We have a couple of different use cases including incident management, correlation, and mapping out incidents.
Splunk Architect at a government with 501-1,000 employees
The time it takes to pinpoint an issue, from when it's triggered to resolution is quick
Pros and Cons
- "Having a structure on how to resolve incidents is the most valuable aspect."
- "They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve."
- "They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve."
What is our primary use case?
What is most valuable?
Having a structure on how to resolve incidents is the most valuable aspect.
It is pretty important to us that it offers end-to-end visibility. That's how we do the ITSI incident setup. It needs to have an overview.
It has helped improve the business' resilience. Splunk's ability to predict, identify and solve problems in real-time is pretty good. I've been a Splunk customer for almost six years.
The time it takes to pinpoint an issue, from when it's triggered to resolution is where I've seen the most value out of Splunk.
We have seen time to value using ITSI. It took a few months to see this value.
What needs improvement?
They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve.
For how long have I used the solution?
I have been using Splunk ITSI for one year.
Buyer's Guide
Splunk ITSI (IT Service Intelligence)
October 2024
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
What do I think about the stability of the solution?
The product is pretty stable.
How are customer service and support?
We had a support person who was instrumental in getting it set up.
I would rate support an eight out of ten. It's nice to have the help but we'd also like to be independent and that's taking a bit of time to get onboarded.
How was the initial setup?
The initial setup is easy. We had someone come in. It took around a month or so and he's still with us helping to implement.
What other advice do I have?
Overall, I rate the solution a seven out of ten. I'm getting up to speed with it.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 9, 2024
Flag as inappropriateIt has a straightforward setup and an automated reporting feature that lists the severity level of issues and response times
Pros and Cons
- "The feature that stood out to me most from Splunk IT Service Intelligence (ITSI) was automated dashboarding or reporting. The solution lists the severity level of issues, and the response times."
- "Integration is the most critical area to improve in Splunk IT Service Intelligence (ITSI). It wasn't a great experience because you had to do a little back and forth to integrate the solution."
What is our primary use case?
We use Splunk IT Service Intelligence (ITSI) to find out about system outages and reports about the outages. We have a lot of platforms that monitor solutions, outages, and downtime. Still, we're keener on the reporting, and how fast the insights can be generated, so those are our prominent use cases for Splunk IT Service Intelligence (ITSI).
How has it helped my organization?
After understanding and learning more about Splunk IT Service Intelligence (ITSI), particularly its capabilities, the solution helped my company look into recommendations and insights shared with stakeholders on improving the company's product.
What is most valuable?
The feature that stood out to me most from Splunk IT Service Intelligence (ITSI) was automated dashboarding or reporting. The solution lists the severity level of issues, and the response times, for example, so automated reporting is what I like best about Splunk IT Service Intelligence (ITSI).
What needs improvement?
Integration is the most critical area to improve in Splunk IT Service Intelligence (ITSI). It wasn't a great experience because you had to do a little back and forth to integrate the solution.
I want more integrations in the next release of Splunk IT Service Intelligence (ITSI), and the solution should be seamlessly connected with other solutions during integration.
For how long have I used the solution?
I've used Splunk IT Service Intelligence (ITSI) for about six months, and I'm still using the solution.
What do I think about the stability of the solution?
Splunk IT Service Intelligence (ITSI) is a stable solution.
What do I think about the scalability of the solution?
If you have the money, then Splunk IT Service Intelligence (ITSI) is scalable. It could be limited if you have to make do with whatever capacity or seats you have.
How are customer service and support?
I have no experience contacting Splunk IT Service Intelligence (ITSI) technical support.
How was the initial setup?
The initial setup for Splunk IT Service Intelligence (ITSI) was straightforward because you only needed to log in and connect your APIs.
What was our ROI?
I've seen ROI from Splunk IT Service Intelligence (ITSI).
Which other solutions did I evaluate?
We evaluated Accenture myWizard.
What other advice do I have?
I'm into IT service intelligence or products focusing on monitoring and understanding systems, such as Splunk IT Service Intelligence (ITSI).
I don't remember the Splunk IT Service Intelligence (ITSI) version, but my company signed up for it in June, so it should be the latest version.
Five people use Splunk IT Service Intelligence (ITSI) within the company, and the same people take care of the deployment and maintenance of the solution.
There's no plan to increase the usage of Splunk IT Service Intelligence (ITSI), and there won't be for a long time because what my company has right now fits the budget and spending.
My advice to anyone looking into implementing the solution is to have a clear picture of the integration process and the timeline and have internal and technical capabilities, so you can address any breakdown that could happen while setting up Splunk IT Service Intelligence (ITSI).
As Splunk IT Service Intelligence (ITSI) has value and potential, I'd rate it eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Splunk ITSI (IT Service Intelligence)
October 2024
Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Operation Manager at Totalplay
An excellent solution with a very straightforward setup
Pros and Cons
- "The observability is great and valuable."
- "It would be good if an interface was included in the next release."
What is our primary use case?
We use this solution both on the cloud and on-premises. We are currently using the most recent version.
What is most valuable?
The observability is great and valuable because it allows us to work with all our sets.
What needs improvement?
There are no areas I can pinpoint that need improvement because the product is working well. It would be good if an interface was included in the next release.
For how long have I used the solution?
We have been using this solution for two years.
What do I think about the stability of the solution?
The solution has very good stability.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
We have had positive experiences using customer service and support.
How was the initial setup?
The initial setup was straightforward. We are in a NOC solution, and we have 30 people. We used a team of five people to deploy the solution.
What about the implementation team?
We implemented this solution through our partner organization.
What other advice do I have?
We would rate this solution a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior consultant specialist-ITID at a financial services firm with 5,001-10,000 employees
An easy to scale solution that offers good technical support
Pros and Cons
- "The solution is easy to scale."
- "Splunk ITSI lacks out-of-the-box solutions for enterprise users."
What is our primary use case?
Our use cases for Splunk ITSI have been created around our critical services like payment gateways.
What needs improvement?
Splunk ITSI lacks out-of-the-box solutions for enterprise users. Currently, everything needs to be created from scratch.
In their next release, Splunk should offer API integrations with products like ThousandEyes, and AppDynamics, or some other network monitoring tools or dashboards.
For how long have I used the solution?
I have been using Splunk IT Service Intelligence for two years.
What do I think about the stability of the solution?
Splunk ITSI is stable. We have less than 24 technical staff.
What do I think about the scalability of the solution?
The solution is easy to scale. All you need is to procure another license from Splunk and add new users.
Our company has approximately 500 users of Splunk ITSI.
How are customer service and support?
Technical support from Splunk is very good. I would rate them a five out of five for service and support.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of Splunk ITSI is simple.
What's my experience with pricing, setup cost, and licensing?
The pricing of Splunk is a bit high. I would rate it a four out of five when thinking about the affordability of the solution.
What other advice do I have?
I would recommend this solution to all big enterprises that actually have live traffic, like banks or telecoms.
Overall, I would rate Splunk ITSI an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Delivery Partner APAC and MEA at Tata Consultancy
Lots of easy out-of-the-box integration
Pros and Cons
- "ITSI's most valuable feature is that it's easy to integrate DLP."
- "The cost of the license could be lower."
What is most valuable?
ITSI's most valuable feature is that it's easy to integrate DLP.
For how long have I used the solution?
I've been using Splunk ITSI for two to three years.
What do I think about the stability of the solution?
ITSI is stable.
How are customer service and support?
Splunk's technical support is very fast.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
We used a vendor team.
What's my experience with pricing, setup cost, and licensing?
The cost of the license could be lower.
What other advice do I have?
Splunk ITSI is fast and provides a lot of out-of-the-box integration. I would give this solution a score of eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Splunk Presales & Splunk Technical Engineer at Westcon-Comstor
Easy to use with multiple potential use cases and has a reasonable price
Pros and Cons
- "It's scalable and expands well."
- "We'd like them to show more inputs on the dashboard."
What is our primary use case?
We primarily use the solution for monitoring our infra.
We use it for monitoring the potential application, depending on what the data source ingestion is. There are many use cases. Based on the data source, we can know the best recommendation use case to provide to the customer. For example, if you are ingesting data from the firewall, you can see any traffic from the firewall itself.
What is most valuable?
There are many use cases. You can use it for all kinds of ingested data.
The solution is stable.
It's scalable and expands well.
It's easy to use.
What needs improvement?
We haven't come across any shortcomings.
We'd like them to show more inputs on the dashboard.
The Wizard should be easier to use.
For how long have I used the solution?
I've been dealing with Splunk for three years and this particular solution for two.
What do I think about the stability of the solution?
The solution is very stable. There are no bugs or glitches and it doesn't crash or freeze.
What do I think about the scalability of the solution?
It is a scalable product.
We have around ten people using it currently.
How are customer service and support?
I don't have any insights into technical support. It's the same level of support as Phanton, as far as I know.
How was the initial setup?
I don't directly handle the deployment. I can't speak to if the implementation is easy or hard.
What's my experience with pricing, setup cost, and licensing?
There is a licensing fee a company would have to pay. The amount would depend on the data ingestion. It varies according to a company's use. It's not overly expensive.
What other advice do I have?
We sell and support this product.
The product can be deployed on-premises and the cloud.
I'd rate the solution nine out of ten. We're quite pleased with its capabilities.
I would recommend the solution for others who need to monitor their infrastructure.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Security Architect at a tech vendor with 10,001+ employees
Feature-rich, good reporting, and easy to install
Pros and Cons
- "In my opinion, Splunk IT Service Intelligence (ITSI) is better than QRadar. With the help of Splunk, we can get results."
- "The dashboard queries should be improved. More queries should be suggested in order to produce better dashboards."
What is our primary use case?
I use Splunk IT Service Intelligence (ITSI) for SIEM.
What is most valuable?
Splunk IT Service Intelligence (ITSI) is a very good tool.
Splunk IT Service Intelligence (ITSI) is superior to QRadar in my opinion. We can get results with the help of Splunk.
Splunk outperforms IBM QRadar in terms of functionality.
What needs improvement?
The dashboard queries should be improved. More queries should be suggested in order to produce better dashboards.
For how long have I used the solution?
I have been working with Splunk IT Service Intelligence (ITSI) for one year.
What do I think about the stability of the solution?
Splunk IT Service Intelligence (ITSI) is a stable solution.
How are customer service and support?
I have never contacted technical support.
Which solution did I use previously and why did I switch?
I have worked with IBM QRadar, Splunk, and Sentinel.
People say that IBM QRadar is easier to implement as well as to query things.
How was the initial setup?
The initial setup is straightforward. It is very easy to implement.
What's my experience with pricing, setup cost, and licensing?
Splunk pricing is high.
Which other solutions did I evaluate?
I was exploring LogRhythm, and multiple SIEM solutions, because we wanted to purchase a SIEM tool.
What other advice do I have?
Definitely, I would recommend this solution to others who are interested in using it. Splunk should be used because it provides a better solution in terms of SIEM as well as reporting. If you want to use that tool for reporting purposes, it is a fantastic tool. You only need to create a query to get started.
I would rate Splunk IT Service Intelligence (ITSI) an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Works at a tech services company with 201-500 employees
Monitoring and analytics with comprehensive visibility, is agile, and integrates well, but the price can be reduced
Pros and Cons
- "The most valuable features are the agility, being able to ingest many data sources with no limitation on capacity."
- "The problem becomes the price, as Splunk is an expensive product."
What is our primary use case?
The primary use case of this product is for infrastructure monitoring, and involving machine learning with IT-related scenarios.
What is most valuable?
The most valuable features are the agility, being able to ingest many data sources with no limitation on capacity.
It's flexible in terms of capacity and different sources, which is very good. You can build reports, alerts, and dashboards very quickly.
It offers comprehensive visibility and integration with the applications in the Splunk base, where you can find more than 2000 applications and most of them are free.
It allows you to integrate with the leading vendor's software and hardware. Through these applications, you can extend the capabilities of the platforms.
You can get the pre-built dashboards and connectivity to many deeper elements with the product. For example, for Palo Alto firewalls, VMware, and all of the main vendors, it is easy to extend this on your own.
The Splunk community will add knowledge as the documentation is very comprehensive, and has a Q&A site.
You can store the entire data and keep it saved from different sources. The schema is only defined as soon as you ask the question and you do the search.
On the IT side, machine learning has the ability to analyze patterns in the data and predict events according to the trends. It can detect anomalies and display them on dashboards with the ability to drill up, or down to the specific elements or a specific event.
Splunk stores the data collectively, meaning that the same data can be used by different departments in the organization. It avoids the silo structure that is very common, unfortunately. Many organizations including big enterprises generate large amounts of data and the ability to collect it centrally with all of the different parts of the organization, with different access to the same data is very helpful.
What needs improvement?
The problem becomes the price, as Splunk is an expensive product. In some regards, it's not a large issue because when you compare apples to apples and not look only into the price tag, but, look at the infrastructure, the platform, office time, and the people that you need to operate the other products, you will see that it's not necessarily an expensive product. It may even be cheaper than the others when looking at the bigger picture.
For how long have I used the solution?
I have been using this solution for four months.
What do I think about the stability of the solution?
It's a stable tool.
What do I think about the scalability of the solution?
This solution is scalable and it's up and running very quickly.
How are customer service and technical support?
With technical support, there is a strict SLA that is published. It's public and except for one case, which was very nonstandard and not according to best practice, usually, it's very good.
Which solution did I use previously and why did I switch?
I came from a different background. I was not selling any other product before Splunk.
How was the initial setup?
It's very intuitive. The language is rich.
What was our ROI?
The return on investment is very quick. As soon as your implementation is complete, adding new data sources is fast. It's intuitive and if you know how to use it, you can get value within days.
What's my experience with pricing, setup cost, and licensing?
I would prefer that the price be reduced, as it would be easier to implement it and to sell it.
What other advice do I have?
Splunk is an organization that identifies the needs in the market.
They see that it would take time to develop in-house, so they look into other companies that are doing the best at the stream and they simply purchase it and embed it into Splunk. Some examples are Phantom and the SignalFx.
If you want to make the best out of this product, you need to learn it. You will need dedicated personnel because there is a lot that can be done with it. In fact, there are practically no limits. You just have to have a good imagination and the sky's the limit. You can do whatever you want.
The language is very rich. It allows you very deep analytics and it's very fast. The ability to present the insights is very quick and it's adaptable and extendible.
In the last few years, the need to analyze data is increasing. There are many organizations that use 30 to 50 different tools. My advice would be to get to know the philosophy of Splunk. It is a centralized data platform that can digest any kind of data.
It can be extended to whatever size they need and they can eliminate the need for usage of all other tools.
A problem is that sometimes their decision may not be made based on logic. If for example, the customer purchased a different solution a few years back and from that moment on, even with the product limitations and was a very good product at the time, it lacks a lot of functionality today. The organization already invested thousands of man-hours in this product, which is consuming a lot of resources within the organization. It's not a logical decision, it's an emotional decision.
What I learned in business administration when I was in university was "Forget Splunk costs, this is the main rule when you are doing your assignments." Splunk is Splunk.
It is very easy to work with startups with new organizations. A startup company is one thing but when you have already invested in many other solutions you need to rethink your strategy and the way you work with the data, the value of the data, and where you think that your data can take you.
Many are not aware of the solutions that are available to them.
I am not aware of any specific areas in which the product lacks. Splunk is not only a great product but also, as a company it really supports its users with the customer support program and all of the documentation they have available, all of the conventions that are arranged, meet the experts, case studies, use cases, and the YouTube channel. If others were exposed to these concepts they would think it was the right decision to go with this product.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Buyer's Guide
Download our free Splunk ITSI (IT Service Intelligence) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
IT Alerting and Incident Management Application Performance Monitoring (APM) and ObservabilityPopular Comparisons
Splunk Enterprise Security
Elastic Observability
SolarWinds NPM
PRTG Network Monitor
ServiceNow IT Operations Management
Buyer's Guide
Download our free Splunk ITSI (IT Service Intelligence) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- What is an incident response playbook and how is it used in SOAR?
- What is the difference between mitigation and remediation in incident response?
- What tools and solutions do you use for automated incident response in an enterprise in 2022?
- What measures should a business have in place to enable an effective incident response for data breaches?
- Why a Security Operations Center (SOC) is important?
- What are some Incident management best practices to keep in mind?
- GoDaddy has been hacked again. What can be done better?