Splunk ITSI (IT Service Intelligence) Reviews

In my recent projects, we have used ITSI to monitor the entire infrastructure using multiple features, such as service KPIs, aggregation policies, base searches, correlation searches, notable events, dashboards, blast tables, service analyzers, and drill-downs.

It helps in every respect, including performance, monitoring, or visualization of the important indicators. It improves the quality of service to the clients. It is crucial that the clients have no website failures because that means the loss of business. ITSI helps us track those issues. We've seen fewer environmental failures since we started using ITSI.

We saw immediate benefits from Splunk ITSI. For example, let's say you have a project for monitoring hybrid Linux servers running JBoss, SAP, and any server containing a client's critical data. It isn't easy to monitor each of these through the back end. 

Splunk ITSI shows you all the data on the screen and lets you visualize the data from various applications. We can see all the applications running on the server and issues with CPU or memory utilization. We have that data in Splunk and can immediately see the alerts triggered. If there are any failures in the environment, we can fix them in seconds. 

The solution has helped us streamline our incident management. We can monitor server KPIs, which trigger an alert if the server is impacted. We can track all the notable events and integrate ServiceNow with Splunk. ITSI is integrated with the ticketing tool, so when an alert triggers, it automatically creates a ticket on ServiceNow. 

ITSI has also reduced the alert volume. Before ITSI, we were unsure why an issue happened. We would see the alerts triggered in bulk and log them one by one for every server. ITSI gives you a feature that lets you drill down to find the precise issues on the server. 

It has a service KPI feature that allows you to monitor exceptions that may lead to server failure. For example, we might be in trouble if the value exceeds 10. We put five or eight values in the threshold field with a high criticality, so it triggers an alert whenever the count is breached. 

ITSI reduced our alert noise because it was very hard to monitor every aspect when we used search and reporting. After running the query, we needed more insights, and ITSI gave us a clearer picture of the incident. That helps you reduce issues.

Many use cases can be automated through ITSI because we previously built our reports manually.  After introducing ITSI, we sent all the data via the forwarders to Splunk. Once we have the data, we create and schedule all those queries and reports so that the management can see them without any IT involvement. It previously took us two or three hours daily to create all those reports, so automating reports saves almost 60 hours each month. We're automating 10 to 15 daily.

The most valuable feature of ITSI is the service KPIs. No other tool provides you with the same level of observability and enterprise security or the search and reporting applications. 

ITSI has everything. We can create searches, email alerts, and dashboards. It's the only application that offers the KPI concept where we can monitor different KPI parameters. We can configure the KPIs to trigger alerts when they breach a set threshold.

You can use the core concepts to optimize performance optimization. And you can create a lot of correlations and onboard the data from every project application. You can play with the data to create those KPI services and crash modes. It's possible to establish service health using the KPIs through the service analyzer. On a single screen, you have a lot of tiles showing you the service KPIs and high-level insights.  

When I started working on ITSI, there was some lag in releasing predictive analysis. Since then, there have been several updates, and we see that it works. We can predict any fluctuation in the data that might lead to failure. Using the historical data, we can set up the adaptive threshold. ITSI analyzes the historical data and sets an analysis for the future.

ITSI is an almost perfect tool, but there is room for improvement in a few features like the deep dive and multi-KPI alerts. We're using most of the features like service API, coding searches, and aggregation, but our team members hardly use multi-KPI and deep dive. We don't use the multi-KPI or deep dive because everything is available in the service KPI. I don't think this feature is necessary. 

People mostly use ITSI to monitor alerts. The most important features are within the service KPI. When we configure the alerts in service KPI, we don't need to do any deep dives because the client is more interested in the raw data, so we run the queries on the raw data instead of going into the deep dive. 

I have used Splunk ITSI for seven years.

I rate Splunk support nine out of 10. It is very helpful. Whether you are connected to priority one, two, or three depends on the issue and its impact. You can also get help from the Splunk community. If you create a P2 ticket, they will reach out to you within an hour and resolve the problem in eight hours. They have different SLAs. 

They might take one or two days to resolve issues. We need to upload the tags over the server to the portal. After that, they will start working on it. They have solved all the issues in the last four or five months within two to three days maximum.

Positive

We had Dynatrace. It was integrated to onboard the data and create correlation searches to monitor those parameters.

Setting up Splunk ITSI wasn't difficult. A few files needed to be placed over the indexers, and a few more needed to be placed over the license master. I didn't have any issues installing ITSI from scratch. It takes 15 to 20 minutes, depending on the project. It can be set up with one to three people. When service KPIs are installed, we need to validate them after the installation and upgrade ITSI. 

My friend works with OpenSearch. They are moving from Splunk to Cribl and OpenSearch. Splunk is pretty expensive, but it gives you a decent insight into the data. It is easy to learn, and ITSI has a great interface. You can run those queries and pass the data. I don't find any product attractive, and we need to put more thought into it. 

I rate Splunk ITSI nine out of 10. I have worked on multiple projects in the last seven years, and I've never found any product like ITSI. We can monitor everything through that. It's an excellent product.

Setting up and mapping the searches with the aggregation policies can be a little complex. Once you've mastered that, you can do anything with the ITSI. You can monitor the whole project infrastructure. You don't need any other tool to monitor and visualize the data. ITSI is enough.

We have a couple of different use cases including incident management, correlation, and mapping out incidents.

Having a structure on how to resolve incidents is the most valuable aspect.

It is pretty important to us that it offers end-to-end visibility. That's how we do the ITSI incident setup. It needs to have an overview.

It has helped improve the business' resilience. Splunk's ability to predict, identify and solve problems in real-time is pretty good. I've been a Splunk customer for almost six years.

The time it takes to pinpoint an issue, from when it's triggered to resolution is where I've seen the most value out of Splunk.

We have seen time to value using ITSI. It took a few months to see this value. 

They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve.

I have been using Splunk ITSI for one year.

The product is pretty stable.

We had a support person who was instrumental in getting it set up.

I would rate support an eight out of ten. It's nice to have the help but we'd also like to be independent and that's taking a bit of time to get onboarded. 

The initial setup is easy. We had someone come in. It took around a month or so and he's still with us helping to implement.

Overall, I rate the solution a seven out of ten. I'm getting up to speed with it. 

It has enabled effective monitoring, allowing for a comprehensive view of the growing complexity within the IT infrastructure.

The enhancement to our organization stems from its ability to consistently run rules, actively identifying significant events. This involves an ongoing process of aggregating and configuring notable events into a coherent resource. Additionally, the container version automates website functionalities, including tasks like email reception, providing a heightened level of control.

It has proven highly effective in real-time monitoring of service assistance and KPIs. There has been a noticeable enhancement in automated event clustering. Additionally, the platform facilitates comprehensive analysis for proactive incident prevention.

The end-to-end visibility provided into our network environment is a potent tool for real-time monitoring. It significantly contributes to the monitoring and analysis of complex multi-cloud IT solutions, playing a pivotal role in ensuring efficiency.

Leveraging predictive analytics to proactively prevent incidents before they manifest empowers operations to establish effective management and automation of information related to business processes.

It aids in minimizing alert noise, proving highly effective in incident management. Furthermore, it facilitates root cause analysis.

The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes. It promptly raises a red flag, signaling an effective early warning system.

The resilience it provides is invaluable. It ensures continuous application of rules, specifically for identifying notable events, and utilizes revision policies to configure hardware solutions into edge servers. This is essential for my operations to seamlessly proceed.

It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs.

I have been using it for one year.

It provides good scalability. Approximately, a hundred users use it effectively.

I would rate the customer service and support eight out of ten.

Positive

The initial setup was straightforward.

The installation involves developing a strategy to comprehend the essential services for proper monitoring. Additionally, it entails determining the specific type of intelligent alerts, clusters, and dashboards needed for effective planning. It was done in-house by one individual.

The implementation of this solution quickly demonstrated its value.
It resulted in a time reduction of six hours through its implementation.

It contributed to a six-hour reduction in the meantime to detect incidents.

It assisted in decreasing the mean time to resolve by four hours.

Choosing IT Service Intelligence (ITSI) over other vendors is a superior option now, as it operates on a data platform capable of efficiently collecting and managing large volumes of machine-generated data. It would greatly support the utilization of proper predictive analytics due to the capability to preemptively prevent incidents ten to twenty minutes in advance. Overall, I would rate it eight out of ten.

We use the solution for event management, observability, application management, application performance management, anomaly detection, problem detection, and creating different rules for the anomalies for different events. It's application performance monitoring. The entire area of service is managed by ITSI, and offers automated detection and everything.

The root cause analysis is very helpful for us. 

There's one feature which is a prediction and detection feature that we have gone through. We are not thoroughly using it. However, for us, I would say that root cause analysis, problem detection, and anomaly detection are the most helpful features.

The end-to-end visibility of IT assigned to our network environment is great. The endpoint visibility is definitely helpful, and that is mainly for the application team. We can take a deep dive into the incident. In the everyday work that we do, we don't really use endpoint visibility since that is not required if we look at normal and general use cases. That said, when it comes to an incident during an outage, end-to-end visibility helps us deep dive or drill down to find out the root cause and how to make the platform better for the future.

The product has helped to streamline our incident management with end-to-end visibility. It helps in streamlining the incidents that are coming in. For example, for the authentication service that we have, users for certain regions are not able to authenticate completely. That likely means there's an issue with that region. That is an incident. In that case, I would look at endpoint visibility from the infrastructure to the end of the service call, including all the scans, tracing, and everything. Looking at it helps provide a resolution.

Our alert noise has been reduced.

Our main time to detect has been reduced as well. Previously, we used to take a lot of time getting to the root cause of what happened. We've been able to resolve this quicker, and our main time to detect has been drastically reduced. 

In addition, we've been able to reduce the time to resolve.

Predictive analytics, in terms of preventing incidents before they occur, still needs time to mature. I am not very, I would say, convinced of the prediction feature's capabilities.

It does not have a release comparison on the server comparison feature. For example, if you have an application, and you introduce a new feature, and you're going to deploy it, then the release comparisons should show automatically or generate a report to show the impact of the feature on the overall application. It should show what you can do to optimize it. 

I've used the solution for around five years.

The stability has been good. 

The solution is highly scalable and flexible. 

I've contacted support multiple times. Their service is average. They are not very quick. 

Neutral

I've used a few different solutions, like Dynatrace and Datadog. I've used Elasticsearch and Moogsoft as well.

Dynatrace is an overall package. I'd choose it over ITSI. Splunk is never a package. It does not provide application performance monitoring. Dynatrace is a full-fledged APM tool that includes infrastructure, APM, synthetic monitoring, and user monitoring alongside AI ops, which are very strong. It's a mature platform.

I was involved in the initial setup. It's a very straightforward process. Deploying the platform takes a couple of hours at a maximum. The configuration is more subjective in terms of how long it takes. For example, how many applications do you have? How many environments? We have three environments in the US, and with approvals, it took us around 20 days.

It's a SaaS solution and does not require maintenance. It's a one-click upgrade if you want to upgrade anything. 

Once you buy a license, Splunk is involved and can help with the deployment. They have three or four free consulting sessions initially. They are very involved in the pilot phase. post-pilot, you have regular support. 

The product is expensive. It's one of the most expensive options, although maybe not as expensive as Datadog.

We might be partners with Splunk. 

It's readily available. You don't have to wait very long to witness the benefits of the solution. 

I'd rate the solution seven out of ten. 

If you are looking for an AI solution alongside APM, use a platform with everything in place. However, if you still want to go for a dedicated AIS platform, make sure it integrates with your existing logging and APM tools. However, my position is that it's better to use one platform for the entire opportunity.

We use Splunk ITSI for better CMDB management and control of all infrastructure devices.

We had many old devices and legacy systems, and architects used to configure them as they saw fit. To streamline and standardize our operations, we had to rely on Splunk. Splunk invented device discovery, which allowed us to learn what devices are on the network, what type they are, and how to classify them. Splunk ITSI has been very helpful to us.

We deployed Splunk ITSI on-premises, and it can also be deployed in the cloud.

Splunk ITSI helps the advisory board's cab team increase efficiency by instilling trust in systems over manual administrators. Splunk ITSI also provides a central source for the documentation of our application dependencies.

Splunk ITSI provides end-to-end visibility into our network environment, which reduces the manual effort required to capture configuration data and helps us identify weaknesses in our network.

Once we have implemented the CMDB to meet our requirements, Splunk ITSI's predictive analytics can identify any devices that will be affected by planned changes and provide us with that information. This will allow us to prioritize incidents based on their criticality and notify stakeholders accordingly.

Splunk ITSI has helped our organization in many ways. It has centralized all resources for administrators and service personnel. Architects can plan better using the environmental details provided by ITSI. The CAB team can provide approvals quickly because the information is easily accessible. Splunk ITSI is reliable, and its AI-driven predictive analytics help identify potential component or device failures.

Splunk ITSI streamlined our incident management by allowing Splunk administrators to easily see all incident details and cascade them down to relevant stakeholders and customers. This enabled us to inform the service desk team so they could better prepare responses to end-user queries. We can also easily identify and address infrastructure challenges affecting specific companies.

It helps reduce our alert noise by a minimum of ten percent and it can go significantly more. We categorize and close alerts directly through ServiceNow after integrating our account. This automated process frees up our admins' time to focus on more important tasks.

Splunk ITSI has reduced our MTTD by over ten percent. We can meet our SLAs with Splunk ITSI 99.8 percent of the time. It has also reduced our MTTR by five to ten percent each quarter. We can resolve almost 90 percent of our tickets.

With Splunk ITSI, we can optimize business processes and systems. ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use. This also enables proactive responses to trends and events, as events are already segregated based on how they have been mapped.

Splunk ITSI consumes a lot of CPU resources. I would like a more lightweight solution in terms of resource consumption.

The price has room for improvement.

I have been using Splunk ITSI for five years.

Splunk ITSI is stable.

Resilience is valuable because it functions perfectly, helping to reduce risk and assist our admins and architects.

Splunk ITSI is scalable.

We previously used our internal CMDB solution, which was not streamlined and depended on a few key architects. We wanted more control and better governance, so we switched to Splunk ITSI.

The difficulty level of the deployment depends on the knowledge of those doing the implementation. A person with moderate knowledge will require some time to do all the configurations.

Our deployment took around four to six weeks to complete.

I have seen ROI from Splunk ITSI of close to 30 percent at both my current and previous organizations. The returns have been presented to leadership.

The cost of the modules is a bit high for non-global companies, making it difficult for them to afford Splunk ITSI.

I would rate Splunk ITSI eight out of ten.

Splunk ITSI is the best application performance monitoring tool because it helps administrators do their jobs better, has more computing power, and allows staff to focus on governance and automation.

Organizations may benefit from considering a point monitoring system instead of Splunk ITSI, depending on their environment.

We achieved time to value with Splunk ITSI within the first four to six weeks of deployment.

Splunk ITSI is deployed across multiple departments in our organization and there are 20 users.

Maintenance is required for updates.

I recommend Splunk ITSI. The solution can discover all types of devices in our environment.

We typically utilize Splunk ITSI to monitor our infrastructure and applications. Essentially, its purpose is to map our technical services and business services up to the host level, enabling us to monitor all the key performance indicators associated with them. Additionally, it serves as a primary tool for root cause analysis and event generation.

We needed a better method for monitoring our infrastructure and applications. Both infrastructure monitoring and application monitoring rely on data files. With Splunk ITSI, we are able to visualize the mapping of end-user entities to the business service. This enables us to easily monitor the impact of our technical services on our business, as well as the underlying information, using Splunk ITSI.

We deploy on Splunk Cloud and, in addition, we utilize ITSI on top of Splunk Cloud. We have another setup where we use Splunk on-premise along with ITSI. Therefore, our team has employed both models. However, if we have a high injection rate and operate in a large environment, we leverage Splunk Cloud with ITSI since we are already utilizing it.

End-to-end visibility is achievable with Splunk ITSI. The key requirement is to successfully onboard the data into our robust Splunk ITSI environment, allowing us to gain insight and visibility into all our services within Splunk ITSI.

Splunk ITSI has helped improve our organization by enhancing bandwidth efficiency and serving as a unified resource for monitoring, root cause analysis, and infrastructure monitoring. Instead of relying on multiple monitoring solutions like Elasticsearch, ThousandEyes, SolarWinds, and Netcool for network monitoring, Splunk ITSI enables us to accomplish all these tasks with a single tool. In order to determine if it is deriving its value or not, we cannot state with absolute certainty that we are assessing the value. However, for certain use cases, we can observe the value within a week. But for the majority of complex scenarios, in order to fully utilize the potential of Splunk ITSI, it would take at least a month for us to realize its complete value.

Splunk ITSI has the capability to reduce our alert noise. The maturity of Splunk ITSI depends on the data we have and the level of expertise of the engineer implementing it. Since its implementation, the alert noise has been significantly reduced.

Splunk ITSI has helped us reduce the meantime associated with deep dive services.

Splunk ITSI has helped us reduce the meantime resolve. Instead of searching for multiple resources to identify the exact points, we can now analyze deep dives and services to pinpoint where the issue is occurring before it affects our system. 

The most valuable features are the mapping of the entities, which provides a comprehensive analysis, and the service analyzer for thresholding. 

Splunk ITSI's predictive analytics has room for improvement. Currently, it is limited to predicting only the health score for the next thirty minutes of the business. Consequently, we are unable to predict our health score for a full day or even for seven days. The system's capability is limited to the next thirty days, and we need enhancements to enable us to predict the health score at least seven days in advance. Furthermore, the available algorithms are also quite limited, with only around eight to nine algorithms, including linear regression and classification. We lack a diverse range of machine learning algorithms within Splunk ITSI, which is a contributing factor to the issue. Additionally, the implementation process for Splunk ITSI is quite challenging, as we struggle to find well-trained resources capable of translating our business use cases into technical outcomes effectively using Splunk ITSI. This is a crucial aspect that needs attention. 

Splunk ITSI generates numerous false positives and has the potential for enhancement.

I have been using Splunk ITSI for over four years.

Stability depends on the infrastructure being used in ITSI. If we use their infrastructure, it means the entire server has acquired performance capability, resulting in good stability. However, when it comes to the cloud, stability is not a concern as everything is managed by Splunk. Therefore, the majority of our focus in ITSI is on the implementation part, where we need to translate the application team's requirements into technical use cases. This process requires a significant investment of our time.

We can scale Splunk ITSI based on our requirements with no limitations.

The technical support is good, but not excellent. 

Neutral

We previously used ThousandEyes, SolarWinds, and Netcool before migrating to Splunk and implementing Splunk ITSI.

Our team can enhance the value of Splunk ITSI by providing a single-pane-of-glass solution. This allows them to quickly identify potential performance issues in both their applications and infrastructure and conduct root cause analysis within a short timeframe. Previously, they had to consult multiple sources and correlate information, but now this process has become significantly easier. This is how we derive value from Splunk ITSI. Additionally, the team benefits from a single dashboard that enables them to pinpoint the exact location of performance issues, whether it's in the infrastructure layer, the malware layer, or within the application itself. They are capable of doing this effectively.

Splunk ITSI is an expensive tool, and we need to purchase the utility license. Our sales team handles the license cost, so I'm not aware of the exact amount we need to pay, but it's significantly higher compared to other tool sets.

We evaluated AppDynamics and Dynatrace, but when considering factors such as cost per data localization and other considerations, since we had already invested in Splunk and found it beneficial, we decided to choose Splunk ITSI over AppDynamics and Dynatrace.

I give Splunk ITSI a six out of ten.

In terms of incident management, we can integrate Splunk ITSI with our ITAM or ITSM layer, such as ServiceNow. However, the problem is that we often receive events and scheduled episodes from Splunk ITSI that do not meet our expectations when it comes to implementing filter sorting. As a result, we have to deal with a lot of false positives that need to be addressed before integrating with Splunk ITSM.

There are certain features, such as synthetic monitoring, analysis monitoring, and alert directors, that are not available with Splunk ITSI. Users need to be aware of the features they require before choosing an APM solution.

We have around fifty people using Splunk ITSI.

We require periodic maintenance from our end. Once we create all the key performance indicators, we need to handle additional use cases that need to be developed. If there are any issues, the team intends to onboard new data and add more servers to this particular part. They are mapping it to the KPIs, but we need to take care of it.

When evaluating Splunk ITSI, the first thing we should be clear about is the desired outcome we want to achieve from ITSI. We need to determine whether we are hiring it for specific requests or if the identified use cases by our teams can be effectively implemented using ITSI. We should not overlook this aspect. While ITSI has the potential to work wonders, implementing it can be quite challenging. It requires expertise in configuring services on the ITSI side, as it is data-intensive. Therefore, unless we have a highly skilled Splunk engineer who can handle ITSI, we won't be able to fully realize its value.

We use Splunk ITSI to empower users to visualize their data and transform it into actionable insights. For instance, if they desire to monitor CPU memory usage, they can leverage this tool to achieve that. Additionally, users can effectively search for alerts and trigger email notifications based on specific criteria. Moreover, Splunk ITSI supports the creation of entities that can represent physical or abstract concepts. This flexibility allows users to conduct any desired search on their data and subsequently create informative dashboards for visualization purposes.

We implement Splunk ITSI for our customers because it is the best in the market.

The most significant organizational benefit is leveraging data for various purposes. Based on the data collected, organizations can create visualizations, monitor product performance, and track metrics like CPU and RAM usage to identify potential issues and optimize operations.

Splunk ITSI helps to right-size the resources required to match demands. Splunk also offers on-prem and cloud options. 

The incident management team of Splunk is helpful when we have to escalate an issue.

Splunk ITSI assists our customers in decreasing the number of incidents. They can escalate cases and seek help for any issue, as Splunk can potentially identify the problem as related to an add-on, a different application, or something else entirely. This allows them to contact the appropriate team and work towards a resolution promptly.

It helps customers reduce the mean time to detection by using a real-time search rules engine feature. This enables users to process events in real time, leading to faster detection and response times.

Splunk ITSI assists customers in decreasing the mean time to resolution. A dedicated episode review page allows customers to create and manage groups of related events. Customers have complete control over their episodes and can acknowledge, resolve, build, or take other actions. A specialized dashboard with visualizations facilitates the resolution process, enabling customers to resolve episodes or actively automate this task. Both manual and automated options are available for episode resolution.

The analytics module includes a policy feature that allows users to automate actions, trigger events, add comments, and modify episode status. 

The most valuable features of Splunk ITSI are event analytics and service insight. Event analytics allows me to set up any query on raw data logs and ingest them into Splunk. This data can then be used to trigger events based on specific conditions. For example, I can create a ServiceNow incident, send an email, add comments, or perform custom actions when the system's CPU usage exceeds 90 percent. The Glass Table feature enables users to create dashboards, add services, and visualize data through various queries and tables. 

Splunk ITSI's UI needs to be more interactive and user-friendly.

The real-time search functionality is reliant on Splunk. Occasionally, ITSI customers encounter problems due to real-time search issues. As of the most recent release, a resolution for this issue has not been implemented. Additionally, search clusters are not currently supported in the cloud environment.

I have been using Splunk ITSI for two years.

If the data volume is excessive, we may encounter stability issues. Splunk can handle datasets as large as one or two million, but performance might be affected due to the time required for REST calls. Overall, however, Splunk is a reliable solution.

Splunk ITSI is scalable.

The technical support team is highly responsive and helpful. Customers can contact them directly for assistance with any issues they encounter. The team will diligently work to identify the root cause of the problem and, if necessary, consult with developers for further investigation. Developers will then promptly analyze the issue and provide a workaround or solution as soon as possible.

Positive

Customers are responsible for the infrastructure and deployment of Splunk ITSI on-premises. However, the Splunk TechOps team can assist customers throughout the cloud-based deployment process.

The deployment is straightforward. First, we must install Splunk and extract ITSI in the apps folder. One person can handle the deployment.

I rate Splunk ITSI nine out of ten.

Splunk ITSI is loaded with features and keeps adding more with each release.

The cloud version of Splunk ITSI requires no maintenance, unlike the on-premises version. While maintaining the on-premises version isn't complex, any issues arising from setup or parameter changes become my responsibility. In contrast, TechOps handles cloud maintenance, ensuring complete care.

I would recommend Splunk ITSI to others.

The cloud version of Splunk ITSI is more accessible to work with and to scale.

We have been using Splunk ITSI to detect anomalies in the services and monitor the health and overall performance of IT services.

We have implemented it for a few of our clients where we do monitor the entire IT infrastructure. It could be any server that they are running. It could be a mail server. It could be a web server. It could be any network device that is communicating. We monitor the health of these services and how they are performing. We check for any anomalies or threats associated with them. We create some kind of KPIs or key performance indicators that give insights into the health and services.

We are a Splunk partner. Our company provides solutions not just related to Splunk ITSI but for all the things covered by Splunk. We also provide our consultancy for all of their premium products such as SOAR and Enterprise Security. 

Splunk ITSI has a service-oriented approach to monitor the entire IT infrastructure. From a business perspective, people definitely do not want any downtime. Any downtime leads to a bad reputation for a company. Splunk ITSI is a solution that we can use to monitor every single service running within an organization. With the help of KPIs, we define the service needs. A person implementing ITSI needs to be aware of all of the services running so that they do not miss out on anything. With the predictive analysis of Splunk ITSI, we can monitor everything. If there is any anomaly, an alert gets triggered. The other thing is the integration part. We can integrate it with any of the ticketing platforms such as ServiceNow. As soon as the alerts get triggered, a ticket gets created so that a response can be made to a particular incident.

It is very integrable. It can be integrated with any network component, such as a router, or any of the logs. With the help of Glass Table, it becomes very easy to inspect if any of the services are down. If a person is trying DDoS on any of the IT servers, such as a web server, we will see a lot of packets getting injected. There will definitely be an increase in the number of packets that a server is receiving. With the help of Splunk ITSI, we can block that particular IP, so the actions can be taken at the same time.

With the help of machine learning and predictive analysis, it checks for any anomaly. It monitors the normal behavior of a service, and if there is an anomaly, it can definitely create an alert for the user. This is how Splunk ITSI works.

Splunk ITSI can integrate with various management tools for predictive analysis. It takes the data and tries to predict and see if anything is suspicious. It makes its own decision at that time, and based on the actions that are listed, it takes action on a particular incident.

Using Splunk ITSI in an IT environment is very helpful. It reduces the downtime and the time taken for a resolution. It can take certain actions on its own. We can monitor every service there. Splunk ITSI can be helpful to prevent something from going down and the users having to face any downtime, failures, or issues with the servers. There is a proactive approach where things can be fixed before they turn into a breach.

Nowadays, it has become very easy for attackers to perform any kind of attack on the servers. Every organization wants its servers to be up and running. So, there is definitely a lot of demand to monitor the entire IT infrastructure. Splunk ITSI is good for that. It plays a key role in the current era where organizations face a lot of attacks. It is a ten out of ten when it comes to being useful to fix all such issues.

Splunk ITSI completely integrates with the incident management platforms. For specific alerts or notable events, Splunk ITSI can also take action with the help of playbooks and defined workflows. With integrated incident management, we can take more advanced actions and make decisions for the environment.

Splunk ITSI helps reduce incident volume. It is business-centric and service-oriented. It provides visibility and is great for predictive analytics and incident management. It also reduces downtime and gives a clear picture of services from a business perspective. I do not have the metrics, but it reduced the incidents to a large volume.

Splunk ITSI reduces the mean time to detect through machine learning and predictive analytics. It observes the normal behavior of a service. If there is any anomaly, it triggers an alert based on the KPIs that are defined. If there is any suspicious behavior, Splunk ITSI can identify that.

We can define certain actions through playbooks for an alert. It can be integrated with SOAR. It can take certain actions as soon as an alert gets triggered. In the case of a DDoS attack, if an IP is sending a lot of packets, we want to block that particular IP to our firewalls. We can define this action within our playbooks, and Splunk ITSI will be able to sort that out in a quick manner.

We can integrate it with a SOAR to automate the workflows and take certain actions. Playbooks are useful for that. I do not have the data about time savings, but it saves a lot of time. Without it, a human will have to open the ticket and go through the incident before taking action, whereas Splunk ITSI can take certain actions on its own, saving a lot of time.

Splunk ITSI has saved money from the overall business perspective. No business wants to see downtime or failure of their services. For example, if you can proactively fix an issue and prevent a payment gateway service from going down, it will save you money. Splunk ITSI is very helpful in monitoring services, and certain actions can be taken to prevent them from going down. Any service going down costs a lot of money to a business.

Splunk ITSI can be easily integrated with the incident management platform. You can automate workflows and certain actions can be taken.

I like the KPIs aspect. If we have a number of services running, we can monitor each individual service. This is one thing that I find very useful. There is a feature in Splunk ITSI called Glass Table where we can visualize each service. We can check all the services there, and we can take a look from the high level to the low level. We can look at individual service. Glass Table is one of the features I like the most.

If they can somehow integrate it with AI in the near future, it will definitely be a game changer. Other than that, I do not see any issues with it. Overall, it suits our environment. Its scalability is good. The visualization is also good. The only thing we need to take care of is how we define the services. If the KPIs for a service are wrong, it is going to generate false positives and more alert noise.

It has been approximately three and a half years since I have been using Splunk along with this premium feature or the ITSI app. 

We have not faced any issues so far. It is a very stable tool. It is very helpful in monitoring overall IT infrastructure.

Scalability is definitely one of the key features. Splunk ITSI is very scalable. 

We have not faced any issues so far.

I have not used any solution other than Splunk ITSI. We have partnered with Splunk, and we provide consultancy with Splunk.

Splunk ITSI can be implemented on-premises or on a cloud such as Azure, AWS, or GCP. It is easy to deploy.

I was a part of the team that implemented it completely. I was involved in the initial setup and monitoring of the services. We defined all the KPIs. We completely set it up. 

The process is straightforward, but it depends on if you have a multi-site or single-site setup. For a single site, it is easy, but in the case of a multi-site, when we are doing a cluster setup, it can be challenging. However, it can be done, and it is possible to implement it with the help of the right KPIs.

The duration depends on the size and the number of resources a company holds. It depends on the size of the network they have. Ideally, you would want to integrate all of the services so that you have complete visibility and you can visualize it from an attacker's perspective.

In terms of implementation strategy, we need to be sure about the services that need to be monitored so that we do not miss anything. KPIs are important to reduce the noise. 

It is not difficult to maintain, but it does require maintenance. If there is any increase in services, Splunk ITSI needs to be scaled up, and there will be some costs for the licensing part.

We need the help of the security team. If it is going to be integrated with the service desk, we need to involve a system administrator. It depends on the privileges a company has. It varies from company to company.

It depends on how big an organization is. If we have a lot of resources, the licensing needs to be upgraded. If we have a small environment, the licensing cost is definitely going to be less.

To someone who already has an IT alerting and incident management solution but is considering switching to Splunk ITSI, I would say that it is a great move. Splunk gives you in-depth information about the health and performance of a particular service running within an organization. It will be a great move if they can implement Splunk ITSI in the organization.

Alert noise depends on how well you have defined the KPIs for your services. If KPIs are wrongly defined, you are definitely going to get more alert noise or false positives. To reduce that, you need to be very sure what a particular service is about and what could be a perfect KPI for that.

You need to assess the services you need to monitor. You should not miss any of the services. A small service can also be vulnerable. Based on the services, you need to define particular KPIs.

I would rate Splunk ITSI a ten out of ten.