Splunk ITSI (IT Service Intelligence) Reviews

We are a solution provider with many technologies. We use Splunk to customize solutions with Splunk. For example, we try to give our customers a great visualization experience. And sometimes we develop on the Splunk platform, like JavaScript, to provide the customers a better visualization. We also implement ITSI. In-house we can implement Enterprise Security.

We can customize the visualization. For example, if the customer wants to have a better visualization experience, we can develop it on the front-end of the platform in order to provide a better user experience.

The flexibility to develop and consolidate many solutions into one platform is great. We've portrayed many parts of the solution in order to provide complete solutions. We can develop various parts that customers desire into Splunk platform due to the fact that it is so flexible and does allow for customization and specific tweaks.

Some of our customers occasionally require the development of the connectors when there are no native connectors so that we can develop in Python or for customer slash comments as well. If they could adjust that, it would be ideal.

We've been using the solution for a while. We implement it for clients.

The solution is great in terms of stability. It doesn't have bugs and it's not glitchy. It doesn't crash or freeze. It's rather reliable.

The scalability is great. We can scale horizontally, meaning we can deploy a small solution, and if, according to the needs, it needs to expand, it can horizontally do so. 

We implement Splunk to our clients, and they all vary in size. We've implemented it to banks and in places where there are more than 500 users on Splunk. Some of the implementations were sizable.

Typically, implementation is complex initially. Splunk is easy to set up when you are looking at the basics. When you're looking for advanced configurations or advanced development it's never easy but it's possible.

We are a Splunk reseller. We're consultants. We use Splunk to develop a solution for our customers and therefore use multiple deployment models.

Overall, on a scale from one to ten, I would rate this solution at a ten.

Splunk ITSI (IT Service Intelligence) is primarily used for managing alerts and events. It helps me monitor different APIs in inbound and outbound scenarios and triggers alerts. The tool is primarily used to handle threat intelligence and manage event alerts, despite certain limitations like false positives.

Splunk ITSI has enabled us to better manage events and alerts, aiding in quicker data retrieval and enhanced system uptime. Its ability to correlate multiple event sources allows for comprehensive integration, which has been valuable in improving our organization's security posture.

Splunk ITSI allows for integration with threat intelligence, enabling my organization to correlate more than two events for generating alerts. It has a swift data ingestion and retrieval capability due to its robust query language. The system helps reduce data loss and improve event management, offering a platform for various deployment models. The global trust in its capabilities is evident, especially given the preference by financial sectors. Additionally, having features like IT Service Intelligence enhances our organization by providing actionable insights quickly, which is crucial for operational efficiency.

Splunk ITSI could benefit from including more features that other solutions support, such as vulnerability management modules. This would help manage vulnerabilities effectively, allowing my organization to track patch management and compliance more thoroughly. It would be beneficial to include a feature that provides comprehensive vulnerability management similar to open-source solutions.

I have been working with Splunk ITSI (IT Service Intelligence) for nearly two and a half years.

Splunk ITSI is quite stable, and I would rate its stability at around eight point five to nine. The setup, however, must be done correctly as incorrect deployment can lead to issues.

Splunk is highly scalable, with the ability to expand efficiently. I would rate its scalability at nine.

Having worked closely with Splunk support engineers, I've observed their high capabilities in resolving issues. The technical support is excellent, and I would rate it at ten.

Positive

Previously, we have used other solutions like Wazuh and IBM QRadar. We recommend Wazuh primarily due to its lower cost and robust capabilities, although it may lack in certain areas where Splunk ITSI excels.

The initial setup for Splunk ITSI can be a complex process, especially when compared to the simplicity of open-source solutions like Wazuh.

Pricing can vary significantly based on the selected modules and deployment choices. Splunk ITSI tends to be more expensive compared to some open-source solutions.

We have evaluated several solutions, including Wazuh, IBM QRadar, and other open-source platforms.

Overall, I would rate Splunk ITSI at nine or nine point two. I would recommend it for enterprise-level organizations due to its cost implications; smaller companies may prefer open-source solutions to reduce expenses. The solution could improve by integrating more vulnerability management features. I would rate the overall solution at nine.