Splunk ITSI (IT Service Intelligence) Reviews

We get our customers' requirements and onboard their logs into the SIEM tool using agent-based integration or some DB Connect method. After the integration, we write the use cases. There are two types of data: fault monitoring and performance monitoring. In fault monitoring, the customer typically wants every event as an alert, so we'll do a correlation search for that alert. 

We'll add fields to the alerts, such as summaries and descriptions, and write the regular expression from the raw event to extract and display it on a table. After writing the correlation search, we will enable the policy that we'll use to trigger an incident in the ITSI tool. In our Splunk tool, there is a technical add-on called Remedy that we use to create a ticket for a correlation search and alert. 

After writing the NEAP policy, we'll display the number of tickets and all that information in a single dashboard. In the first panel, we'll display a summary of all the applications and the number of tickets divided according to the severity. The second panel displays the alert information, such as the ID, reported date, and the host. 

We have a team of four people. Two integrate the log sources into Splunk, while two write correlation searches, enable the new policies, and generate tickets in incident service with the ITSI tool. They also work on the dashboards, tables, and service analyzer.

With Splunk ITSI, we don't need to manually raise tickets for analysis. For example, it will not trigger a ticket if we receive an alert about a suspicious event when a set of conditions are met, but it's an invalid alert. Based on a NEAP policy, an incident will be created for each valid alert with the help of our ITSM tool. Each NEAP policy has two components: filtering criteria and action rules. The filtering criteria include sections. If the alert source equals the application log monitoring, it will group that particular event. 

For each event, it groups by incidents based on the job ID, and we write conditions for the second-action rules. The incident ticket remains in progress if the event exceeds one and the status is not closed. It shouldn't create a second incident for the same job name.

Splunk ITSI helps customers to reduce their resources. For example, they don't need extra resources to raise manual incidents for each alert. This solution enables us to raise incidents for only valid alerts, and it displays them all in a single dashboard.

It doesn't affect the effectiveness of the application monitoring, but it decreases the resources and associated costs. It will improve the performance compared to raising incidents manually and reduce human error. 

ITSI reduced the time needed to create a ticket. Instead of raising a manual ticket, we can automatically create one after an alert is triggered based on our policy. We can see all the incidents and alerts on the dashboard. 

It has also reduced the volume of incident alerts. We sometimes raise a manual ticket for the same alert triggered yesterday or a few days before. If it is not closed, and we raise another incident by human error. We can write a new condition so that an alert name by the same name will produce no new tickets. It will update the ticket as "in progress" or change the severity from minor to major.

We can also reduce our alert noise using ITSI by writing a complex set of specific correlations. We'll write the exact conditions based on customer requirements. For example, we'll use Windows event ID 4625 for a failed login attempt. If a user wants, we can add the search criteria so only this event ID will be triggered. 

When integrating our customer logs sources, we directly integrate the real-time events into Splunk. There is no time difference from the customer side. It goes directly into Splunk ITSI. Previously, we used some integration method so that when an alert triggers in EMS, it will reach out to Splunk to create an incident within a minute.

We send the artifacts, logs, and analysis to an incident response team to resolve an incident. The response time depends on the team. They receive all the evidence about an alert. 

ITSI helps automate some reports and dashboard features. When we want to run some individual searches, it takes some time to run each search to generate a report and share it with the customer. We can add all these reports into a single dashboard, and we have a query for each report. We add all these queries into a dashboard and schedule the reports, so it generates a report daily showing all the graphs. We can download that report and share it with the customers.

When we automatically generate a ticket based on the alert, it reduces the detection time and makes the ticket-raising time nearly instantaneous. The time difference between the alert trigger and ticket creation time will be minimal as the machine is generating the ticket. The customer response time is five to 10 minutes. 

The search function is the most valuable. It includes regular expressions and wild card searches. We'll write searches using field and case-sensitive services and use all of these search types to write an alert condition. Splunk ITSI has another feature called Glass Table that offers a visual representation. 

We can manually change the dashboard by reducing its size or changing the background color. When we click on any cell, it will navigate to the next dashboard. You also have a KPI feature. Each KPI case has a separate formula, and we'll write a formula so that when a threshold is reached, it triggers a condition. All of this KPI information is displayed in one service analyzer.

ITSI's end-to-end visibility is excellent. With its help, we can monitor all the network-related log sources and infrastructure. Each log source is integrated into the tool and stored in a separate index to improve search performance. We are using this cluster environment with multiple indexes. It's better to have three to four indexes for a faster search.

The solution's preventive analytics help to prevent incidents before they occur. We write a correlation search that is reported. When an alert is triggered, we write a condition. Each incident will have a priority and a response time based on the SLA. For a priority 1 incident, we must respond within 30 minutes. It's an hour for priority 2 and two hours for priority 3. We have three to four hours for priority 4. 

A ticket will be created within this time, and the incident response team will be alerted. While raising the ticket, we analyze all the alert information and everything the incident response team needs to resolve it. The incident response team will act accordingly and close the incident within this time.

When configuring a dashboard, we can write search criteria. Based on the search criteria, the dashboard shows all the alerts, including the alert time, creation time, and a summary description of the alert. When you add an extra column, such as the user that triggered the alert, the next time he refreshes the dashboard, he wants to know that the alert is acknowledged. We want to improve that comment feature. 

In the Service Analyzer, we monitor the network infrastructure services and have a KPI for each service. When the value exceeds the threshold value, we can add the colors. For example, we can set it to green when the threshold value is within the limit. If it is red, then the value has passed the threshold. We want more colors in the service analyzer to display all these features.

I have worked with ITSI for two years.

Splunk ITSI is stable. When Splunk releases its latest update package, we scan it for vulnerabilities and update it to the next version if there are none. 

Splunk ITSI is highly scalable. 

I rate Splunk support nine out of 10. We can get support from the Splunk community or raise a ticket to Splunk and get a reply faster.

Before implementing Splunk, we manually noted all the alert information in a notepad. I downloaded the log file and traced the incident in tools like ServiceNow and BMC Remedy. Now we have a Remedy add-on feature integrated with Splunk ITSI, so it requires no manual intervention to raise a ticket in ITSI. 

Deploying Splunk ITSI was straightforward. We downloaded the initial version and upgraded to the latest package from the back end. It's a simple process that involves integration, log onboarding, deploying agents, and setting up DB Connect. In the agent-based method, we'll have a separate configuration. We collect the log path for all the sources and hosts that need monitoring, which will be integrated into our Splunk tool. 

It requires minimal IT resources to deploy. Two IT resources are sufficient at the time of onboarding for 10 log sources weekly. It's easy to maintain. We are maintaining the license. If your data exceeds the license limit, you need to reduce it or pay for more. 

We have a 100 GB license. This licensing option is a bit expensive, but it can manage any type of bulk data, including database logs, network device logs, and social media devices. 

I rate Splunk ITSI nine out of 10. No manual intervention is needed. It generates the tickets automatically when an alert is reported. If we do this manually, it will take more time to review all the alerts. 

Splunk ITSI has been a great aggregator for creating dashboards for all our app teams when we ingest logs.

Splunk ITSI has been the central location for log aggregation and information via dashboards.

The most valuable feature is the aggregation of the metrics and the relative ease of getting them away from search. The solution has helped save time by getting the metrics into the dashboard to get their information.

When we first started, a lot of users were hitting search. We have an ingest pricing model, and a lot of our ingest was going sky-high. By converting more of those users to Splunk ITSI, we were able to bring down and standardize them using uniform metrics. This prevented them from using the search function all the time ad hoc and pulling down tons of data.

Our organization monitors multiple cloud environments, including AWS and Azure. Splunk ITSI has been good so far for monitoring the AWS environment, and we have several teams on the AWS platform.

The end-to-end visibility that Splunk ITSI has into our cloud-native environment is very important for our organization. More of the values are shown daily and weekly. As a result, we get to continue expanding with teams to build Splunk ITSI dashboards.

Splunk ITSI has helped reduce our mean time to resolve (MTTR). 50% of the time, we have Splunk ITSI dashboards created. Then, we can quickly go in and reduce the mean time to discover. It's really about discovery and identifying root causes. This past week, we could quickly provide the app team with our observations and suggestions, and it was very valid.

This process could have taken days. On the contrary, we took the first five minutes to look at the Splunk ITSI dashboard, followed up with a basic query, and then returned with our observations.

Splunk ITSI has helped improve our organization's business resilience because it allows the app teams on AWS to correlate anything they see from a downtime perspective that minimizes impact on customers. We're investing in Splunk ITSI because it can predict, identify, and solve problems in real time.

After implementing Splunk ITSI, we immediately saw time to value. With the first couple of dashboards, we could immediately see an improvement in our app teams and the monitoring team's relationship with them.

We found Splunk ITSI to be the platform that helps consolidate networking, security, and IT observability tools. It's going to be a game-changer for us to pull a lot of the tools together. We always look for opportunities where Splunk can be the only tool of choice. However, Splunk ITSI is a great aggregator when we use other tools like AppDynamics and Dynatrace to pull information from cloud environments.

It also provides visibility and data correlation. You won't get to one point where you will use Splunk ITSI for everything. However, it can be the one-stop shop for data aggregation and realizing the data's value.

Splunk ITSI has been the central part where Splunk engineers go to create dashboards for the app teams.

Splunk ITSI should include ease of integration and more templating.

I have been using Splunk ITSI for two years.

I haven't had any issues with the solution’s stability.

So far, we haven't had any scalability issues with the tool.

Splunk's customer service and technical support have been good, and we don't have any complaints. We have a good technical partner. We tap into our Splunk engineers almost weekly, and it's been great. We've had a couple of little hiccups in the past with some things.

I appreciate the customer service and the technical teams for being honest in discovering bugs and giving our team credit for taking things back that need to be investigated further or will go into future models. We've had some suggestions, and the team's really happy that Splunk listens.

Positive

We have seen a return on investment with Splunk ITSI. We've been able to get data faster in the hands of the app teams, but we don't have KPIs that measure more of the financial or business value.

I wouldn't say there's been an issue with the solution's pricing because we went through the AWS marketplace and negotiated directly with Splunk.

Overall, I rate the solution a nine out of ten.

Splunk ITSI is a service intelligence platform that monitors services, availability, endpoints, and interactions within an environment. My experience with ITSI focuses on web application APIs. I installed and configured it for a telecommunications company to monitor web application API services, troubleshoot downtimes, and mitigate failures. ITSI offers a comprehensive view of the environment, enabling top-to-bottom visibility into services, endpoints, and performance. It provides correlation analysis, deep dives, and episode reviews, leveraging AI and machine learning algorithms to detect signals, predict issues, and prepare engineers for potential problems.

Splunk ITSI's dynamic and highly beneficial end-to-end visibility allows us to gain comprehensive and clear visibility once we configure our settings, services, and entities.

Splunk ITSI's machine learning and AI capabilities are powerful tools that help prevent incidents before they occur. As an engineer, I appreciate the ability to visualize potential future scenarios within my environment. This predictive forecasting feature provides valuable insights into our environment and services.

Due to its complex functionalities, Splunk ITSI requires significant learning. Proper training is essential to understand how these features operate effectively. While the benefits were not immediate, they became apparent over time as we configured, implemented, and utilized the various functionalities. It took several months before the full value of Splunk ITSI was realized.

For incident management and incident response, ITSI assists us by enabling us to create numerous knowledge objects as Splunk users. Whenever an issue arises, these objects can be centered around our services or entities, such as reminders, emails, or notables. Consequently, ITSI significantly aids our management and incident response efforts.

Splunk ITSI effectively reduces the volume of incidents by providing predictive capabilities, enhancing environmental visibility, and facilitating efficient troubleshooting. This deep-dive approach minimizes the occurrence of noisy alerts and consequently lowers the overall incident rate.

It helps reduce alert noise by allowing users to review and group notables. Through the episode review functionality, analysts can examine fired alerts, assign them to specific investigators or analysts, and group them to minimize the occurrence of noisy alerts.

Splunk ITSI has been instrumental in reducing the mean time to detect. While I have other tools as an engineer, ITSI, in conjunction with Splunk SOAR, offers preconfigured automation and quick responses that can further enhance our MTTD. ITSI provides the necessary visibility, and when integrated with SOAR, it aids in detecting and resolving issues more efficiently. These tools work seamlessly together, streamlining our incident response process and improving operational efficiency. Combined, our MTTD is under 30 seconds.

Splunk ITSI has helped reduce the mean time to resolve the issue because we can detect the incidents faster.

It is a valuable tool for cost savings. In a recent project involving web application APIs, ITSI's top-to-bottom visibility and machine learning capabilities enabled us to predict and prevent downtime, reducing losses significantly. By integrating ITSI with an automated tool like SOAR, we implemented automated responses that quickly resolved issues and minimized disruptions. This resulted in substantial savings, estimated to be between five and ten million dollars. Before ITSI, downtime in the web payment application APIs was frequent, leading to significant financial losses. ITSI's implementation has eliminated this issue and provided substantial cost benefits between five and ten million dollars.

Splunk ITSI offers a valuable visualization tree that allows us to map and analyze dependencies and co-dependency within our environment. We can quickly identify errors, failures, and cascading impacts from specific branches by inputting our services and entities into this diagram. I have found this feature particularly useful for clearly understanding my environment's dynamics. Additionally, ITSI's deep dive functionality enables detailed examination of service trends over time, providing valuable insights. Furthermore, its AI and machine learning capabilities, especially beneficial for users with relevant knowledge, offer powerful predictive and correlation analysis tools. Overall, ITSI's combination of visualization, deep dive, and AI and ML features makes it an indispensable tool for observability and understanding complex environments.

ITSI currently lacks the capability for automated response, mitigation, and remediation. To achieve this, it must be integrated with third-party applications. Adding these features to ITSI would significantly enhance its value. For example, the ability to define specific conditions and triggers for automated responses to alarms or incidents would enable proactive mitigation and detection. Incorporating automated response and detection functionalities into Splunk ITSI would make it a powerful tool for incident management.

I have been using Splunk ITSI for seven years.

Splunk, as a platform and software, typically operates smoothly without significant lag or crashes. When such issues arise, they are often attributed to insufficient memory or hard drive space allocated for the Splunk installation. These factors are primarily dependent on the project owners and company's available resources and hardware capabilities. However, it's important to note that the Splunk platform itself rarely encounters stability problems.

Splunk ITSI assists in optimizing resource allocation to align with demand. We can effectively manage our infrastructure by accurately predicting resource requirements based on factors such as the environment, project, and specific operations within our facility. Splunk ITSI's machine learning capabilities can also contribute to this predictive analysis or forecasting, further enhancing our ability to optimize resource utilization.

The technical support responded quickly and provided high-quality assistance. They paid close attention to our issue, conducted a remote diagnosis of our environment, and clearly explained the problem and recommended solutions. Their service was exceptional.

Positive

The initial deployment of Splunk ITSI is straightforward. Assuming all other configurations are in place, a full deployment can be completed in approximately 30 minutes. The exact duration depends on the complexity of the environment, including the number of indexers, search heads, and overall workload. For a single installation on a standalone computer with minimal infrastructure and support requirements, the deployment can be completed in just a few seconds.

The number of Splunk ITSI consultants required for a deployment depends on the project's size, architecture, and specific monitoring needs. A small, single-deployment project may only need one consultant. However, larger projects involving clusters of indexers or searchers, or those requiring constant monitoring, may necessitate more consultants. Such complex deployments might require two or three consultants to manage the entire environment effectively.

I would rate Splunk ITSI eight out of ten.

To anyone considering switching to Splunk, I highly recommend it. Splunk offers a wide range of applications, making it a versatile tool for various IT environments. Beyond ITSI, Splunk provides numerous tools and platforms that offer comprehensive insights into IT operations, security, and more. Whether dealing with payments, web application APIs, or any aspect of IT, Splunk can help. Splunk empowers you to gather, search, analyze, and visualize data to create knowledge objects and set endpoints. It enables you to secure, analyze, and query your IT environments, providing valuable insights. Splunk's powerful features, including AI and machine learning algorithms, help you detect issues, streamline alerts, and improve overall operations. Splunk's risk-based alerting and ITSI security features ensure data protection and compliance. It helps safeguard your data in transit, storage, and indexing, providing visibility into access and potential leaks. For compliance, vulnerability, and risk management, Splunk is a valuable asset. I strongly recommend installing Splunk for its ability to enhance IT operations, improve visibility, and ensure security. If observability is a priority, I also encourage exploring Splunk ITSI.

Splunk ITSI is available both in the cloud and on-premises.

For new users, consider hiring a Splunk consultant to provide initial guidance and training. The consultant can demonstrate key features, share best practices, and help you get started. Secondly, familiarize yourself with Splunk's extensive documentation, which is a valuable resource for learning and troubleshooting. It's essential for anyone involved in managing or using Splunk to stay updated on the latest information. Finally, having a consultant work directly with your team can accelerate the learning process. They can provide tailored training, assist with implementation, and ensure that your users are equipped to effectively utilize Splunk's capabilities.

In my recent projects, we have used ITSI to monitor the entire infrastructure using multiple features, such as service KPIs, aggregation policies, base searches, correlation searches, notable events, dashboards, blast tables, service analyzers, and drill-downs.

It helps in every respect, including performance, monitoring, or visualization of the important indicators. It improves the quality of service to the clients. It is crucial that the clients have no website failures because that means the loss of business. ITSI helps us track those issues. We've seen fewer environmental failures since we started using ITSI.

We saw immediate benefits from Splunk ITSI. For example, let's say you have a project for monitoring hybrid Linux servers running JBoss, SAP, and any server containing a client's critical data. It isn't easy to monitor each of these through the back end. 

Splunk ITSI shows you all the data on the screen and lets you visualize the data from various applications. We can see all the applications running on the server and issues with CPU or memory utilization. We have that data in Splunk and can immediately see the alerts triggered. If there are any failures in the environment, we can fix them in seconds. 

The solution has helped us streamline our incident management. We can monitor server KPIs, which trigger an alert if the server is impacted. We can track all the notable events and integrate ServiceNow with Splunk. ITSI is integrated with the ticketing tool, so when an alert triggers, it automatically creates a ticket on ServiceNow. 

ITSI has also reduced the alert volume. Before ITSI, we were unsure why an issue happened. We would see the alerts triggered in bulk and log them one by one for every server. ITSI gives you a feature that lets you drill down to find the precise issues on the server. 

It has a service KPI feature that allows you to monitor exceptions that may lead to server failure. For example, we might be in trouble if the value exceeds 10. We put five or eight values in the threshold field with a high criticality, so it triggers an alert whenever the count is breached. 

ITSI reduced our alert noise because it was very hard to monitor every aspect when we used search and reporting. After running the query, we needed more insights, and ITSI gave us a clearer picture of the incident. That helps you reduce issues.

Many use cases can be automated through ITSI because we previously built our reports manually.  After introducing ITSI, we sent all the data via the forwarders to Splunk. Once we have the data, we create and schedule all those queries and reports so that the management can see them without any IT involvement. It previously took us two or three hours daily to create all those reports, so automating reports saves almost 60 hours each month. We're automating 10 to 15 daily.

The most valuable feature of ITSI is the service KPIs. No other tool provides you with the same level of observability and enterprise security or the search and reporting applications. 

ITSI has everything. We can create searches, email alerts, and dashboards. It's the only application that offers the KPI concept where we can monitor different KPI parameters. We can configure the KPIs to trigger alerts when they breach a set threshold.

You can use the core concepts to optimize performance optimization. And you can create a lot of correlations and onboard the data from every project application. You can play with the data to create those KPI services and crash modes. It's possible to establish service health using the KPIs through the service analyzer. On a single screen, you have a lot of tiles showing you the service KPIs and high-level insights.  

When I started working on ITSI, there was some lag in releasing predictive analysis. Since then, there have been several updates, and we see that it works. We can predict any fluctuation in the data that might lead to failure. Using the historical data, we can set up the adaptive threshold. ITSI analyzes the historical data and sets an analysis for the future.

ITSI is an almost perfect tool, but there is room for improvement in a few features like the deep dive and multi-KPI alerts. We're using most of the features like service API, coding searches, and aggregation, but our team members hardly use multi-KPI and deep dive. We don't use the multi-KPI or deep dive because everything is available in the service KPI. I don't think this feature is necessary. 

People mostly use ITSI to monitor alerts. The most important features are within the service KPI. When we configure the alerts in service KPI, we don't need to do any deep dives because the client is more interested in the raw data, so we run the queries on the raw data instead of going into the deep dive. 

I have used Splunk ITSI for seven years.

I rate Splunk support nine out of 10. It is very helpful. Whether you are connected to priority one, two, or three depends on the issue and its impact. You can also get help from the Splunk community. If you create a P2 ticket, they will reach out to you within an hour and resolve the problem in eight hours. They have different SLAs. 

They might take one or two days to resolve issues. We need to upload the tags over the server to the portal. After that, they will start working on it. They have solved all the issues in the last four or five months within two to three days maximum.

Positive

We had Dynatrace. It was integrated to onboard the data and create correlation searches to monitor those parameters.

Setting up Splunk ITSI wasn't difficult. A few files needed to be placed over the indexers, and a few more needed to be placed over the license master. I didn't have any issues installing ITSI from scratch. It takes 15 to 20 minutes, depending on the project. It can be set up with one to three people. When service KPIs are installed, we need to validate them after the installation and upgrade ITSI. 

My friend works with OpenSearch. They are moving from Splunk to Cribl and OpenSearch. Splunk is pretty expensive, but it gives you a decent insight into the data. It is easy to learn, and ITSI has a great interface. You can run those queries and pass the data. I don't find any product attractive, and we need to put more thought into it. 

I rate Splunk ITSI nine out of 10. I have worked on multiple projects in the last seven years, and I've never found any product like ITSI. We can monitor everything through that. It's an excellent product.

Setting up and mapping the searches with the aggregation policies can be a little complex. Once you've mastered that, you can do anything with the ITSI. You can monitor the whole project infrastructure. You don't need any other tool to monitor and visualize the data. ITSI is enough.

I worked on multiple projects using Splunk ITSI for log monitoring, including monitoring mobile data usage for a telecom company, working with an insurance company and a retail application, and monitoring payment applications for a bank.

The integration with Splunk ITSI allowed us to monitor and track issues through alerts. This integration also reduces the Mean Time to Identify as the team is quickly made aware of problems through the ITSM tool, and respective incidents are raised to the application team. Depending on the issue's type, we can prioritize the incident, even giving it a P1 priority. With this, the team is made aware, and since we track our issues in ServiceNow, related incidents can be deployed, which also helps reduce the Mean Time to Resolve. The application team then knows what actions to take.

Event management utilizes event correlation and event aggregation instead of generating numerous alerts that cause panic within the team because multiple areas might be affected by a single issue. This can be achieved through Splunk's native capabilities, like notable event aggregation policies and episode reviews for ITSM, or by utilizing third-party tools such as Netcool. By employing event management tools like Netcool and then sending aggregated incidents to ServiceNow or using ServiceNow's item model for implementation, the number of alerts is reduced, and the troubleshooting team receives relevant information instead of overloading. This approach helps mitigate panic and provides the team with the resources to effectively address issues.

End-to-end visibility for application monitoring in our use case required us to consider all involved components. We addressed this by creating hierarchical dashboards. This approach provided everyone, from business stakeholders to operations, with visibility into application health through relevant metrics. Business stakeholders, for instance, focus on high-level metrics like application health, user experience, revenue, and performance rather than technical details like CPU usage. Therefore, we tailored the dashboard hierarchy for different roles: business executives, operation leads, project managers, and operations staff. The operations dashboard provided end-to-end visibility by configuring all components of the application's functioning. Leveraging the familiar network architecture, we utilized the same topology to present metrics, creating a comfortable and easily understandable dashboard layout. By plotting all entities with their availability and performance metrics, we achieved comprehensive end-to-end visibility.

We have set up the environment correctly for the predictive analytics, and our metrics are flowing continuously. We have the required data, so we can configure at least 30 minutes of lead time to predict the metrics and their thresholds for potential impact. I can set this up, but I only had the opportunity to work on the project until anomaly detection. Predictive analytics was not a requirement, so I did not implement it. However, I understand it entirely and have explored and learned about it in their documentation.

For our telecom project, we focused on promotions as a use case. We aimed to identify the most popular promotions among users, especially during festivals and special occasions. Analyzing business metrics revealed that Promo Code 350 was the most frequently used, generating significant revenue. We presented these findings to the business team, showcasing how different promotions performed during various events. This information empowered them to design more effective offers and strategies, ultimately improving the customer experience. The business team appreciated our contribution, recognizing the value of data-driven insights in shaping their marketing efforts.

Splunk ITSI is a tool that helps our clients streamline their incident management. By integrating Splunk ITSI with ServiceNow and NetCool, we can reduce the burden of keeping up with the number of incidents and ensure they're updated.

Splunk ITSI helps reduce alert noise. We receive multiple alerts for each event when using any APM tool, Splunk, or log monitoring tool. Aggregating these alerts has always been helpful, and we've utilized Splunk's notable event aggregation policy to reduce alerting for each KPI to a single episode review.

Splunk ITSI reduces our mean time to detect.

Splunk ITSI is resilient and highly capable of tracking issues, provided the necessary logs are configured. With proper configurations, metric values are obtained, allowing us to monitor KPIs and quickly identify any adverse effects. In such cases, we can seamlessly delve into the logs to pinpoint the exact root cause of the issue.

I enjoy designing glass tables, hierarchy dashboards, and the preview for ITSI. I particularly like the preview feature because it provides a prompt experience for impact analysis. We can directly track which specific service is impacted and identify the underlying affected entity. Also, we can quickly view the affected metrics. Overall, the Glass table preview is the most valuable feature.

Currently, Glass tables in ITSI only display metrics related to KPIs. I proposed adding an option to show metrics related to entities. This would eliminate the need for custom SPL to achieve this functionality. Since KPIs already have an entity split feature, extending this capability to dashboards makes sense.

I have been using Splunk ITSI for five years.

I would rate the stability of Splunk ITSI nine out of ten.

Splunk ITSI is scalable. It offers clustering for search indexes, and we have the deployment service.

I previously used AppDynamics but switched to Splunk after learning about it and finding it more interesting.

The deployment is straightforward.

Splunk ITSI is expensive compared to other tools.

I would rate Splunk ITSI eight out of ten.

Other APM tools have limited features, so I recommend Splunk because it allows you to go beyond pre-built functionalities. With Splunk, you can create custom rules for application monitoring and tailor data visualization for enhanced visibility. Splunk's flexibility extends to designing personalized dashboards and metrics, providing a limitless monitoring experience.

Splunk ITSI requires maintenance for upgrades either annually or biennially.

Splunk is a comprehensive solution that offers log monitoring and the ITSI observability suite, eliminating the need for multiple tools and the associated complexities in maintenance and cross-team coordination. Splunk's flexibility allows for adopting features like APM as needed and seamlessly adding further monitoring capabilities in the future, such as user experience monitoring, synthetic monitoring, or additional log monitoring. This adaptability, along with Splunk's ability to correlate data across different monitoring areas, makes it an ideal unified platform for comprehensive monitoring and observability.

We are using the solution for correlation searches. We've integrated Splunk with ServiceNow. We're creating aggregation policies to trigger actions in ServiceNow. We use it with the ServiceNow add-on. When something happens in ServiceNow, it's correlated to ITSI as well. 

We can check to see if dependent services are aligned. The service analyzer allows us to see the health of the services. 

It's been very good for noise reduction. We have alerts that trigger visually and it helps us prioritize. We can create performance-related dashboards so teams will have a clear overview according to their unique requirements. 

The infrastructure monitoring is very useful. In our scenario, we can see the performance of logs across parameters like memory or security. We can analyze the data. We can create our own logic and alerts to send to the correlated teams to take care of incidents. 

The end-to-end visibility is very good. With the service analyzer, we're able to see if something goes down. It's inspecting the health of services. It's color-coded, so we can check to see if there are any serious issues. We can do deep dives if something is red. 

We use the predictive analytics on offer. We have some use cases in which we create forecasts around CPU and memory-related alerts. We can use it to predict costs based on the past 30 or 40 days. We're also trying to use this for anomaly detection. We can make good predictions on the basis of data and trends. As long as we have past data, we can use it to build some predictions for the future. We can use this to create and send predictive reports to our teams to help them take pre-emptive action.

It's helped us to right-size resources to match demand. 

The solution has helped us streamline our incident management. We've been able to increase efficiencies through automation.

We've been able to reduce incident volume. If a host is generating frequent tickets, for example, we're able to see it and work on it directly to help us reduce incident counts. 

We've been able to effectively reduce alert noise. We can create logic to create tickets. It will create one ticket per episode so that multiple tickets are not created for one single episode - and this helps us reduce noise. 

We can automate routine tasks. We're able to create alerts, reports, scheduled searches, et cetera. It's helping us to save time.

When we check the service analyzer, and we have custom inputs, there are issues. Sometimes our inputs are not taken or recognized. Alerts are not being automatically generated. Also, if someone comes and creates a maintenance window, we can't properly identify who created it. We have to create our own queries before we can identify anything. 

I've been using the solution for three years. 

The solution is very stable. 

The solution is scalable. Depending on your infrastructure, it can be a bit tricky. 

I haven't had to escalate any issues to technical support. 

We're using SolarWinds and Splunk in our current environment. 

I helped with the initial deployment. We have multiple servers sending data to Splunk. The process is straightforward. For the setup, we had three people involved in the process. 

It's not a difficult solution to maintain. 

The licensing is based on data ingestion. However, they do have multiple licensing options.

The pricing is reasonable. 

Splunk is good. It gives good customized options. Any logic or Python script we need to add, we have the freedom to do so. Most solutions aren't as customizable. 

I'd recommend the solution to others. I'd rate it eight out of ten. 

It monitors every level of infrastructure in our environment, including remote locations across the world.

Splunk ITSI has end-to-end visibility into the cloud-native environment. This is important but not as important because we are primarily on-prem in every aspect of our IT infrastructure. However, for things that we do have in the cloud, it is important that we have visibility there.

Splunk ITSI has helped reduce our mean time to resolve. We can see very quickly when things are down and where they are down. I have taken steps to reduce the time to identify and time to resolve with Splunk ITSI.

The unified platform helps consolidate networking, security, and IT observability tools. It forces certain groups to work together and more closely, as they should. It increases awareness of the current statuses of other environments, which is important.

Instant usability of gathered event metrics is available. We have metrics data from systems, and we can use that to instantly get system status and trends.

There should be entity conflict resolution, specifically regarding duplicate entities. There should be case sensitivity for various keys amongst entities, specifically host names. We need IT metrics-based indexes and more content packs. I know they are coming out with these features.

I have been using Splunk ITSI for two years.

Its stability is great.

It is handling well what it is supposed to handle for some parts of our setup, and with the new version, it is only going to get better.

I have never used their support. Community is the first place I go.

I started with the company two years ago. They had it long before that.

I would rate Splunk ITSI an eight out of ten. It is pretty good, but there are some inflexibilities with the analyzer that can be annoying. 

We use Splunk ITSI for monitoring and analytics.

We spent two months evaluating Splunk before deploying it in production, and by the end of that period, I fully realized the tool's benefits.

Splunk allows us to size resources to match the demand.

Splunk significantly improved our organization's efficiency. Previously, identifying application failures required manual checks or creating custom email templates. However, this process has been fully automated since Splunk was integrated into our applications. We now receive instant email alerts for any issues, reducing our response time from hours to minutes and seconds.

It reduced the mean time for detection by 60 percent.

Since implementing Splunk ITSI, we now receive alerts within seconds of detection.

Splunk ITSI has significantly reduced the time spent on routine tasks. Previously, locating errors could consume minutes or even hours, but now it takes seconds.

It is easily integrated and capable of ingesting data efficiently.

I particularly appreciate two features of Splunk ITSI: data forwarding and the marketplace. Data forwarding allows us to ingest data from at least three different sources directly into Splunk. The marketplace, on the other hand, empowers us to create and share custom applications or functionalities that aren't already available.

The user interface visualization could be improved. Splunk ITSI currently utilizes a candid design.

I have been using Splunk ITSI for 11 months.

Splunk ITSI is stable on the Cloud.

Our project generated millions of lines of data every ten minutes, which Splunk ITSI successfully processed.

We migrated from New Relic over to Splunk ITSI because of budget constraints.

The deployment is straightforward. 

I would rate Splunk ITSI eight out of ten.

A dedicated Splunk team deals with maintenance.

Before using Splunk ITSI, it is recommended to take advantage of the free trial period to explore the application and thoroughly read the documentation. This will allow you to determine if it meets your needs before diving in.