What advice do you have for others considering Splunk ITSI (IT Service Intelligence)?

I would rate Splunk ITSI eight out of ten. Other APM tools have limited features, so I recommend Splunk because it allows you to go beyond pre-built functionalities. With Splunk, you can create custom rules for application monitoring and tailor data visualization for enhanced visibility. Splunk's flexibility extends to designing personalized dashboards and metrics, providing a limitless monitoring experience. Splunk ITSI requires maintenance for upgrades either annually or biennially. Splunk is a comprehensive solution that offers log monitoring and the ITSI observability suite, eliminating the need for multiple tools and the associated complexities in maintenance and cross-team coordination. Splunk's flexibility allows for adopting features like APM as needed and seamlessly adding further monitoring capabilities in the future, such as user experience monitoring, synthetic monitoring, or additional log monitoring. This adaptability, along with Splunk's ability to correlate data across different monitoring areas, makes it an ideal unified platform for comprehensive monitoring and observability.

Splunk is good. It gives good customized options. Any logic or Python script we need to add, we have the freedom to do so. Most solutions aren't as customizable. I'd recommend the solution to others. I'd rate it eight out of ten.

I rate Splunk ITSI eight out of 10. I would recommend Splunk ITSI, depending on the company's context. If the ITSM solution they have serves them well, I don't think it's necessary to switch to ITSI because it's costly. I would only recommend it to someone who knows they will get a return and have the capital to invest. Small companies probably have a bit of difficulty using ITSI. If you're a big company having issues, ITSI can help you out. I recommend new users read the documentation carefully and watch a few videos on it. The first thing is to wrap your head around the concept. If you try to speculate at once without understanding a few things, it could be a lot more difficult. It's helpful if they stop and read the documentation to understand each piece.

I rate Splunk ITSI nine out of 10 and would recommend it, depending on the use case. If someone wants to switch, it comes down to a financial decision. You need to compare your current platform's capabilities to what Splunk can offer you. If it's a perfect match, then I would say go for it. Sometimes, there's a steep learning curve, but you get out of it what you put into it. The visualizations are great, and the ITSI search function enables you to narrow down log analytics well.

I would rate Splunk ITSI eight out of ten. I suggest using Splunk because the live data is good. The market is constantly evolving, with new applications and alternatives emerging yearly. Splunk offers a full suite of tools and add-ons that can match or exceed the capabilities of these alternatives at a similar cost. Although Splunk may be more expensive, it provides a robust cloud-based solution and can significantly simplify data management and analysis tasks, ultimately improving efficiency. End users do not need to perform maintenance; however, as administrators, we are responsible for monitoring the environment for updates and changes. Users familiar with Splunk's flexibility and features will more easily experiment and envision how the solution can best fit their organization's needs.

I would rate Splunk ITSI an eight out of ten. It is pretty good, but there are some inflexibilities with the analyzer that can be annoying.

Overall, I rate the solution a seven out of ten. I'm getting up to speed with it.

I'm a Splunk customer. We don't have Splunk integrated with any other solutions. For someone who already has an APM solution, but is considering switching to Splunk ITSI, I'd advise them to take a look at it against other solutions. However, Splunk is very, very good. It's likely to help any organization. I'd recommend it over a different monitoring solution. It eliminates much broader downtime and allows teams to act on alerts faster. resilience is very important to us and Splunk helps us maintain that. It's very reliable. I'd recommend the solution to others. It's a good idea to go through the documentation so that everyone is on the same page with the setup. I'd rate the solution ten out of ten.

I would rate Splunk ITSI 7 out of 10. For organizations already using a different APM solution, Splunk ITSI offers a compelling alternative. While other tools might focus on onboarding metrics, Splunk ITSI prioritizes log data analysis for deeper insights. In addition to ITSI's capabilities, a Splunk Enterprise license unlocks log monitoring functionalities. This provides a comprehensive solution, and if you plan to migrate to Splunk Enterprise Security in the future, you'll be well-positioned. By purchasing a single Splunk Enterprise license and the ITSI and Enterprise Security premium apps, you'll gain a one-stop shop for all your event management, internal monitoring, and APM observability needs. Splunk ITSI is deployed in multiple site clusters and located in multiple data centers. We have around 500 users. Platform maintenance is handled by the Linux team. We take care of everything else. I recommend Splunk ITSI to those looking to implement ITSI.

I would rate Splunk ITSI eight out of ten. I recommend Splunk ITSI over other APMs because we can monitor everything from a single console. Splunk ITSI is deployed across multiple locations. No maintenance is required for Splunk ITSI.

I would rate Splunk ITSI eight out of ten. We're currently working on implementing adaptive thresholds. This functionality would analyze service trends over the past seven days automatically set thresholds and generate incidents based on that data. Successfully implementing this would be a significant achievement, but we're encountering some technical challenges. We've opened a support case with Splunk to address these issues, and we're hopeful for a resolution within the next few weeks. We have around 150 people using Splunk ITSI. Two people are responsible for the maintenance of Splunk ITSI in our organization. I would rate the resilience of Splunk ITSI nine out of ten. In my experience starting my career with Splunk, I haven't encountered any marketing tools that can quite compare. Splunk offers a comprehensive set of features and well-organized documentation. The detailed and clear documentation that Splunk provides is something I particularly appreciate. I recommend Splunk ITSI.

Choosing IT Service Intelligence (ITSI) over other vendors is a superior option now, as it operates on a data platform capable of efficiently collecting and managing large volumes of machine-generated data. It would greatly support the utilization of proper predictive analytics due to the capability to preemptively prevent incidents ten to twenty minutes in advance. Overall, I would rate it eight out of ten.

We might be partners with Splunk. It's readily available. You don't have to wait very long to witness the benefits of the solution. I'd rate the solution seven out of ten. If you are looking for an AI solution alongside APM, use a platform with everything in place. However, if you still want to go for a dedicated AIS platform, make sure it integrates with your existing logging and APM tools. However, my position is that it's better to use one platform for the entire opportunity.

I would rate Splunk ITSI eight out of ten. The visibility is good, but the issue we are interested in is split into different factions in some parts. Currently, we are not using ITSI to its full potential. The organization is enterprise-scale, which is huge. It is therefore very difficult to implement some of the ITSI best practices because we have so many different areas, each doing things differently. Standardization is difficult to achieve because everything is so massive. We could better use ITSI to its full capacity, but that is on us. However, I think it would work much better if it were a bit smaller in scale. Cost is definitely a concern. Splunk can be quite expensive, especially if we are tied into a contract. However, it offers more features and capabilities than other solutions. I don't have a lot of experience with Splunk, but the way it aggregates data is very good. It can also parse and strap data, and search and operate on the data that is sent in. This is also very good. I suggest cleaning up the data before sending it to Splunk. This will make it easier to get real-time monitoring of the data needed. We pay for ingestion and storage, so it makes sense to only send in the data that we need. Splunk is a very good tool to use for building and operating real-time analytics dashboards. It has very good visualization, data separation, and real-time analytics capabilities. It can also create very complex queries that can do a lot. We have over 50 users spread across the organization, and we implement around 100 or more services. Each service may have a tech lead in x and y and an architect in z. Therefore, Splunk ITSI reaches out to many different people in those departments. Splunk Cloud takes care of all the maintenance. We simply open a case and they implement any new version as needed.

I would rate Splunk ITSI a nine out of ten. Not a ten because the learning curve makes it tricky.

I would rate Splunk ITSI an eight out of ten.

Our clients monitor multiple cloud environments. We get data from different third-party clouds like Google Cloud, Microsoft Azure, or AWS. Sometimes, we also use Snowflake. Customers mostly try to build out their own dashboards and knowledge objects. They use Splunk IT Service Intelligence to be notified about any exceptions or critical issues. We cannot integrate the product directly with the cloud applications. First, we have to integrate our core Splunk with different clouds. We must first integrate add-ons using Splunkbase, a REST API mechanism, or an HTTP Event Collector (HEC) mechanism into core Splunk. Then, we can use the same ad-hoc search in Splunk IT Service Intelligence to get proper glass tables and results. It's easy to monitor multiple cloud environments using the solution, but we could directly integrate with it if it had the right integration features. It is important for our organization that the solution has end-to-end visibility into our cloud-native environment. In today's world, most data goes into the cloud. Every organization wants to move the data to the cloud so that it would be more reliable and they can get the data easily. It's less cost-effective as well. So, most organizations are going to the cloud. It's really beneficial and important to the customers because they can easily get the data from the cloud and perform cost optimizations. Managing cloud-native environments with the solution is cost-effective. The product has definitely helped reduce our mean time to resolve by 70%. If it has built-in machine learning or artificial intelligence techniques, it will be helpful to reduce the remaining 30%. The tool has helped improve our customer's business resilience. Different SIEM applications and tools are available for enterprise security in today's world. Splunk's next version will have enhanced SOAR features. It will be useful if the product has additional features to help customers and organizations. We used the MLTK app from Splunkbase and deployed it in Splunk IT Service Intelligence. It helped us to do predictive analysis, forecasting, and anomaly detection. It helped us gain some insights. I rate the tool's ability to provide business resilience a seven out of ten. If we have a Splunk add-on for Unix and Windows, we can use those add-ons in our core Splunk to get the base monitoring, like OS metrics. For these things, Splunk has PowerShell scripts. It runs every five minutes. So, it is not in real-time. Every organization would need real-time monitoring. The product should provide these features in real time. For OS metrics, we use custom thresholds. Our customers see time to value within seven days. We implement Splunk with minimal architecture, like two deployment servers, two heavy forwarders, four indexes, and three searchers. We initially had the search factor as two and the replication factor as two. We had very little data initially. We tested in our lower environment with the POC and found the data the customers wanted to see in Splunk. It was helpful for the customers. They can find the exceptions, write their own search queries, and build their own knowledge objects. We get different types of security management tools in the market, like Enterprise Security, SOAR, and Phantom. The product brings a lot of value to the customers. It gives a lot of insights into notable events and predictive analysis. It also has a good dashboard. I expect the solution to provide enhanced features in the upcoming release. Attending Splunk conferences provides us with an opportunity to interact and get more details on the products from different vendors. More than 1,000 vendors attend the conferences. The more we interact with the vendors, the more insights we get from them. It is also helpful to build relationships with the vendor. Overall, I rate the tool an eight out of ten.

I rate Splunk ITSI an eight out of ten. Anyone who is considering a point monitoring system instead of Splunk ITSI should know that with ITSI, we gain access to several other features. Even just with the service analyzer, we can observe our KPIs and identify their affected components. We can determine which settings are causing the issues and make informed decisions, such as trying alternative options. We can also evaluate if a particular KPI has significant importance, as it has a substantial impact on the overall order of operations. This provides us with a detailed perspective in terms of data and other relevant aspects. While it may not offer a purely granular view, having everything consolidated into a single interface is extremely convenient. Working with ITSI requires a considerable level of willingness and experience. However, as we are transitioning towards various new tools, including the ability to easily integrate plug-and-play devices, the only issue with ITSI might be the initial setup. Once we have it implemented, we will have the capability to accomplish all our desired tasks. The way Splunk sells ITSI is not the way we use it. We can make much better use of ITSI. The most important aspect, in my opinion, of ITSI is the episode review. For instance, when we encounter an issue that is not immediately visible, how can we evaluate that aspect? Therefore, ITSI is beneficial. From my perspective, we need individuals to sit down and explain how it works, as it can be confusing initially. However, once we have a clear understanding, it works well. In my organization, my team is the only one working with ITSI. We handle all deployments, and typically, we deploy on public cloud infrastructure such as Azure, AWS, and GCP. Nowadays, most deployments are cloud-based. Additionally, with the rapid growth of Splunk Cloud, installation is not a concern as it is taken care of. Our focus is on the implementation if we choose to go the Splunk Cloud route. However, we still handle the installation process ourselves, so we need to ensure our preparedness in that regard. We have roughly 20 people in our organization that use Splunk ITSI. In the beginning, we need to ensure that the data we receive is valid. Once we have confirmed its validity, we can rest assured that the system will generate alerts, eliminating the need to worry about maintenance. I recommend Splunk ITSI for organizations that are interested in IT operations, monitoring, or analytics. By ensuring optimal utilization of Splunk ITSI, organizations can achieve a good return on investment that justifies the purchase.

I'd advise learning the tool properly, understanding its capabilities, and utilizing it efficiently. One of our clients was paying hundreds of dollars towards the license, but they were utilizing it only for server monitoring. To someone who already has an APM solution but is considering switching to Splunk ITSI, I'd say that switching to ITSI is going to help them a little bit more. The grouping of the ticket to the users can be easily planned. It's not rocket science. It's easier compared to the other tools where you need to create a lot of configuration for that. The configuration has been segregated, which makes it easy for the applications team to set up their own monitoring and group them to avoid the number of tickets generated. You also have predictive analysis along with heat maps and glass tables, which aren't available in other APM tools in the market right now. Overall, I'd rate Splunk ITSI an eight out of ten.

I give Splunk ITSI an eight out of ten. Splunk ITSI is a cheaper and easier-to-use alternative to APM solutions. Unlike APM solutions, Splunk ITSI also helps with application management, memory management, host log volume, and CPU usage. Our clients vary in size, with some using small amounts of data and others using terabytes of data within Splunk ITSI. Splunk ITSI maintenance involves updating the software and ensuring that it is compatible with the applications that it will integrate with.

I would recommend this solution to all big enterprises that actually have live traffic, like banks or telecoms. Overall, I would rate Splunk ITSI an eight out of ten.

We would rate this solution a ten out of ten.

Splunk ITSI is fast and provides a lot of out-of-the-box integration. I would give this solution a score of eight out of ten.

Definitely, I would recommend this solution to others who are interested in using it. Splunk should be used because it provides a better solution in terms of SIEM as well as reporting. If you want to use that tool for reporting purposes, it is a fantastic tool. You only need to create a query to get started. I would rate Splunk IT Service Intelligence (ITSI) an eight out of ten.

We are a Splunk reseller. We're consultants. We use Splunk to develop a solution for our customers and therefore use multiple deployment models. Overall, on a scale from one to ten, I would rate this solution at a ten.

My biggest piece of advice would be to make sure you have access to the data that you need and know what that data is. The product itself is going to do what it's going to do; there are no issues with that. However, it's gaining access to all those things in the background, that's the problem. If you're a smaller organization or you're highly centralized, getting access to that data may be really simple. For an organization the size of RBC, with the amount of segregation across the organization and the amount of division within the organization, it's more challenging. For this reason, our infrastructure partners use a different tool. They don't use Splunk, they use ELK. They're very much down that road, so getting access to data when the team that you're trying to partner with has a different solution, can sometimes be more difficult. On a scale from one to ten, I would give this solution a rating of eight.

This is a powerful solution requiring configuration to meet your needs.

Splunk is an organization that identifies the needs in the market. They see that it would take time to develop in-house, so they look into other companies that are doing the best at the stream and they simply purchase it and embed it into Splunk. Some examples are Phantom and the SignalFx. If you want to make the best out of this product, you need to learn it. You will need dedicated personnel because there is a lot that can be done with it. In fact, there are practically no limits. You just have to have a good imagination and the sky's the limit. You can do whatever you want. The language is very rich. It allows you very deep analytics and it's very fast. The ability to present the insights is very quick and it's adaptable and extendible. In the last few years, the need to analyze data is increasing. There are many organizations that use 30 to 50 different tools. My advice would be to get to know the philosophy of Splunk. It is a centralized data platform that can digest any kind of data. It can be extended to whatever size they need and they can eliminate the need for usage of all other tools. A problem is that sometimes their decision may not be made based on logic. If for example, the customer purchased a different solution a few years back and from that moment on, even with the product limitations and was a very good product at the time, it lacks a lot of functionality today. The organization already invested thousands of man-hours in this product, which is consuming a lot of resources within the organization. It's not a logical decision, it's an emotional decision. What I learned in business administration when I was in university was "Forget Splunk costs, this is the main rule when you are doing your assignments." Splunk is Splunk. It is very easy to work with startups with new organizations. A startup company is one thing but when you have already invested in many other solutions you need to rethink your strategy and the way you work with the data, the value of the data, and where you think that your data can take you. Many are not aware of the solutions that are available to them. I am not aware of any specific areas in which the product lacks. Splunk is not only a great product but also, as a company it really supports its users with the customer support program and all of the documentation they have available, all of the conventions that are arranged, meet the experts, case studies, use cases, and the YouTube channel. If others were exposed to these concepts they would think it was the right decision to go with this product. I would rate this solution a seven out of ten.