Splunk ITSI (IT Service Intelligence) Reviews

The main use case for Splunk ITSI (IT Service Intelligence) is monitoring events. I also use it for reporting on the availability of services.

One example of how I use Splunk ITSI (IT Service Intelligence) in my day-to-day work is monitoring the ejection rate of remote sites. I have equipment engineers log the data, and then I index the logs into Splunk ITSI (IT Service Intelligence). I use those indexed events to perform calculations and evaluate performance every 15 minutes. Whenever there is a drop in performance, I quickly take action. This enables me to avoid big incidents and major issues.

The best features that Splunk ITSI (IT Service Intelligence) offers are the real-time indexing. It is very powerful and has helped me tremendously.

Real-time indexing in Splunk ITSI (IT Service Intelligence) has helped me by requiring me to take actions as soon as possible before the customer even notices the issue. Splunk ITSI (IT Service Intelligence) offers excellent calculation options.

Splunk ITSI (IT Service Intelligence) has impacted my organization positively because it helps me take action before an incident happens. I use predictive maintenance-based analysis.

Before switching to Splunk ITSI (IT Service Intelligence), I didn't have any type of IT solution.

Splunk ITSI (IT Service Intelligence) can be improved because there are some events that get missed in indexing, especially on the stats and AC stats. If I could have 100% of events indexed in Splunk ITSI (IT Service Intelligence), that would definitely make my reports more accurate and help me take informed actions.

I have been using Splunk ITSI (IT Service Intelligence) for the past five years since I joined the company.

In my experience, Splunk ITSI (IT Service Intelligence) is very stable.

Contribution-wise, Splunk ITSI (IT Service Intelligence) is great and very much scalable. It can be used in various departments for various specific cases.

So far, the customer support for Splunk ITSI (IT Service Intelligence) is great. I haven't logged many tickets, but for the few ones that I have submitted, I have received good feedback.

Before predictive maintenance in Splunk ITSI (IT Service Intelligence) was implemented, I was working on planned maintenance that was time-based. With predictive maintenance, I now have all the sensor data coming from the printer, and I can predict that the printer is going to fail in about 20 to 30 minutes. Then I send the technicians on the page before an incident, and this helps me reduce the downtime.

I wasn't involved in the choosing process or evaluating other options before choosing Splunk ITSI (IT Service Intelligence).

I have definitely seen a return on investment with Splunk ITSI (IT Service Intelligence).

My advice to others looking into using Splunk ITSI (IT Service Intelligence) is to be creative with it. The power is huge, so be creative.

I use Splunk ITSI (IT Service Intelligence) specifically for monitoring and alert management with a logistics vendor. It provides auto-ticketing functionality with ServiceNow integration that automatically creates tickets when issues occur. Additionally, I monitor e-commerce checkout pages through an integrated dashboard where I check all components. We have a Service Analyzer where we examine this section as well. I monitor bookings in Splunk ITSI (IT Service Intelligence) and check the latency of transactions across booking service, checkout service, and hotels. I use Splunk ITSI (IT Service Intelligence) through the dashboard with auto-ticketing and implementations that include ServiceNow with bidirectional integrations.

Regarding incident management, I have implemented it with other third-party systems integrated with Splunk ITSI (IT Service Intelligence). For instance, I am implementing Splunk ITSI (IT Service Intelligence) with Zabbix. When Zabbix connects, it sends data to Splunk ITSI (IT Service Intelligence), and I use episode-based correlation in incident management. When latency happens in Zabbix, it correlates with a notable event being triggered. I need to check those episodes by examining first event correlation and then episode creation with that particular incident to manage things effectively. If the incident is coming from the same host with CPU higher than eighty percent, it will combine that particular incident within that ticket. If it is from a different host, then the episode breaks. This is how I manage those incidents.

I use the intelligent alerting feature in Splunk ITSI (IT Service Intelligence). Intelligent alerting helps in reducing alert fatigue by using adaptive thresholds and a dynamic alerting system that I use for breaches. I use machine learning within Splunk ITSI (IT Service Intelligence) where event correlation is created. Throughout the day, there is very less traffic in the morning time, and it peaks during US hours. Based on that, I create the adaptive threshold, and the intelligence helps me in creating that event correlation and breaking episodes according to the dynamic threshold. For anomaly detection, I check sudden traffic spikes and analyze deviations first to avoid false positives. For example, during a cyber attack, I send details to Splunk and map it in MITRE, where it checks how many times a login was attempted, matching it against the dynamic threshold and triggering alerts.

For health monitoring, my primary metrics involve CPU latency or errors. I set up a Splunk health analyzer where I check KPIs, focusing on different KPIs based on infrastructure needs, including CPU and latency errors. Key metrics include TP99 and TP95 alongside customized metrics like booking thresholds and transaction monitoring. Depending on the context, when I worked in logistics, I monitored ticket creation issues, I focused on CPU, memory, thread activity, and database errors.

I find predictive analytics to be a favorite topic of mine as it aids the decision-making process significantly. I use agent-based predictive analysis, particularly in case scenarios. Before issues arise that affect real customers, I can predict potential problems. I utilize Real User Monitoring (RUM) and other scripts for this analysis, checking data points gathered by agents installed in various locations. In Splunk ITSI (IT Service Intelligence), I leverage anomaly detections and forecast models based on historical data to identify potential service outages.

The best features of Splunk ITSI (IT Service Intelligence) are specifically for dashboarding, with the best being KPI monitoring. In my previous organizations, such as BMO, I needed to check how the data looked, and I appreciated the dashboard. The Service Analyzer part is where I get all that information on a single site. I also prefer the health score. Specifically, with any issue in Splunk ITSI (IT Service Intelligence), I can create a health score by using correlation searches, and then all those metrics are included. The auto-ticketing part is excellent, and I have used it.

Regarding customizable dashboards, they absolutely help me monitor critical business services. In my previous company, during resells every Friday, I checked whether there were real bookings or if it was a bot attack. I employ various methods, including radical buzz terminology in the dashboard, and I use drill-down, post-process methods, and token-based approaches. I also utilize glass table for dashboards, enabling drag-and-drop functionality, allowing me to highlight errors, latencies, and bookings while changing colors and backgrounds according to my needs.

Regarding areas for improvement, I see potential in enhancing smart alerting features and improving real user monitoring for better observability within Splunk ITSI (IT Service Intelligence). Splunk ITSI (IT Service Intelligence) could benefit from better handling of observed events, and it would be useful to receive notifications about outages and the ability to connect with servers for test execution directly from the Service Analyzer.

I have been using Splunk ITSI (IT Service Intelligence) since 2020.

I rate stability as an eight, recognizing there are still some issues to address.

Scalability is a bit challenging, mainly if high loads are encountered. I faced several issues with high thread usage, so I would rate it around seven to eight, particularly considering that scalability is crucial yet can be premium in cost.

I would rate the technical support as eight point five to nine, reflecting my extensive experience over the past fifteen years with Splunk ITSI (IT Service Intelligence).

Positive

I have explored many tools in the market including Datadog, Elastic, and Grafana. While working on a project for a significant company, I appreciate how Splunk ITSI (IT Service Intelligence) allows for automatic ticket creations and excellent integration with other platforms such as Zabbix, which significantly simplifies data management without manual intervention.

Regarding pricing, since Splunk ITSI (IT Service Intelligence) is a flavor of Splunk, there are no fixed prices as it depends on data volume. It is indeed a premium app within Splunk. The pricing reflects usage levels, and compared to others in the market, Splunk ITSI (IT Service Intelligence) provides a reasonable solution.

For those looking to implement Splunk ITSI (IT Service Intelligence), I recommend it specifically for service-centric monitoring and KPI indicators, although I would not recommend it for security purposes. I gave this product a review rating of ten.

My use case for Splunk ITSI is incident management. We check the episodes and troubleshoot them. With the incident management feature, we can categorize the client who has provided some knowledge bases. According to that, we troubleshoot the problem and escalate the issue to the client or the next teams.

The best features of Splunk ITSI are that it is safe and secure to hide the client details, and we can check all previous incident or episode details. We can categorize them with priorities and add the knowledge base. These features are very frequent and sophisticated and good to use for the user, and it is simple and easy to understand.

Regarding customizable dashboards, we can find that the episodes were auto-triggered. We have all the information whether the count is increasing, if it is severe, critical, or priority-based. We can check and categorize all that, and it is simple and very effective in workflow.

There are areas in Splunk ITSI that have room for improvement, such as the episodes, the speed, or the accuracy. Sometimes they do not clear and sometimes they auto-populate, and without any reason, sometimes the episodes or incidents were triggered by Splunk ITSI, which confuses us sometimes. The only other area for improvement besides the speed and accuracy is nothing else.

I have been using Splunk ITSI for two years from 2024.

I would rate the stability of Splunk ITSI as 7 to 8, as I mentioned earlier with some complaints about accuracy and speed.

For scalability, I will give 10 out of 10.

I would rate the technical support that Splunk provides as an eight.

Positive

I do not have an idea about other vendors since it is my first project and first tool that I used, but I felt very comfortable with this.

The deployment is easy. It takes time according to the task or activity, but not too much time; we are comfortable with the time frame.

We do not do any maintenance, as the other team will handle those things; we just monitor.

It has saved me a lot of money and a lot of time. It is above 60%, not 10% or 20%.

Regarding pricing, I think it is cost-efficient, helpful, and effective for both the clients and the delivery partners.

I do not use the intelligent alerting.

I would advise others looking to implement this product that it feels safer and I will definitely recommend it. 

I use it to investigate research on logs and data.

One of the main downsides is the complexity of configuration and maintenance, especially when dealing with large-scale environments.

I use intelligent alerting, and it is very effective in reducing noise and prioritizing critical incidents based on impact.

The predictive analysis feature is quite useful, as it helps identify potential issues before they impact services and allows for proactive action.

The customizable dashboards are very helpful and provide great visibility. Though, configuring them can take some time to align with specific business needs.

Overall, it is quite stable, though occasionally lag can occur during heavy data processing or large dashboard loads.

It is highly scalable and can handle large volumes of data efficiently, as long as the infrastructure is properly sized and optimized.

One of the main downsides is the complexity of configuration and maintenance, especially when dealing with large-scale environments.

The pricing is on the higher side, especially for large deployments. It is justified by the depth of insights and customization it offers.

I have almost two years of experience with Splunk ITSI (IT Service Intelligence).

Overall, it is quite stable, though occasionally lag can occur during heavy data processing or large dashboard loads.

It is highly scalable and can handle large volumes of data efficiently, as long as the infrastructure is properly sized and optimized.

On a scale from one to ten, I would rate scalability around nine because it adapts well to growing data and user demands.

I have contacted their technical support a few times, and they were quite responsive and helpful in resolving configuration issues.

I rate them around an eight out of ten for their responsiveness and technical expertise.

Alternative tools include Dynatrace and AppDynamics, which offer similar monitoring and performance insights.

The initial deployment can be challenging because it requires proper configuration and data mapping. However, once setup is done, it runs smoothly.

It takes around a few weeks to fully deploy and fine-tune the configuration for optimal performance.

Alternatives include Dynatrace and AppDynamics, which offer similar monitoring and performance insights.

I would choose AppDynamics and Splunk ITSI (IT Service Intelligence) because of its flexibility and strong correlation capabilities across complex IT environments.

We use Splunk ITSI to monitor the different stages, spaces, and processes of payment operation.

Splunk helps us improve our incident response time. We have a dedicated observability monitoring team that continuously monitors our systems for failures or delays in payments, 24/7. This monitoring generates alerts that we use to identify potential issues. We have established SLAs for all of these issues. Splunk allows us to alert the appropriate people well in advance of a potential breach, so they can resolve the issue faster and minimize downtime.

I would rate Splunk's predictive analytics for preventing incidents an 8 out of 10.

Splunk ITSI has helped reduce our mean time to resolve.

The most valuable features are the service analyzer and Glass Tables.

Since ITSI is primarily used for monitoring-related services, it would be beneficial if Splunk offered pre-built dashboards or a drag-and-drop interface for creating custom dashboards. This would simplify the process for users, especially for monitoring basic services like Windows and Linux servers. Currently, Splunk doesn't provide this functionality, requiring users to write queries and build dashboards manually. Including pre-built panels would significantly enhance the value of Splunk for ITSI users.

The end-to-end visibility in Splunk ITSI is limited and has room for improvement.

I have been using Splunk ITSI for over 1 year.

Splunk is generally considered stable when deployed on-premises. However, its performance on cloud platforms like AWS or others may vary.

I would rate the stability 7 out of 10.

The resilience of Splunk is based on how well it performs on high loads so I would rate it 7 out of 10.

I would rate the scalability 9 out of 10.

I am dissatisfied with the customer support team's response times. When we submit a ticket for a high-priority incident, it takes Splunk support approximately 2 hours to respond and connect with us. We have consistently experienced these delays on multiple occasions.

Additionally, when encountering issues with core configuration or out-of-the-box features, tickets are frequently reassigned to different representatives. This handoff process necessitates us to explain the problem repeatedly, which is frustrating and time-consuming.

Neutral

In my previous project, I successfully led the end-to-end deployment of a Splunk migration. The process went smoothly thanks in part to Splunk's professional services team. They conducted a thorough assessment, identified all our potential pain points, and developed a tailored solution and migration plan. This comprehensive approach ensured a seamless transition.

Our core deployment team consisted of 5 internal members and two specialists from Splunk. Additionally, the project included a project manager and a product owner. We also benefited from the expertise of two professional service consultants and two representatives from the customer's side. An on-site admin architect further provided valuable technical support.

Throughout the deployment process, we leveraged support from various resources whenever necessary. This included assistance with configuration changes, deployments, and other related tasks. We also collaborated effectively with our teammates to ensure a smooth and successful implementation.

For the implementation, we had a consultant from Splunk in-house.

Splunk ITSI is expensive. While tools like Grafana offer a significantly lower cost around 30 percent of Splunk's price, their capabilities are more limited. Splunk can ingest and store a much larger volume of raw data up to 50 percent compared to Grafana's 15 percent. This translates to greater observability but at a higher price point.

Splunk ITSI is worth the cost.

I compared Grafana, New Relic, and Dynatrace to understand their competitive landscape. Splunk was the most impressive option, except for its pricing.

I would rate Splunk ITSI 7 out of 10.

For organizations already using a different APM solution, Splunk ITSI offers a compelling alternative. While other tools might focus on onboarding metrics, Splunk ITSI prioritizes log data analysis for deeper insights. In addition to ITSI's capabilities, a Splunk Enterprise license unlocks log monitoring functionalities. This provides a comprehensive solution, and if you plan to migrate to Splunk Enterprise Security in the future, you'll be well-positioned. By purchasing a single Splunk Enterprise license and the ITSI and Enterprise Security premium apps, you'll gain a one-stop shop for all your event management, internal monitoring, and APM observability needs.

Splunk ITSI is deployed in multiple site clusters and located in multiple data centers. We have around 500 users.

Platform maintenance is handled by the Linux team. We take care of everything else.

I recommend Splunk ITSI to those looking to implement ITSI.

My main use is monitoring. We use Splunk ITSI (IT Service Intelligence) to predict workloads for a very big bank in Kenya. The client consumes their compute environment at either 80% or 60%, which helps us in monitoring.

It has saved the organization money by maximizing resource utilization so the company does not have to buy a lot of infrastructure if they do not need it. The infrastructure is there, and you can easily predict the workloads and distribute it evenly.

The best features Splunk ITSI (IT Service Intelligence) offers include prediction because you can get to know the resource utilization, and you can have an idea from a budgeting perspective of how many resources you will need at any given time, which helps the team in planning and budgeting.

It has saved a lot of time, made things more efficient, made budgeting easy, and made it enjoyable to learn and use as a tool. Installing it is easy, and using it is simpler than most other tools in the market. Splunk ITSI (IT Service Intelligence) is an easy tool to use, an easy platform to use, and it is simple to upscale and learn, so the team loves using it.

Splunk ITSI (IT Service Intelligence) can be improved through alerts and additional features. I use it more on the Linux side, and for Windows users, the Windows version is not as good as the Linux version, so more work needs to be done on the Windows version.

I have used Splunk ITSI (IT Service Intelligence) for two years.

In my experience, Splunk ITSI (IT Service Intelligence) is very stable.

Splunk ITSI (IT Service Intelligence)'s scalability is great because it is something you can deploy in the public cloud.

Customer support for Splunk ITSI (IT Service Intelligence) is great, especially when getting it from a partner.

I have used IBM Instana previously, but Splunk ITSI (IT Service Intelligence) has more features and is more enterprise-focused than IBM Instana, which was more SMB-oriented.

Installing it is easy, and using it is simpler than most other tools in the market. Splunk ITSI (IT Service Intelligence) is an easy tool to use, an easy platform to use, and it is simple to upscale and learn, so the team loves using it.

We are a partner and reseller of this vendor, so we have a business relationship with them beyond just being a customer.

From a pricing perspective, it is not that bad because we get it from a distributor and do not purchase it directly from Splunk. We get it from a distributor who gives the pricing to a partner and who then gives it to us. The pricing could be lowered because it is quite expensive.

Before choosing Splunk ITSI (IT Service Intelligence), I evaluated IBM Instana and one more solution from Forcepoint.

Splunk ITSI (IT Service Intelligence) is a great tool. My advice to others looking into using Splunk ITSI (IT Service Intelligence) is that it is a great tool to use, and you should get resources who can handle the product. I would rate this product 9 out of 10.

I have experience utilizing Splunk ITSI in financial institutions and federal government settings. As a Splunk administrator at a bank, I focus on the platform's administration and development aspects. We are migrating from an on-premises environment to the cloud, leveraging Splunk ITSI to provide a unified view of the client's infrastructure. Through ITSI-generated reports, we are developing a strategic roadmap to guide our clients' IT journey.

End-to-end visibility simplifies our configurations by allowing us to index or search at the cluster level. We can utilize multiple indexers or split the workload as needed. For instance, long-running queries exceeding 15 minutes can be removed from the main list, improving efficiency for other users.

Splunk ITSI is a powerful tool for predictive data analysis. When we create and test KPIs within ITSI, it becomes significantly easier to set targets. For instance, if a system's memory capacity is 100 GB and usage consistently approaches or exceeds 80 to 90 percent, ITSI can generate alerts, visualize in a dashboard, and send notifications to the team. This proactive monitoring prevents potential issues. Similarly, ITSI can identify performance bottlenecks in search queries, allowing workload distribution to optimize system efficiency. The entire environment becomes transparent, simplifying tasks for developers and users alike. Regarding user criteria, ITSI offers a tree diagram visualization to easily understand data distribution across indexes, source types, business units, states, and communities with a single click.

Splunk ITSI enables us to allocate resources more precisely to meet demand. Its unified view provides full information in one location, allowing me to monitor index CPU and memory usage, injection rates, and individual user data. While gathering this information might take around ten minutes, the streamlined process significantly simplifies my work.

Splunk has significantly streamlined our incident management process. Its ability to analyze usage, memory consumption, and other environmental factors makes it superior to other tools, allowing us to delve deeper into complex issues. Regardless of length, we can effortlessly examine any log and pinpoint the exact cause of problems, such as UI errors or system failures. We can quickly identify code changes, root causes, and error origins by simply writing a query, providing invaluable insights that accelerate problem resolution and enhance overall system reliability.

It has been instrumental in reducing the overall volume of incidents by automatically triggering alerts when potential issues are detected before they escalate into full-blown incidents. This proactive approach simplifies data analysis and enables us to identify and rectify errors before they impact our systems. Consequently, we can more confidently implement changes or updates without fear of unforeseen complications, as ITSI helps us prevent errors from occurring in the first place.

Splunk ITSI has helped reduce our alert noise by ten percent and improved the mean time to detect down to ten minutes.

Our mean time to remediate is less than one hour when using Splunk ITSI.

We've implemented automation using Splunk, replacing multiple tools previously used for backend testing. We integrated Splunk with ServiceNow to automatically send alerts to the team whenever issues arise. This eliminates the need for manual ticket creation and assignment, streamlines the process, and ensures timely responses, saving us around ten hours weekly.

Splunk has helped us significantly reduce downtime, manpower costs, and the penalties for missing service level agreements. Previously, we relied on two to three people, primarily from the testing team, to manage these issues. By implementing Splunk, we've decreased staffing needs while improving workflow efficiency and reducing overall costs.

Splunk impressed me because it can monitor and modify live data flexibly, generating live data, reports, alerts, or dashboards as needed. Its single-pane-of-glass view provides a full overview of the entire environment, and its easy ingestion of diverse data sources, such as databases, AWS, or any cloud platform, is remarkable. Additionally, Splunk's intuitive interface and scalability make it accessible to non-technical users, and its capacity to monitor every millisecond of data across multiple applications is truly impressive.

Some developers struggle to write accurate queries, often inputting incorrect text or using asterisks in the source or index, which can significantly degrade search performance and overwhelm the queues. To prevent this, I suggest implementing a system that warns users about incorrect syntax or automatically corrects errors, particularly for complex queries like regular expressions. While Splunk has existing add-ons, they are unreliable and do not provide accurate results. Improving query autocorrection and regular expression handling would be beneficial.

I have been using Splunk ITSI for eight years.

I have frequently observed Splunk ITSI experiencing lagging and crashing issues. As a result, several customers have transitioned from Splunk to Elk and other alternatives.

I would rate the scalability of Splunk ITSI eight out of ten.

The response time and quality of technical support vary between P1 and P2 levels. For instance, our dashboard, containing 120 panels, experiences significant lag. When reported, support prioritizes issues differently; dashboard loading, while crucial for customer interaction and satisfaction, is deemed less important to them. This discrepancy in perspective leads to delayed responses, impacting our ability to provide a seamless customer experience.

Neutral

We utilized Kibana, Elk, Cribl, and Tableau for our analysis. Elk, in particular, excelled in certain areas compared to other tools. Our business team previously compared Elk and Splunk, finding Elk to be faster. I observed that Splunk typically had a higher user count, while Elk's user base was smaller. This difference and the reduced search and checking workload in Elk compared to Splunk influenced our decision. Some customers migrated applications to Elk due to its accurate log-checking capabilities despite encountering minor challenges.

Initial Splunk ITSI deployment is straightforward, especially if you are familiar with Linux-based unzip commands. With all prerequisites, a single knowledgeable person can typically complete the process within 40 minutes.

I would rate Splunk ITSI eight out of ten.

I suggest using Splunk because the live data is good. The market is constantly evolving, with new applications and alternatives emerging yearly. Splunk offers a full suite of tools and add-ons that can match or exceed the capabilities of these alternatives at a similar cost. Although Splunk may be more expensive, it provides a robust cloud-based solution and can significantly simplify data management and analysis tasks, ultimately improving efficiency.

End users do not need to perform maintenance; however, as administrators, we are responsible for monitoring the environment for updates and changes.

Users familiar with Splunk's flexibility and features will more easily experiment and envision how the solution can best fit their organization's needs.

We use ITSI in the health industry. In the UK, the NHS currently uses ITSI as one of its monitoring sources of information. In ITSI, service components are based around each area of the NHS. For any solutions that have been digitally transformed and require monitoring related to our vaccination campaigns, the logs are ingested through Splunk and monitored through ITSI.

We realized ITSI's benefits immediately after it was deployed. When the COVID pandemic broke out, it kicked off a lot of crazy stuff within the UK. Having a powerful tool to aggregate data and allow real-time monitoring helped our campaign.

ITSI can help us right-size resources, but it depends on how you do things. We have a culture, and Splunk told us not to do this because they have different methods and stuff. In ITSM, you skim what you need at the source and then push that into Splunk. Having that as the centralized logging analytic is great for that, especially when so many things are tied to ingestion, storage, etc. However, for what we do, it leaves much to be desired. You're talking about an enterprise solution on the scale of the NHS with multiple people, contractors, and all these moving parts. Some services do it well where they only send in what you need. Some services just dump everything. You've got a load of load of logs. We can right size appropriately, but it's just yeah. For us, it's it's not really done now as well, I think.

ITSI has helped us streamline our incident management. We have a 24/7 service team working around the clock, responding to alerts that Splunk produces. It's linked to ServiceNow, our service management tool. When the team inputs all the information from Splunk into these tickets, they're raised in ServiceNow. Previously, we used software called Cherwell that looked horrendous. This helps bring the package together.

We've reduced our alerts, but it requires a conscious effort to configure them. That depends on how you use the platform. It goes back to getting the right metrics out of the logs that you're producing. The tool itself is powerful, but if you don't use it properly, things can be a bit noisy, and this is quite noisy, whereas that's down to our configuration sometimes.

Reducing alert noise also takes some tweaking. You've got KPIs and correlation searches that are great for real-time monitoring, but if you set them up immediately, you will get a lot of noise anyway. It depends on how you configure it. They have a couple of tools in the forwarders to say you're only ingesting alert logs or error logs, so you pick up on whatever those error logs would trigger.

It would help to give you accuracy in your ITSI alert noise. However, it might get a bit noisy if you've got more than that and they're not configured into the perfect use case you need. Overall, it's been a conscious effort to ensure we've got our stuff configured right.

It has reduced our mean detection time. For Microsoft/CloudStrike stuff, we can have an SLA as short as three minutes. The feeds are coming in quickly, so our detection time is between three and 10 minutes. For major outages, an SLA of a few minutes is good, especially when it's not a cyber-level threat. 

The resolution time is determined by how quickly we can pass the detection along to the IT team and triage the logs to determine the issue. We've had quite quick resolutions because everything's partitioned in a way where it is specifically service-bound. You can look through the data and specific areas. You can optimize these things.  The search system in Splunk is powerful and helps speed up resolutions. 

ITSI helps to automate routine tasks. That's what the safe searches are for. It's a complete package with Splunk Cloud and ITSI for deeper drill-downs, but not everyone can access the ITSI dashboard all day. Automation helps us get these alert structures, especially at night. When you've got a file that's meant to come in at 3 a.m., you don't need someone waiting around to look at that. 

This is what those alerts and automation are for. You can put custom wrappers around stuff. It's a custom output. However, Splunk is trying to make something more standardized at the moment. It saves our IT services multiple hours a week because you don't have to do tasks or sit and look through dashboards to ensure everything is all right. These constant checks every five minutes add up over the week, so that equals tens of hours a week for a lot of different services.

ITSI's KPI and correlation search aspects are powerful, and the service creation suits the project well. It allows for good segregation of the monitoring solution and up-to-date quick-time monitoring. We're notified quickly when something goes wrong.

The end-to-end visibility is excellent. A lot of the information we get is from the cloud, and the data pipelines we introduce have a clear log trail, so it's easy to pinpoint where it goes wrong. 

The UI could be updated. Some elements of the KPI section aren't where you'd expect. It looks like a website from 2010 or maybe older. You can't change some things, like if it doesn't word-wrap well. For example, if you have a long list of KPIs that exceed a character limit, you need to hover over them and wait for the HTML text to pop up to see which KPI it is.

Packaging synthetic monitoring in ITSI would be good. I'd also like a complete package for doing health checks. It would also be nice if Splunk standardized the add-ons. Splunk relies on these add-ons that users build. It's like the App Store. People put time and effort into these custom things, and if they get big enough, Splunk will purchase them and take them over. 

For example, we have a custom Slack output. It'd be good if they put some effort into stuff like that because it's useful. Instead, we're putting custom wrappers around stuff, but why isn't this a thing produced by this massive platform that costs so much? They recently partnered with Cisco and don't have any plans to improve ITSI in that area. It feels like they could do more.

I have used Splunk ITSI for two and a half years.

Splunk ITSI is generally stable. It's the system that has problems. When we have problems, we escalate them to a higher authority, who sorts everything out. We've only experienced two big glitches with the product and indexes not performing as they need to be. 

ITSI is quite scalable. When we have problems, we can discuss them with our Splunk case manager at biweekly meetings. We might need to add some more indexing capability. With the team's support, it's easy to add new indexes and scale up.

I rate Splunk support five out of 10. The support quality leaves much to be desired because ITSI support can be outsourced. If you're dealing with regulations that limit data access to people and entities within the country, outsourced support can cause problems. We've had a couple of calls outsourced to India, and they couldn't access the data because they weren't in the UK.  

When we've received local support from professional services, they've been helpful. Also, sometimes, we've asked a few questions and it didn't feel like we got a real answer or the answer was that we essentially had to solve the issue ourselves. 

Neutral

I've used New Relic and Dynatrace. They have good visualizations and use similar processing languages. However, you can get locked into Splunk because other competitors aren't as powerful. Though Splunk is expensive, it's a powerful platform. 

Splunk ITSI is an expensive solution. Splunk probably doesn't save us money because it's one of the most expensive monitoring solutions on the market. This isn't a tool to save money. You purchase this to improve the efficacy of your service department. This is especially true now that Cisco has acquired them. Cisco is notorious for its high prices.

There's another called LogicMonitor that has better metrics and observability, but we found that it lacks as much power as Splunk. We're heavily in favor of Splunk.

I rate Splunk ITSI nine out of 10 and would recommend it, depending on the use case. If someone wants to switch, it comes down to a financial decision. You need to compare your current platform's capabilities to what Splunk can offer you. If it's a perfect match, then I would say go for it. 

Sometimes, there's a steep learning curve, but you get out of it what you put into it. The visualizations are great, and the ITSI search function enables you to narrow down log analytics well.