biggest challenge that we faced. We also faced challenges relating to UI development — being able to get the UI the way we wanted it to look performance-wise. Some of the customization levels of the UI just weren't there.

We used this solution for roughly one year. We were in a POC state for about a year, but we decided not to move forward with the prospect as a whole. The organization didn't want to invest in the product.

The stability issues we experienced were not with the Splunk ITSI product itself. The biggest challenge that we ran into was getting good, consistent data. We're a very large organization; getting at some of the data can be very difficult, especially since a lot of the data isn't centralized in one area.

Overall, it's a very stable product. It ran really well during the time that it was up and running. We didn't have any production issues at all with it.

We were running just a single instance, but we were pulling in data for about 250 applications.

The technical support with Splunk is really good. We didn't have any issues. Now, part of that is, we are Royal Bank of Canada and because of that, we have a certain cache with the vendors and they tend to bend over backward to make sure that they take care of us.

I wouldn't say it's special for the Royal Bank of Canada, but I would say that like any other support, having the right relationship with the vendor makes all the difference in the world. With Royal Bank of Canada being the largest financial institution in Canada, the top 15 in the world, we're afforded certain privileges. A smaller IT operations shop is probably not going to get the same kind of visibility into the products as a company like RBC, mainly because when Splunk wants to advertise that they're doing something, they want to be able to say that they're doing it with RBC, not an unknown corporation down the street.

No. We weren't using a different solution at all before; Splunk IT Service Intelligence was an opportunity area that we were looking into.

We had already had Splunk in our environment more than anything else. We've been running Splunk from a log aggregation and search perspective for about six or seven years now. When we were looking at what that next step looked like, it was just a natural evolution to move into ITSI.

The initial setup was straightforward.

Deployment was relatively quick mainly because it was a POC. We didn't go through all the regular rigor that we would with a production application. So we were able to have it up and running in production in a matter of three to four weeks. That included provision of the service, which takes time within a large organization like ours. 

My biggest piece of advice would be to make sure you have access to the data that you need and know what that data is. The product itself is going to do what it's going to do; there are no issues with that. However, it's gaining access to all those things in the background, that's the problem. If you're a smaller organization or you're highly centralized, getting access to that data may be really simple. For an organization the size of RBC, with the amount of segregation across the organization and the amount of division within the organization, it's more challenging. For this reason, our infrastructure partners use a different tool. They don't use Splunk, they use ELK. They're very much down that road, so getting access to data when the team that you're trying to partner with has a different solution, can sometimes be more difficult.

On a scale from one to ten, I would give this solution a rating of eight.