Splunk ITSI (IT Service Intelligence) Reviews

I work for a consulting company that contracts with an organization to provide operation center services. We use Splunk ITSI as one of our key centralized monitoring tools for the organization. Our goal is to collect data from both the organization's centralized database, Spine, and their cloud platforms, such as AWS and Azure, and send it to Splunk for monitoring. Splunk then creates reports, alerts, and dashboards that we use to visualize the data and make the most of it.

ITSI has many benefits, but its visualization for monitoring is particularly great. We have been able to identify notable events that have occurred, track them back through history, and see what data is available for a long period of time. One of the best reasons we use ITSI is because of its indexing system. We can collect data from various sources in different formats and then operate on that data, even though we have different data from AWS and Azure. Splunk does a good job of ensuring that the data is compatible with different reporting methods.

Splunk ITSI has helped us streamline our incident management process. We have a custom configuration that outputs some alerts to Slack and others to email. We package only alerts and episodes, and when an alert is triggered, an email is sent and a ServiceNow incident is raised. This has significantly streamlined our analysis process.

Splunk ITSI helped reduce our mean time to detect by ten percent.

Splunk ITSI is similar to Splunk Cloud, but it includes some additional features that are specifically useful for IT service management.

We still get the standard package with ITSI, including alerts, reports, and dashboards. However, ITSI also includes a feature called alerts and episodes, which is similar to an ITSM tool. This feature allows us to bring our searches to life and create service trees that focus on business context.

For example, if we create multiple services, we can arrange them in a tree structure. ITSI then uses a traffic light system to indicate the health of each service and its dependencies. This allows us to see the overall health of our IT environment at a glance.

ITSI also includes a powerful KPI system that allows us to create complex saved searches that power multiple different areas of our dashboard. This is very useful for tracking key performance indicators and identifying potential problems early on.

Finally, ITSI includes a feature called a glass table. This feature allows us to create visually appealing dashboards that display our KPIs and other data in a clear and concise way.

One issue we have with Splunk Cloud is that the service team is sometimes not very helpful. This is because the team is outsourced, and they often cannot provide us with the information we need. This is a major complaint of mine, and it is unacceptable given the large amount of money we pay for the service. Splunk Cloud outsources its support team, and the people who are supposed to be helping us are not very knowledgeable. They often give us unhelpful or incorrect answers.

The UI needs improvement. With real-time monitoring, we can have a service structure, but we cannot easily adjust the graphical interface. For example, if we have a long name or a 2005 feature, we cannot easily move it slightly to the right on the web page. This can be a real pain.

Our large-scale system is noisy, making it difficult to pinpoint the exact cause. This is a trade-off for using Splunk as a central monitoring tool, as we cannot give everyone access to everyone else's AWS environment. We are investigating ways to reduce the noise, but I am not sure if it is a specific ITSI problem.

Quality-of-life features have room for improvement. The search function and other features are fine, but there are a few UI changes I would make. For example, I would like to be able to extend the graphical user interface so that we can see the full name by moving the window around. It is currently difficult to work with. 

We can create a correlation search, but when we save the page, it redirects us to the search system. We should be able to save the page and stay on the page, which is a bit annoying.

We have a lookup file, but it doesn't work very well. In fact, it doesn't work at all. I hope Splunk fixes this at some point. When we make a change, it completely wipes out the change. It also says to type in the search bar, click on what we need, and if we make a slight adjustment, it will completely wipe out the search bar and we have to start over. This is very annoying.

I have been using Splunk ITSI for two years.

Splunk ITSI is stable. Resilience is essential for our organization. We need it to be active all the time. It is incredibly important because some of our services are platinum-level. If anything goes wrong, we want to know about it instantly. It is very important that ITSI is stable and works as expected, which it does. We have not had too many problems where things have gone wrong. Most likely, these problems have been configuration issues, rather than our availability going down and us being unable to access Splunk. Splunk is up all the time and rarely goes down.

Splunk ITSI is scalable, and scaling is a primary feature of cloud products. With an enterprise license, we can scale as much as we need. However, scalability also depends on our hardware. If we purchase good hardware to run Splunk on, we should be able to scale easily by creating shared clusters, index clusters, and other types of clusters, and pairing them together.

Splunk's technical support is not very good. They outsource their support, and the outsourced support team is not very knowledgeable. I believe that in-house technical support would be better.

Neutral

The organization was using Splunk Enterprise which is similar to ITSI.

Splunk ITSI is expensive. We pay for the package once the sales team has priced all of our data and other relevant factors. We don't incur any further costs if we pay for a package. On its own, Splunk ITSI can be quite expensive, which is what scares many customers away. If a customer has the budget to use Splunk ITSI, then it is an excellent choice. It is one of those products where we may need to start weighing up different solutions. Splunk was recently sold to Cisco, and it could become the centralized monitoring tool for the organization for x, y, and z. I believe that our package is one of the lowest priced in the UK, even though we are squeezing as much value as possible out of the service. I would say that we should prioritize longevity over making an extra million pounds or so because that will come with time. However, I don't think that everyone sees it that way.

I would rate Splunk ITSI eight out of ten.

The visibility is good, but the issue we are interested in is split into different factions in some parts. Currently, we are not using ITSI to its full potential. The organization is enterprise-scale, which is huge. It is therefore very difficult to implement some of the ITSI best practices because we have so many different areas, each doing things differently. Standardization is difficult to achieve because everything is so massive. We could better use ITSI to its full capacity, but that is on us. However, I think it would work much better if it were a bit smaller in scale.

Cost is definitely a concern. Splunk can be quite expensive, especially if we are tied into a contract. However, it offers more features and capabilities than other solutions. I don't have a lot of experience with Splunk, but the way it aggregates data is very good. It can also parse and strap data, and search and operate on the data that is sent in. This is also very good. I suggest cleaning up the data before sending it to Splunk. This will make it easier to get real-time monitoring of the data needed. We pay for ingestion and storage, so it makes sense to only send in the data that we need. Splunk is a very good tool to use for building and operating real-time analytics dashboards. It has very good visualization, data separation, and real-time analytics capabilities. It can also create very complex queries that can do a lot.

We have over 50 users spread across the organization, and we implement around 100 or more services. Each service may have a tech lead in x and y and an architect in z. Therefore, Splunk ITSI reaches out to many different people in those departments.

Splunk Cloud takes care of all the maintenance. We simply open a case and they implement any new version as needed.

I have used Splunk ITSI to build a lot of glass tables and set up thresholds. We have also used MLTK for machine learning, predictive analytics, and anomaly detection. We use MLTK, which is an external application. We can get notified of issues well before the time to take proactive action.

We use core Splunk and Splunk IT Service Intelligence. It is a multisided cluster environment. Whenever the customer wants glass tables, notable events, or to set up some alert notifications, the product has helped our organization. We can set up our own threshold activities. We can also add ad-hoc searches in the solution. We can get the data of the indexes and alerts tracking by writing a search query.

The glass tables are very helpful. The solution also provides topologies showing exceptions or criticalities whenever something goes down. It is very helpful for customers. The notable events, glass tables, and setting up thresholds are the most valuable features of the solution.

Every customer has a different need and their own customized threshold settings. Some customers need 99% as critical, and some need 80%. We can set the customized thresholds in the product and get the alerts.

If the product had some prebuilt machine learning features, it would add value to our use cases. It would be very good if the product had some in-built predictive analytics and future forecasting features.

I have been using Splunk for almost four years.

The support depends on the licensing we use. There are different licenses available based on the volume and vCPUs. We use the license based on vCPU. It depends on how many virtual CPUs we use. It would be good if Splunk could give on-demand support.

Whenever we raise a support case, the support team follows the SLA and gives us a response. Sometimes, companies will also have on-demand support based on the support credits. Companies generally expect support persons and engineers to join the Zoom sessions when P1 and P2 issues arise. The support team takes a long time to join the meetings at such times. If we can have an engineer join the Zoom sessions right away, it would be helpful for the customers. The support team needs to respond quickly to P2 issues.

We had a P3-level case with a severity level of S2. It was a corrupt bucket issue. The case was in open status for six months. Generally, we don't need six months to fix a corrupt bucket issue. If the support case had been escalated to a higher-level engineer with advanced knowledge in debugging the issues, it would have been easier and would have taken less time.

Neutral

We have been using Enterprise Security. It is for intrusion detection and threat intelligence. It helps our enterprise security team to find vulnerabilities and take proactive actions. We started using Splunk IT Service Intelligence because it gives us some good topology if we build glass tables based on our data. The product provides us with service intelligence.

The deployment process is straightforward. It is the same as core Splunk. The solution uses summary indexing, itsi_tracked_alerts, and itsi_summary_metrics indexes. We must ensure these indexes are available and have a good retention policy.

Our customers have seen improvements in resilience and cost.

It would have been good if the product cost was much lower.

We chose Splunk over other vendors because it is much more reliable. We have done a POC to test how well the tool can help the customers and provide good value to their business. We have used other products like Elasticsearch and Cribl. However, we feel that Splunk is better. Log monitoring is very important to customers. Other log monitoring tools are not user-friendly and flexible. It is also not easy to write search queries on them. However, it is easy to write search queries on Splunk. It also has bucket lifecycles. It is easier to have a centralized repository to maintain and use the data.

Our clients monitor multiple cloud environments. We get data from different third-party clouds like Google Cloud, Microsoft Azure, or AWS. Sometimes, we also use Snowflake. Customers mostly try to build out their own dashboards and knowledge objects. They use Splunk IT Service Intelligence to be notified about any exceptions or critical issues. 

We cannot integrate the product directly with the cloud applications. First, we have to integrate our core Splunk with different clouds. We must first integrate add-ons using Splunkbase, a REST API mechanism, or an HTTP Event Collector (HEC) mechanism into core Splunk. Then, we can use the same ad-hoc search in Splunk IT Service Intelligence to get proper glass tables and results. It's easy to monitor multiple cloud environments using the solution, but we could directly integrate with it if it had the right integration features.

It is important for our organization that the solution has end-to-end visibility into our cloud-native environment. In today's world, most data goes into the cloud. Every organization wants to move the data to the cloud so that it would be more reliable and they can get the data easily. It's less cost-effective as well. So, most organizations are going to the cloud. It's really beneficial and important to the customers because they can easily get the data from the cloud and perform cost optimizations. Managing cloud-native environments with the solution is cost-effective.

The product has definitely helped reduce our mean time to resolve by 70%. If it has built-in machine learning or artificial intelligence techniques, it will be helpful to reduce the remaining 30%.

The tool has helped improve our customer's business resilience. Different SIEM applications and tools are available for enterprise security in today's world. Splunk's next version will have enhanced SOAR features. It will be useful if the product has additional features to help customers and organizations.

We used the MLTK app from Splunkbase and deployed it in Splunk IT Service Intelligence. It helped us to do predictive analysis, forecasting, and anomaly detection. It helped us gain some insights. I rate the tool's ability to provide business resilience a seven out of ten.

If we have a Splunk add-on for Unix and Windows, we can use those add-ons in our core Splunk to get the base monitoring, like OS metrics. For these things, Splunk has PowerShell scripts. It runs every five minutes. So, it is not in real-time. Every organization would need real-time monitoring. The product should provide these features in real time. For OS metrics, we use custom thresholds.

Our customers see time to value within seven days. We implement Splunk with minimal architecture, like two deployment servers, two heavy forwarders, four indexes, and three searchers. We initially had the search factor as two and the replication factor as two. We had very little data initially. We tested in our lower environment with the POC and found the data the customers wanted to see in Splunk. It was helpful for the customers. They can find the exceptions, write their own search queries, and build their own knowledge objects.

We get different types of security management tools in the market, like Enterprise Security, SOAR, and Phantom. The product brings a lot of value to the customers. It gives a lot of insights into notable events and predictive analysis. It also has a good dashboard. I expect the solution to provide enhanced features in the upcoming release.

Attending Splunk conferences provides us with an opportunity to interact and get more details on the products from different vendors. More than 1,000 vendors attend the conferences. The more we interact with the vendors, the more insights we get from them. It is also helpful to build relationships with the vendor.

Overall, I rate the tool an eight out of ten.

We have a couple of different use cases including incident management, correlation, and mapping out incidents.

Having a structure on how to resolve incidents is the most valuable aspect.

It is pretty important to us that it offers end-to-end visibility. That's how we do the ITSI incident setup. It needs to have an overview.

It has helped improve the business' resilience. Splunk's ability to predict, identify and solve problems in real-time is pretty good. I've been a Splunk customer for almost six years.

The time it takes to pinpoint an issue, from when it's triggered to resolution is where I've seen the most value out of Splunk.

We have seen time to value using ITSI. It took a few months to see this value. 

They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve.

I have been using Splunk ITSI for one year.

The product is pretty stable.

We had a support person who was instrumental in getting it set up.

I would rate support an eight out of ten. It's nice to have the help but we'd also like to be independent and that's taking a bit of time to get onboarded. 

The initial setup is easy. We had someone come in. It took around a month or so and he's still with us helping to implement.

Overall, I rate the solution a seven out of ten. I'm getting up to speed with it. 

It has enabled effective monitoring, allowing for a comprehensive view of the growing complexity within the IT infrastructure.

The enhancement to our organization stems from its ability to consistently run rules, actively identifying significant events. This involves an ongoing process of aggregating and configuring notable events into a coherent resource. Additionally, the container version automates website functionalities, including tasks like email reception, providing a heightened level of control.

It has proven highly effective in real-time monitoring of service assistance and KPIs. There has been a noticeable enhancement in automated event clustering. Additionally, the platform facilitates comprehensive analysis for proactive incident prevention.

The end-to-end visibility provided into our network environment is a potent tool for real-time monitoring. It significantly contributes to the monitoring and analysis of complex multi-cloud IT solutions, playing a pivotal role in ensuring efficiency.

Leveraging predictive analytics to proactively prevent incidents before they manifest empowers operations to establish effective management and automation of information related to business processes.

It aids in minimizing alert noise, proving highly effective in incident management. Furthermore, it facilitates root cause analysis.

The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes. It promptly raises a red flag, signaling an effective early warning system.

The resilience it provides is invaluable. It ensures continuous application of rules, specifically for identifying notable events, and utilizes revision policies to configure hardware solutions into edge servers. This is essential for my operations to seamlessly proceed.

It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs.

I have been using it for one year.

It provides good scalability. Approximately, a hundred users use it effectively.

I would rate the customer service and support eight out of ten.

Positive

The initial setup was straightforward.

The installation involves developing a strategy to comprehend the essential services for proper monitoring. Additionally, it entails determining the specific type of intelligent alerts, clusters, and dashboards needed for effective planning. It was done in-house by one individual.

The implementation of this solution quickly demonstrated its value.
It resulted in a time reduction of six hours through its implementation.

It contributed to a six-hour reduction in the meantime to detect incidents.

It assisted in decreasing the mean time to resolve by four hours.

Choosing IT Service Intelligence (ITSI) over other vendors is a superior option now, as it operates on a data platform capable of efficiently collecting and managing large volumes of machine-generated data. It would greatly support the utilization of proper predictive analytics due to the capability to preemptively prevent incidents ten to twenty minutes in advance. Overall, I would rate it eight out of ten.

We use the solution for event management, observability, application management, application performance management, anomaly detection, problem detection, and creating different rules for the anomalies for different events. It's application performance monitoring. The entire area of service is managed by ITSI, and offers automated detection and everything.

The root cause analysis is very helpful for us. 

There's one feature which is a prediction and detection feature that we have gone through. We are not thoroughly using it. However, for us, I would say that root cause analysis, problem detection, and anomaly detection are the most helpful features.

The end-to-end visibility of IT assigned to our network environment is great. The endpoint visibility is definitely helpful, and that is mainly for the application team. We can take a deep dive into the incident. In the everyday work that we do, we don't really use endpoint visibility since that is not required if we look at normal and general use cases. That said, when it comes to an incident during an outage, end-to-end visibility helps us deep dive or drill down to find out the root cause and how to make the platform better for the future.

The product has helped to streamline our incident management with end-to-end visibility. It helps in streamlining the incidents that are coming in. For example, for the authentication service that we have, users for certain regions are not able to authenticate completely. That likely means there's an issue with that region. That is an incident. In that case, I would look at endpoint visibility from the infrastructure to the end of the service call, including all the scans, tracing, and everything. Looking at it helps provide a resolution.

Our alert noise has been reduced.

Our main time to detect has been reduced as well. Previously, we used to take a lot of time getting to the root cause of what happened. We've been able to resolve this quicker, and our main time to detect has been drastically reduced. 

In addition, we've been able to reduce the time to resolve.

Predictive analytics, in terms of preventing incidents before they occur, still needs time to mature. I am not very, I would say, convinced of the prediction feature's capabilities.

It does not have a release comparison on the server comparison feature. For example, if you have an application, and you introduce a new feature, and you're going to deploy it, then the release comparisons should show automatically or generate a report to show the impact of the feature on the overall application. It should show what you can do to optimize it. 

I've used the solution for around five years.

The stability has been good. 

The solution is highly scalable and flexible. 

I've contacted support multiple times. Their service is average. They are not very quick. 

Neutral

I've used a few different solutions, like Dynatrace and Datadog. I've used Elasticsearch and Moogsoft as well.

Dynatrace is an overall package. I'd choose it over ITSI. Splunk is never a package. It does not provide application performance monitoring. Dynatrace is a full-fledged APM tool that includes infrastructure, APM, synthetic monitoring, and user monitoring alongside AI ops, which are very strong. It's a mature platform.

I was involved in the initial setup. It's a very straightforward process. Deploying the platform takes a couple of hours at a maximum. The configuration is more subjective in terms of how long it takes. For example, how many applications do you have? How many environments? We have three environments in the US, and with approvals, it took us around 20 days.

It's a SaaS solution and does not require maintenance. It's a one-click upgrade if you want to upgrade anything. 

Once you buy a license, Splunk is involved and can help with the deployment. They have three or four free consulting sessions initially. They are very involved in the pilot phase. post-pilot, you have regular support. 

The product is expensive. It's one of the most expensive options, although maybe not as expensive as Datadog.

We might be partners with Splunk. 

It's readily available. You don't have to wait very long to witness the benefits of the solution. 

I'd rate the solution seven out of ten. 

If you are looking for an AI solution alongside APM, use a platform with everything in place. However, if you still want to go for a dedicated AIS platform, make sure it integrates with your existing logging and APM tools. However, my position is that it's better to use one platform for the entire opportunity.

We use Splunk ITSI for better CMDB management and control of all infrastructure devices.

We had many old devices and legacy systems, and architects used to configure them as they saw fit. To streamline and standardize our operations, we had to rely on Splunk. Splunk invented device discovery, which allowed us to learn what devices are on the network, what type they are, and how to classify them. Splunk ITSI has been very helpful to us.

We deployed Splunk ITSI on-premises, and it can also be deployed in the cloud.

Splunk ITSI helps the advisory board's cab team increase efficiency by instilling trust in systems over manual administrators. Splunk ITSI also provides a central source for the documentation of our application dependencies.

Splunk ITSI provides end-to-end visibility into our network environment, which reduces the manual effort required to capture configuration data and helps us identify weaknesses in our network.

Once we have implemented the CMDB to meet our requirements, Splunk ITSI's predictive analytics can identify any devices that will be affected by planned changes and provide us with that information. This will allow us to prioritize incidents based on their criticality and notify stakeholders accordingly.

Splunk ITSI has helped our organization in many ways. It has centralized all resources for administrators and service personnel. Architects can plan better using the environmental details provided by ITSI. The CAB team can provide approvals quickly because the information is easily accessible. Splunk ITSI is reliable, and its AI-driven predictive analytics help identify potential component or device failures.

Splunk ITSI streamlined our incident management by allowing Splunk administrators to easily see all incident details and cascade them down to relevant stakeholders and customers. This enabled us to inform the service desk team so they could better prepare responses to end-user queries. We can also easily identify and address infrastructure challenges affecting specific companies.

It helps reduce our alert noise by a minimum of ten percent and it can go significantly more. We categorize and close alerts directly through ServiceNow after integrating our account. This automated process frees up our admins' time to focus on more important tasks.

Splunk ITSI has reduced our MTTD by over ten percent. We can meet our SLAs with Splunk ITSI 99.8 percent of the time. It has also reduced our MTTR by five to ten percent each quarter. We can resolve almost 90 percent of our tickets.

With Splunk ITSI, we can optimize business processes and systems. ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use. This also enables proactive responses to trends and events, as events are already segregated based on how they have been mapped.

Splunk ITSI consumes a lot of CPU resources. I would like a more lightweight solution in terms of resource consumption.

The price has room for improvement.

I have been using Splunk ITSI for five years.

Splunk ITSI is stable.

Resilience is valuable because it functions perfectly, helping to reduce risk and assist our admins and architects.

Splunk ITSI is scalable.

We previously used our internal CMDB solution, which was not streamlined and depended on a few key architects. We wanted more control and better governance, so we switched to Splunk ITSI.

The difficulty level of the deployment depends on the knowledge of those doing the implementation. A person with moderate knowledge will require some time to do all the configurations.

Our deployment took around four to six weeks to complete.

I have seen ROI from Splunk ITSI of close to 30 percent at both my current and previous organizations. The returns have been presented to leadership.

The cost of the modules is a bit high for non-global companies, making it difficult for them to afford Splunk ITSI.

I would rate Splunk ITSI eight out of ten.

Splunk ITSI is the best application performance monitoring tool because it helps administrators do their jobs better, has more computing power, and allows staff to focus on governance and automation.

Organizations may benefit from considering a point monitoring system instead of Splunk ITSI, depending on their environment.

We achieved time to value with Splunk ITSI within the first four to six weeks of deployment.

Splunk ITSI is deployed across multiple departments in our organization and there are 20 users.

Maintenance is required for updates.

I recommend Splunk ITSI. The solution can discover all types of devices in our environment.

We use the solution to monitor our own internal applications. We monitor analogs and various other DB Connect sources.

The tool has replaced some other products in our organization. It’s coming in very handy.

Alerts and episodes are valuable to me. These features put all notable events together and give us an opportunity to take action.

We can take actions based on NEAPs, like emails and service now tickets. It is pretty basic at the moment. The solution should integrate more features in NEAP.

I have been using the solution for about a year.

The solution is pretty stable.

The product is extremely scalable.

I work with a lot of Splunk’s support people. I like them. They're all good.

Positive

We were using a software called Genius. We use Splunk IT Service Intelligence now, and it's more cost-effective overall.

I have been maintaining the solution. The product is straightforward to maintain. We just need to follow the best practices, and it works. We have a lot of users, so it's difficult controlling what the users do in the environment.

The tool is a centralized place to collect all our data and compute against it. It has the potential for an ROI.

Pricing has some room for improvement.

We evaluated other options, but Splunk seemed to be the best. It is the industry leader, so it was a no-brainer.

We have an on-prem instance. Everything's pretty much on-prem. We work with cloud logs. Monitoring multiple cloud environments using the solution is pretty straightforward and easy. It is extremely important to us that the solution has end-to-end visibility into our cloud-native environment.

The solution has helped reduce our mean time to resolve. The product has helped improve our organization’s business resilience. Its ability to predict, identify, and solve problems in real-time is pretty good as long as the source is good and we use it well.

The tool’s ability to provide business resilience by empowering staff is alright. We have experienced cost efficiencies by switching to Splunk IT Service Intelligence. I know it used to be ingestion, and now it's like a CPU. It's always evolving. I was not involved in the initial setup. The solution still has some room for improvement.

Overall, I rate the product a six or seven out of ten.

We use Splunk ITSI for IT monitoring. It helps us monitor all our servers for things like CPU utilization and other performance metrics. We can integrate complex architectures with the service and connect the core to multiple data sources. Our customers' environments vary. In the last project, they had around eight departments and 75 employees, so I needed a web server for each department.

Before we shifted our customers to Splunk ITSI, they had issues getting insights in some circumstances. Now they have complete visibility from one dashboard. It helps them monitor and develop a proactive response to address the problems before they cause trouble. 

One issue we faced before implementing Splunk was that our customers couldn't predict how long it would take to reach their storage limit. Now we can categorize issues according to severity. 

Splunk ITSI has enabled us to streamline incident management by adopting aggregated policies. Instead of getting rid of incidents, we are placing these into several groups and removing the duplicates to see some insights based on previous incidents. 

We've been able to reduce alert noise using policies. By grouping the policies, we're able to avoid redundant alerts. When we used the other solution, we would sometimes get repeated warnings, but we eliminated that by implementing aggregate policies.

From IPSI, we can see the metrics and drill down. We can build a tool to check the metrics based on severity. Instead of taking every event's logs, we are directly getting the root cause of the issue. From there, we can see that it obviously reduces the rest of the time.

The solution has reduced our mean time to resolve issues. Before implementing it, we typically needed around six to eight hours to close a ticket. When we had an alert, we had to review all the native logs to find the correct server. With ITSI, I can see a score that tells me about potential issues before they arise. I can see if there is a critical problem with a server or application based on the data flows and resolve it. 

I like ITSI's service analyzer. We can integrate and group the service, then create multiple KPIs in the service analyzer we can monitor. We can use multiple connectors to get end-to-end network visibility. Many organizations prefer appliances, and we can completely integrate the appliance with the source to gain complex insights throughout the network.  

We are getting real-time insights from the service and the vendor and doing some projects using security analytics to check the path. We can monitor the behavior of an appliance or the organization and how they are using it. For example, you might see high usage on specific days and low usage on weekends. If we can identify patterns from this, it can help us predict the future.

We're using predictive analytics, and there are three or four algorithms. It would be helpful if this process were more standardized and scalable. 

I have used Splunk ITSI for nearly a year. 

Splunk ITSI is stable. The latest version is more stable than the previous one. 

Splunk ITSI is scalable. We can compare multiple APIs and services, so everything is organized and manageable. We can drill down to the bottom of all the logs on events.

I rate Splunk technical support a nine out of ten. If we work with cloud architecture, we usually need some help from Splunk, so we often need to contact support and ask for changes. We prepare the case, have a conversation with them, and get it done.

Positive

We were using service providers, but we had a log management solution and some other open source tools. We relied on custom builds of open source solutions. 

Splunk ITSI can be deployed in the cloud or on-prem depending on the customer's requirements. For example, if someone is running this in a closed environment, we can go with the on-prem deployment. Otherwise, customers will mostly go for a cloud deployment. We use AWS.

When I started the training, it seemed somewhat complicated, but once you learn a bit, it becomes straightforward. It isn't terribly complex. The deployment strategy depends on the scope of the project, such as whether you have a cluster or a distributed environment. 

You can deploy it with a team of three or four. Someone needs to take care of the prerequisites like clustering and another person might take care of the integration. Another will configure the dashboards. The process takes about five days.

We save substantial time on monitoring tasks because we don't have to search for what we need. Everything is packed, so you can drill down to the end values by just doing the kit. We don't spend a lot of time on this. Splunk ITSI is easy to use and not time-consuming.

The time to value is fast. The implementation takes time, but the customer can see value immediately once everything is configured, permissions are set, and we're ready to move. 

I rate Splunk ITSI a 10 out of 10. We need our website up 24/7, or we'll lose business. Every minute that it's down we lose money. I would recommend this to anyone who runs a business online and needs to monitor their infrastructure.

If you're considering a point monitoring system instead of ITSI, I would say it depends on the information you are using. Generally, Splunk ITSI is the advanced option that gives you multiple features together with service intelligence and analytics. You can make wonderful dashboards. Comparatively, this is enough to monitor the company's infrastructure. 

In ITSI, we can also integrate application and database logs, so the customer might get some research to predict when the database goes down. ITSI can be helpful to manage the customer infrastructure and minimize the impact on their business.