Splunk ITSI (IT Service Intelligence) Reviews

I have used Splunk ITSI to build a lot of glass tables and set up thresholds. We have also used MLTK for machine learning, predictive analytics, and anomaly detection. We use MLTK, which is an external application. We can get notified of issues well before the time to take proactive action.

We use core Splunk and Splunk IT Service Intelligence. It is a multisided cluster environment. Whenever the customer wants glass tables, notable events, or to set up some alert notifications, the product has helped our organization. We can set up our own threshold activities. We can also add ad-hoc searches in the solution. We can get the data of the indexes and alerts tracking by writing a search query.

The glass tables are very helpful. The solution also provides topologies showing exceptions or criticalities whenever something goes down. It is very helpful for customers. The notable events, glass tables, and setting up thresholds are the most valuable features of the solution.

Every customer has a different need and their own customized threshold settings. Some customers need 99% as critical, and some need 80%. We can set the customized thresholds in the product and get the alerts.

If the product had some prebuilt machine learning features, it would add value to our use cases. It would be very good if the product had some in-built predictive analytics and future forecasting features.

I have been using Splunk for almost four years.

The support depends on the licensing we use. There are different licenses available based on the volume and vCPUs. We use the license based on vCPU. It depends on how many virtual CPUs we use. It would be good if Splunk could give on-demand support.

Whenever we raise a support case, the support team follows the SLA and gives us a response. Sometimes, companies will also have on-demand support based on the support credits. Companies generally expect support persons and engineers to join the Zoom sessions when P1 and P2 issues arise. The support team takes a long time to join the meetings at such times. If we can have an engineer join the Zoom sessions right away, it would be helpful for the customers. The support team needs to respond quickly to P2 issues.

We had a P3-level case with a severity level of S2. It was a corrupt bucket issue. The case was in open status for six months. Generally, we don't need six months to fix a corrupt bucket issue. If the support case had been escalated to a higher-level engineer with advanced knowledge in debugging the issues, it would have been easier and would have taken less time.

Neutral

We have been using Enterprise Security. It is for intrusion detection and threat intelligence. It helps our enterprise security team to find vulnerabilities and take proactive actions. We started using Splunk IT Service Intelligence because it gives us some good topology if we build glass tables based on our data. The product provides us with service intelligence.

The deployment process is straightforward. It is the same as core Splunk. The solution uses summary indexing, itsi_tracked_alerts, and itsi_summary_metrics indexes. We must ensure these indexes are available and have a good retention policy.

Our customers have seen improvements in resilience and cost.

It would have been good if the product cost was much lower.

We chose Splunk over other vendors because it is much more reliable. We have done a POC to test how well the tool can help the customers and provide good value to their business. We have used other products like Elasticsearch and Cribl. However, we feel that Splunk is better. Log monitoring is very important to customers. Other log monitoring tools are not user-friendly and flexible. It is also not easy to write search queries on them. However, it is easy to write search queries on Splunk. It also has bucket lifecycles. It is easier to have a centralized repository to maintain and use the data.

Our clients monitor multiple cloud environments. We get data from different third-party clouds like Google Cloud, Microsoft Azure, or AWS. Sometimes, we also use Snowflake. Customers mostly try to build out their own dashboards and knowledge objects. They use Splunk IT Service Intelligence to be notified about any exceptions or critical issues. 

We cannot integrate the product directly with the cloud applications. First, we have to integrate our core Splunk with different clouds. We must first integrate add-ons using Splunkbase, a REST API mechanism, or an HTTP Event Collector (HEC) mechanism into core Splunk. Then, we can use the same ad-hoc search in Splunk IT Service Intelligence to get proper glass tables and results. It's easy to monitor multiple cloud environments using the solution, but we could directly integrate with it if it had the right integration features.

It is important for our organization that the solution has end-to-end visibility into our cloud-native environment. In today's world, most data goes into the cloud. Every organization wants to move the data to the cloud so that it would be more reliable and they can get the data easily. It's less cost-effective as well. So, most organizations are going to the cloud. It's really beneficial and important to the customers because they can easily get the data from the cloud and perform cost optimizations. Managing cloud-native environments with the solution is cost-effective.

The product has definitely helped reduce our mean time to resolve by 70%. If it has built-in machine learning or artificial intelligence techniques, it will be helpful to reduce the remaining 30%.

The tool has helped improve our customer's business resilience. Different SIEM applications and tools are available for enterprise security in today's world. Splunk's next version will have enhanced SOAR features. It will be useful if the product has additional features to help customers and organizations.

We used the MLTK app from Splunkbase and deployed it in Splunk IT Service Intelligence. It helped us to do predictive analysis, forecasting, and anomaly detection. It helped us gain some insights. I rate the tool's ability to provide business resilience a seven out of ten.

If we have a Splunk add-on for Unix and Windows, we can use those add-ons in our core Splunk to get the base monitoring, like OS metrics. For these things, Splunk has PowerShell scripts. It runs every five minutes. So, it is not in real-time. Every organization would need real-time monitoring. The product should provide these features in real time. For OS metrics, we use custom thresholds.

Our customers see time to value within seven days. We implement Splunk with minimal architecture, like two deployment servers, two heavy forwarders, four indexes, and three searchers. We initially had the search factor as two and the replication factor as two. We had very little data initially. We tested in our lower environment with the POC and found the data the customers wanted to see in Splunk. It was helpful for the customers. They can find the exceptions, write their own search queries, and build their own knowledge objects.

We get different types of security management tools in the market, like Enterprise Security, SOAR, and Phantom. The product brings a lot of value to the customers. It gives a lot of insights into notable events and predictive analysis. It also has a good dashboard. I expect the solution to provide enhanced features in the upcoming release.

Attending Splunk conferences provides us with an opportunity to interact and get more details on the products from different vendors. More than 1,000 vendors attend the conferences. The more we interact with the vendors, the more insights we get from them. It is also helpful to build relationships with the vendor.

Overall, I rate the tool an eight out of ten.

I just had to monitor the dashboard and infrastructure alerts and escalate them to the appropriate teams.  

I used it for both performance monitoring and incident management. We had an IT infrastructure setup on Splunk ITSI itself. There were dedicated dashboards created by the admins, and we had to monitor these dashboards for the performance of our infrastructure assets, such as the database or infrastructure access. 

We had to monitor these alerts and escalate them to the appropriate teams. For example, if a network alert showed up on the system board, we had to escalate it to the network team, such as, "We are seeing this kind of alert on the ITSI app board; please have a look into it." So, that's the main task on the Splunk ITSI app.

Splunk was initiated for monitoring dashboards and to have our infrastructure integrated into Splunk itself. We have several servers, databases, and multiple services running. We have applications that were dedicated to the service provider. So we had our Splunk IT set up on those servers.

Basically, to keep these applications running smoothly or to have a smooth flow of these applications, we integrated everything on Splunk. And, we need to be resilient and proactive so it doesn't cause any impact to the customers and clients and doesn't go down. We set up our monitoring dashboard on ITSI, which keeps us in touch with how the performance and health checks are going on for these components and applications.

It has a clear understanding of how different environments are related to each other. It has pretty much everything integrated within it. You just need to click a few on the board and whatever details you require are there. So, I find it pretty useful.

For predictive analysis, we have access to pull-out reports on whatever packets are integrated into our system, whatever the packet reinsurance, packet alerts, or whatever has been generated in the system. We pull out these reports based on the previous data and incidents or alerts in the environment. 

Then, after analyzing the previous data, we identify what was causing the incidents or alerts. Based on that, we have taken action to prevent incidents in the environment. So that was a really helpful feature as well because having access to the backend itself helps to identify the previous causes or incidents in the environment.

I liked how it's integrated in such a way that it's really user-friendly. You don't have to do much. Within a few clicks, you get all the data that you need, like what the server is, what the issue is, and how it can be resolved. It was all integrated into the tool itself.

I found it very easy to identify the server or the root cause. So, it helps to resolve the issue on a priority basis or as soon as possible.

The event analytics in Splunk is integrated to help avoid such incidents. Whenever we see such alerts on the board, we have to take immediate action to avoid any incidents in the future.

Sometimes, an incident happens, like the application goes down, and we receive the incident. At the same time, we receive multiple alerts on our dashboard. So, we have to escalate these alerts along with the incident call and incident procedure. We keep the teams involved by saying, "We are seeing this kind of alert on our ITSI dashboard. Please have a look into it or try to get it resolved." It provides the information IT needs about the server, database, and network connectivity. So, it was easy to identify issues when we had such alerts on the board.

Reduced incident volume: ITSI reduced our incident volume by 20 to 25%. It was really quick, and we were able to investigate whatever incidents or alerts happened in the environment. It was really good. It was really quick to identify such issues and previous issues in the environment. So, it has reduced the MTTR, the mean time to resolve an incident, by 20 to 25%. So it's really helpful.

Alert noise: I didn't see it reduced because whenever we introduce a ticket to ITSI, our system is already integrated into the service. And along with that, we are already migrating from other tools to ITSI itself. So, I'm not quite sure that it reduced it because we are continuously adding servers to ITSI. It increased our count of alerts. But I couldn't comment on that because we are continuously adding our infrastructure to ITSI. So, I haven't identified any reduction.

ITSI reduced our mean time to detect whenever we have seen any meantime to detect alerts in the environment; we get them within a fraction of a second, so we get to see the alerts on the board immediately. It is reduced by 20% to 30% as well.

It continuously refreshes itself within two to three minutes, so it's really reduced our time to detect that part. 

Splunk ITSI helped us automate routine tasks. For example, we have a daily task where we have to pull out the daily report. Based on that, we have to access whatever incidents or alerts happened or occurred during the day. 

We have to pull out the report and get all kinds of data, the details of what we have done and the kind of alerts we have seen in the day. Then this action has been taken or maybe escalated. So it was really helpful to get such data on a daily basis.

From my perspective (since I don't have administrator or developer access to Splunk ITSI), we could have a better user interface. The Splunk ITSI user interface can be improved because whenever we see the dashboard, it's mostly in text format. It doesn't have a graphical view.

It's easy to identify issues or alerts if you have a graphical representation on the dashboard. I have seen several dashboards in Splunk ITSI which have a really good graphical interface, but the integrated dashboards we have do not.

I'm not sure if it is configured in such a way or not. Maybe a developer or administrator can access that, but I feel like Splunk ITSI having a good graphical user interface would really improve the visibility of the dashboard and alerts.

I have been using it for more than a year. 

From my perspective, it's pretty much stable. We haven't experienced anything bad or any technical downtime apart from the scheduled downtime. So, for me,  the stability is really good.

It is scalable, but we didn't get to experience the scalability part because it was developer- and admin-related.

For just one location, we have more than 500 people who can access Splunk ITSI, including the technical and monitoring teams. Considering the different locations as well, it would be in the thousands, but I'm not sure about the exact count.

The customer service and support are quite useful. Whenever we faced an issue on our Splunk ITSI server, or if alerts weren't updating, showing proper data, or generating detailed alerts, we reached out to the Splunk technical teams for support. 

They are really supportive, with quick responses and a solution-oriented mindset. They provide solutions right on time. The DevOps support provided is really good.

It was pretty good. I didn't have any bad experiences.

Positive

We had several tools before introducing Splunk ITSI. We had several other tools to monitor network, Windows, Linux, or other portal alerts. 

While having Splunk ITSI, we integrated everything into that. We have decommissioned all of the other tools, and everything is on the IT side.

I have worked on ThousandEyes and Spectrum. These tools were used to identify network alerts. We had Spectrum alerts used for network device alerts. And for ThousandEyes, we used it for the portal alerts, for each and every infrastructure component or service. We had different tools integrated to have such alerts on the board.

So, to reduce having multiple tools, our management team introduced Splunk ITSI because everything is integrated into it. It was really helpful to have just one tool for all of our components instead of multiple app tools.

For us, it's on-prem, not on the cloud. We were planning to move it to the cloud, but it's currently on-prem.

Splunk ITSI requires maintenance. From time to time, we have downtime to integrate other tools into ITSI.

The integration of ITSI with other tools enhanced our operational capabilities and has been really helpful. To access a few other tools apart from ITSI, we have to do several things to get the data from the tools themselves. And I find that these tools are pretty slow. 

Getting the data or accessing anything on those tools is really time-consuming but ITSI was quick. We don't require special tools or special access to that environment. We have IDs created for our individuals, and we just need to access ITSI. It was pretty quick, and we didn't need to do much hard work to access all the data. It's really quite useful in that aspect.

It was already introduced by the technical teams or maybe the administrator or developer. We just had it served on a plate, so I don't have much exposure to the development part.

It was deployed for multiple locations and departments. The network, database, Windows, and Linux departments also have the same dashboard and infrastructure to integrate their servers and alerts into Splunk ITSI. So, having exposure to multiple departments and on-prem environments is really helpful.

It was an easy tool when we also used other tools, such as ITSI. To access those tools, we had to log into VPNs and other stuff to get access to our dashboard. 

But with Splunk ITSI, I find it really useful. It was quick, it had all the information you needed, and it was customizable. You don't need to do much to access our infrastructure data. 

Within just a few clicks, you can get whatever you need from ITSI. I find it quite useful. I'll compare it to the other tools as well. It provides good insight.

It saves a lot of time. Whenever we have an incident in the environment, we use to do our priority checks on Splunk ITSI. Whenever we see such an incident, we have to investigate the previous data, see if any previous incidents happened in the environment, or maybe check if any alerts were generated in the system related to that issue. So it is quite helpful whenever we see incidents in the environment.

We have several tools along with Splunk ITSI, but I find Splunk ITSI very useful compared to the others. So I would rate it 70%. I'm satisfied with that. We don't have admin or developer access to Splunk ITSI. But whatever we have access to, I'm definitely 70% sure that ITSI is really good to have in the environment.

On the manpower, it has been reduced by one or two candidates because, obviously, we also use several tools as well, so we have a lot of strength there. However, after we integrated everything on the Splunk ITSI, we reduced our manpower, and it's less time-consuming. Each one can double their task for maybe two weeks their actions as quickly as possible as compared to the other two. Manpower, it's really helpful.

I would recommend Splunk ITSI because it gives you access to all the information you need, and it's just a few clicks away. You just need to know how to navigate through the tool. Apart from that, everything can be done on Splunk ITSI. It's just a matter of how much knowledge you have to access the data in Splunk ITSI.  

Splunk ITSI is really helpful because whatever data you need, you're just a few clicks away from it. That's a really helpful thing to have.

I would definitely recommend it to other users because it gives you really good exposure to the environment. Whatever data you need is quickly accessible.

Overall, I would rate it an eight out of ten.

We have a couple of different use cases including incident management, correlation, and mapping out incidents.

Having a structure on how to resolve incidents is the most valuable aspect.

It is pretty important to us that it offers end-to-end visibility. That's how we do the ITSI incident setup. It needs to have an overview.

It has helped improve the business' resilience. Splunk's ability to predict, identify and solve problems in real-time is pretty good. I've been a Splunk customer for almost six years.

The time it takes to pinpoint an issue, from when it's triggered to resolution is where I've seen the most value out of Splunk.

We have seen time to value using ITSI. It took a few months to see this value. 

They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve.

I have been using Splunk ITSI for one year.

The product is pretty stable.

We had a support person who was instrumental in getting it set up.

I would rate support an eight out of ten. It's nice to have the help but we'd also like to be independent and that's taking a bit of time to get onboarded. 

The initial setup is easy. We had someone come in. It took around a month or so and he's still with us helping to implement.

Overall, I rate the solution a seven out of ten. I'm getting up to speed with it. 

It has enabled effective monitoring, allowing for a comprehensive view of the growing complexity within the IT infrastructure.

The enhancement to our organization stems from its ability to consistently run rules, actively identifying significant events. This involves an ongoing process of aggregating and configuring notable events into a coherent resource. Additionally, the container version automates website functionalities, including tasks like email reception, providing a heightened level of control.

It has proven highly effective in real-time monitoring of service assistance and KPIs. There has been a noticeable enhancement in automated event clustering. Additionally, the platform facilitates comprehensive analysis for proactive incident prevention.

The end-to-end visibility provided into our network environment is a potent tool for real-time monitoring. It significantly contributes to the monitoring and analysis of complex multi-cloud IT solutions, playing a pivotal role in ensuring efficiency.

Leveraging predictive analytics to proactively prevent incidents before they manifest empowers operations to establish effective management and automation of information related to business processes.

It aids in minimizing alert noise, proving highly effective in incident management. Furthermore, it facilitates root cause analysis.

The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes. It promptly raises a red flag, signaling an effective early warning system.

The resilience it provides is invaluable. It ensures continuous application of rules, specifically for identifying notable events, and utilizes revision policies to configure hardware solutions into edge servers. This is essential for my operations to seamlessly proceed.

It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs.

I have been using it for one year.

It provides good scalability. Approximately, a hundred users use it effectively.

I would rate the customer service and support eight out of ten.

Positive

The initial setup was straightforward.

The installation involves developing a strategy to comprehend the essential services for proper monitoring. Additionally, it entails determining the specific type of intelligent alerts, clusters, and dashboards needed for effective planning. It was done in-house by one individual.

The implementation of this solution quickly demonstrated its value.
It resulted in a time reduction of six hours through its implementation.

It contributed to a six-hour reduction in the meantime to detect incidents.

It assisted in decreasing the mean time to resolve by four hours.

Choosing IT Service Intelligence (ITSI) over other vendors is a superior option now, as it operates on a data platform capable of efficiently collecting and managing large volumes of machine-generated data. It would greatly support the utilization of proper predictive analytics due to the capability to preemptively prevent incidents ten to twenty minutes in advance. Overall, I would rate it eight out of ten.

We use the solution for event management, observability, application management, application performance management, anomaly detection, problem detection, and creating different rules for the anomalies for different events. It's application performance monitoring. The entire area of service is managed by ITSI, and offers automated detection and everything.

The root cause analysis is very helpful for us. 

There's one feature which is a prediction and detection feature that we have gone through. We are not thoroughly using it. However, for us, I would say that root cause analysis, problem detection, and anomaly detection are the most helpful features.

The end-to-end visibility of IT assigned to our network environment is great. The endpoint visibility is definitely helpful, and that is mainly for the application team. We can take a deep dive into the incident. In the everyday work that we do, we don't really use endpoint visibility since that is not required if we look at normal and general use cases. That said, when it comes to an incident during an outage, end-to-end visibility helps us deep dive or drill down to find out the root cause and how to make the platform better for the future.

The product has helped to streamline our incident management with end-to-end visibility. It helps in streamlining the incidents that are coming in. For example, for the authentication service that we have, users for certain regions are not able to authenticate completely. That likely means there's an issue with that region. That is an incident. In that case, I would look at endpoint visibility from the infrastructure to the end of the service call, including all the scans, tracing, and everything. Looking at it helps provide a resolution.

Our alert noise has been reduced.

Our main time to detect has been reduced as well. Previously, we used to take a lot of time getting to the root cause of what happened. We've been able to resolve this quicker, and our main time to detect has been drastically reduced. 

In addition, we've been able to reduce the time to resolve.

Predictive analytics, in terms of preventing incidents before they occur, still needs time to mature. I am not very, I would say, convinced of the prediction feature's capabilities.

It does not have a release comparison on the server comparison feature. For example, if you have an application, and you introduce a new feature, and you're going to deploy it, then the release comparisons should show automatically or generate a report to show the impact of the feature on the overall application. It should show what you can do to optimize it. 

I've used the solution for around five years.

The stability has been good. 

The solution is highly scalable and flexible. 

I've contacted support multiple times. Their service is average. They are not very quick. 

Neutral

I've used a few different solutions, like Dynatrace and Datadog. I've used Elasticsearch and Moogsoft as well.

Dynatrace is an overall package. I'd choose it over ITSI. Splunk is never a package. It does not provide application performance monitoring. Dynatrace is a full-fledged APM tool that includes infrastructure, APM, synthetic monitoring, and user monitoring alongside AI ops, which are very strong. It's a mature platform.

I was involved in the initial setup. It's a very straightforward process. Deploying the platform takes a couple of hours at a maximum. The configuration is more subjective in terms of how long it takes. For example, how many applications do you have? How many environments? We have three environments in the US, and with approvals, it took us around 20 days.

It's a SaaS solution and does not require maintenance. It's a one-click upgrade if you want to upgrade anything. 

Once you buy a license, Splunk is involved and can help with the deployment. They have three or four free consulting sessions initially. They are very involved in the pilot phase. post-pilot, you have regular support. 

The product is expensive. It's one of the most expensive options, although maybe not as expensive as Datadog.

We might be partners with Splunk. 

It's readily available. You don't have to wait very long to witness the benefits of the solution. 

I'd rate the solution seven out of ten. 

If you are looking for an AI solution alongside APM, use a platform with everything in place. However, if you still want to go for a dedicated AIS platform, make sure it integrates with your existing logging and APM tools. However, my position is that it's better to use one platform for the entire opportunity.

We use Splunk ITSI for better CMDB management and control of all infrastructure devices.

We had many old devices and legacy systems, and architects used to configure them as they saw fit. To streamline and standardize our operations, we had to rely on Splunk. Splunk invented device discovery, which allowed us to learn what devices are on the network, what type they are, and how to classify them. Splunk ITSI has been very helpful to us.

We deployed Splunk ITSI on-premises, and it can also be deployed in the cloud.

Splunk ITSI helps the advisory board's cab team increase efficiency by instilling trust in systems over manual administrators. Splunk ITSI also provides a central source for the documentation of our application dependencies.

Splunk ITSI provides end-to-end visibility into our network environment, which reduces the manual effort required to capture configuration data and helps us identify weaknesses in our network.

Once we have implemented the CMDB to meet our requirements, Splunk ITSI's predictive analytics can identify any devices that will be affected by planned changes and provide us with that information. This will allow us to prioritize incidents based on their criticality and notify stakeholders accordingly.

Splunk ITSI has helped our organization in many ways. It has centralized all resources for administrators and service personnel. Architects can plan better using the environmental details provided by ITSI. The CAB team can provide approvals quickly because the information is easily accessible. Splunk ITSI is reliable, and its AI-driven predictive analytics help identify potential component or device failures.

Splunk ITSI streamlined our incident management by allowing Splunk administrators to easily see all incident details and cascade them down to relevant stakeholders and customers. This enabled us to inform the service desk team so they could better prepare responses to end-user queries. We can also easily identify and address infrastructure challenges affecting specific companies.

It helps reduce our alert noise by a minimum of ten percent and it can go significantly more. We categorize and close alerts directly through ServiceNow after integrating our account. This automated process frees up our admins' time to focus on more important tasks.

Splunk ITSI has reduced our MTTD by over ten percent. We can meet our SLAs with Splunk ITSI 99.8 percent of the time. It has also reduced our MTTR by five to ten percent each quarter. We can resolve almost 90 percent of our tickets.

With Splunk ITSI, we can optimize business processes and systems. ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use. This also enables proactive responses to trends and events, as events are already segregated based on how they have been mapped.

Splunk ITSI consumes a lot of CPU resources. I would like a more lightweight solution in terms of resource consumption.

The price has room for improvement.

I have been using Splunk ITSI for five years.

Splunk ITSI is stable.

Resilience is valuable because it functions perfectly, helping to reduce risk and assist our admins and architects.

Splunk ITSI is scalable.

We previously used our internal CMDB solution, which was not streamlined and depended on a few key architects. We wanted more control and better governance, so we switched to Splunk ITSI.

The difficulty level of the deployment depends on the knowledge of those doing the implementation. A person with moderate knowledge will require some time to do all the configurations.

Our deployment took around four to six weeks to complete.

I have seen ROI from Splunk ITSI of close to 30 percent at both my current and previous organizations. The returns have been presented to leadership.

The cost of the modules is a bit high for non-global companies, making it difficult for them to afford Splunk ITSI.

I would rate Splunk ITSI eight out of ten.

Splunk ITSI is the best application performance monitoring tool because it helps administrators do their jobs better, has more computing power, and allows staff to focus on governance and automation.

Organizations may benefit from considering a point monitoring system instead of Splunk ITSI, depending on their environment.

We achieved time to value with Splunk ITSI within the first four to six weeks of deployment.

Splunk ITSI is deployed across multiple departments in our organization and there are 20 users.

Maintenance is required for updates.

I recommend Splunk ITSI. The solution can discover all types of devices in our environment.

We use the solution to monitor our own internal applications. We monitor analogs and various other DB Connect sources.

The tool has replaced some other products in our organization. It’s coming in very handy.

Alerts and episodes are valuable to me. These features put all notable events together and give us an opportunity to take action.

We can take actions based on NEAPs, like emails and service now tickets. It is pretty basic at the moment. The solution should integrate more features in NEAP.

I have been using the solution for about a year.

The solution is pretty stable.

The product is extremely scalable.

I work with a lot of Splunk’s support people. I like them. They're all good.

Positive

We were using a software called Genius. We use Splunk IT Service Intelligence now, and it's more cost-effective overall.

I have been maintaining the solution. The product is straightforward to maintain. We just need to follow the best practices, and it works. We have a lot of users, so it's difficult controlling what the users do in the environment.

The tool is a centralized place to collect all our data and compute against it. It has the potential for an ROI.

Pricing has some room for improvement.

We evaluated other options, but Splunk seemed to be the best. It is the industry leader, so it was a no-brainer.

We have an on-prem instance. Everything's pretty much on-prem. We work with cloud logs. Monitoring multiple cloud environments using the solution is pretty straightforward and easy. It is extremely important to us that the solution has end-to-end visibility into our cloud-native environment.

The solution has helped reduce our mean time to resolve. The product has helped improve our organization’s business resilience. Its ability to predict, identify, and solve problems in real-time is pretty good as long as the source is good and we use it well.

The tool’s ability to provide business resilience by empowering staff is alright. We have experienced cost efficiencies by switching to Splunk IT Service Intelligence. I know it used to be ingestion, and now it's like a CPU. It's always evolving. I was not involved in the initial setup. The solution still has some room for improvement.

Overall, I rate the product a six or seven out of ten.

We use Splunk ITSI for IT monitoring. It helps us monitor all our servers for things like CPU utilization and other performance metrics. We can integrate complex architectures with the service and connect the core to multiple data sources. Our customers' environments vary. In the last project, they had around eight departments and 75 employees, so I needed a web server for each department.

Before we shifted our customers to Splunk ITSI, they had issues getting insights in some circumstances. Now they have complete visibility from one dashboard. It helps them monitor and develop a proactive response to address the problems before they cause trouble. 

One issue we faced before implementing Splunk was that our customers couldn't predict how long it would take to reach their storage limit. Now we can categorize issues according to severity. 

Splunk ITSI has enabled us to streamline incident management by adopting aggregated policies. Instead of getting rid of incidents, we are placing these into several groups and removing the duplicates to see some insights based on previous incidents. 

We've been able to reduce alert noise using policies. By grouping the policies, we're able to avoid redundant alerts. When we used the other solution, we would sometimes get repeated warnings, but we eliminated that by implementing aggregate policies.

From IPSI, we can see the metrics and drill down. We can build a tool to check the metrics based on severity. Instead of taking every event's logs, we are directly getting the root cause of the issue. From there, we can see that it obviously reduces the rest of the time.

The solution has reduced our mean time to resolve issues. Before implementing it, we typically needed around six to eight hours to close a ticket. When we had an alert, we had to review all the native logs to find the correct server. With ITSI, I can see a score that tells me about potential issues before they arise. I can see if there is a critical problem with a server or application based on the data flows and resolve it. 

I like ITSI's service analyzer. We can integrate and group the service, then create multiple KPIs in the service analyzer we can monitor. We can use multiple connectors to get end-to-end network visibility. Many organizations prefer appliances, and we can completely integrate the appliance with the source to gain complex insights throughout the network.  

We are getting real-time insights from the service and the vendor and doing some projects using security analytics to check the path. We can monitor the behavior of an appliance or the organization and how they are using it. For example, you might see high usage on specific days and low usage on weekends. If we can identify patterns from this, it can help us predict the future.

We're using predictive analytics, and there are three or four algorithms. It would be helpful if this process were more standardized and scalable. 

I have used Splunk ITSI for nearly a year. 

Splunk ITSI is stable. The latest version is more stable than the previous one. 

Splunk ITSI is scalable. We can compare multiple APIs and services, so everything is organized and manageable. We can drill down to the bottom of all the logs on events.

I rate Splunk technical support a nine out of ten. If we work with cloud architecture, we usually need some help from Splunk, so we often need to contact support and ask for changes. We prepare the case, have a conversation with them, and get it done.

Positive

We were using service providers, but we had a log management solution and some other open source tools. We relied on custom builds of open source solutions. 

Splunk ITSI can be deployed in the cloud or on-prem depending on the customer's requirements. For example, if someone is running this in a closed environment, we can go with the on-prem deployment. Otherwise, customers will mostly go for a cloud deployment. We use AWS.

When I started the training, it seemed somewhat complicated, but once you learn a bit, it becomes straightforward. It isn't terribly complex. The deployment strategy depends on the scope of the project, such as whether you have a cluster or a distributed environment. 

You can deploy it with a team of three or four. Someone needs to take care of the prerequisites like clustering and another person might take care of the integration. Another will configure the dashboards. The process takes about five days.

We save substantial time on monitoring tasks because we don't have to search for what we need. Everything is packed, so you can drill down to the end values by just doing the kit. We don't spend a lot of time on this. Splunk ITSI is easy to use and not time-consuming.

The time to value is fast. The implementation takes time, but the customer can see value immediately once everything is configured, permissions are set, and we're ready to move. 

I rate Splunk ITSI a 10 out of 10. We need our website up 24/7, or we'll lose business. Every minute that it's down we lose money. I would recommend this to anyone who runs a business online and needs to monitor their infrastructure.

If you're considering a point monitoring system instead of ITSI, I would say it depends on the information you are using. Generally, Splunk ITSI is the advanced option that gives you multiple features together with service intelligence and analytics. You can make wonderful dashboards. Comparatively, this is enough to monitor the company's infrastructure. 

In ITSI, we can also integrate application and database logs, so the customer might get some research to predict when the database goes down. ITSI can be helpful to manage the customer infrastructure and minimize the impact on their business.