Splunk ITSI (IT Service Intelligence) Reviews

We use ITSI for performance monitoring and incident management. How do you utilize it? I got it. And what problems were you trying to solve by implementing Splunk ITSI? That's good. 10 to 15 people use Splunk at my company.

ITSI helps us to monitor applications and identify performance problems or service degradation. It provides us with intelligence and enables us to act on it. We can reduce our incidents by about 10 percent. It has also reduced our time to resolve by 10 percent. 

I like ITSI's glass tables. They're easy to navigate by clicking through them. The interface isn't that much different from other products I've used. It provides all the information we need in one place. 

I have used Splunk ITSI for seven months.

I rate Splunk ITSI eight out of 10 for stability. There are some minor issues. 

I rate Splunk ITSI seven out of 10. Splunk is quite scalable, but we had some challenges in our environment.  

I rate Splunk support seven out of 10. We had issues with support that took a long time to resolve.

Neutral

We previously used a different solution. I don't recall which one. The license expired, so we switched to Splunk ITSI. 

We have deployed Splunk ITSI on the cloud. The multisite deployment was complex.

I rate Splunk ITSI eight out of 10. 

It monitors every level of infrastructure in our environment, including remote locations across the world.

Splunk ITSI has end-to-end visibility into the cloud-native environment. This is important but not as important because we are primarily on-prem in every aspect of our IT infrastructure. However, for things that we do have in the cloud, it is important that we have visibility there.

Splunk ITSI has helped reduce our mean time to resolve. We can see very quickly when things are down and where they are down. I have taken steps to reduce the time to identify and time to resolve with Splunk ITSI.

The unified platform helps consolidate networking, security, and IT observability tools. It forces certain groups to work together and more closely, as they should. It increases awareness of the current statuses of other environments, which is important.

Instant usability of gathered event metrics is available. We have metrics data from systems, and we can use that to instantly get system status and trends.

There should be entity conflict resolution, specifically regarding duplicate entities. There should be case sensitivity for various keys amongst entities, specifically host names. We need IT metrics-based indexes and more content packs. I know they are coming out with these features.

I have been using Splunk ITSI for two years.

Its stability is great.

It is handling well what it is supposed to handle for some parts of our setup, and with the new version, it is only going to get better.

I have never used their support. Community is the first place I go.

I started with the company two years ago. They had it long before that.

I would rate Splunk ITSI an eight out of ten. It is pretty good, but there are some inflexibilities with the analyzer that can be annoying. 

We use the solution for intelligence. For example, if I have a website that sells games, it might have a lot of things like databases, servers, et cetera. I can see how many users have logged in, what purchases can be made, and so on. Splunk provides the logs to see all of the data for all actions on the site. I can see things on a technical level, like how CPUs are performing.

I can see things in real-time, and it's based on real data. This is the advantage Splunk has. There is complete visibility and I can monitor KPIs as well.

I can look at how my database looks, how my sales look, et cetera, and all metrics are in one place.

There's machine learning as well, including anomaly detection. You can look at and understand the date very easily. It helps us provide a complete understanding of business so that I can understand anomalies better and watch the daily data. It gives me alerts in which I can take a deeper dive.

I have a ticketing system. If I have a Splunk power user, they can look at the data and create a ticket for future inspection. People can correlate and collaborate on the same ticket.

Basically, everything you need you can find on Splunk. You can also create custom actions. 

We can do actions right on the Splunk UI. 

The compatibility is good.

The end-to-end visibility is okay. The only thing that is lacking is the application monitoring. We struggled with one use case where payments were failing and they couldn't understand if it was the infrastructure or bandwidth. The capability of recording any transaction is not possible in Splunk. You have to write your own scripts, however, it's not as user-friendly.

The predictive analytics are pretty good. I've seen people using it. That said, I'd say the admin needs a deep understanding of the infrastructure. It has a tendency to create noise. If you have a noisy system, when there's an alert, people tend to miss issues. 

Customers have noted the solution helps streamline incident management. At a single glance, there is a complete view of infrastructure. It's good for the customer on the technical side. Teams were able to map the availability of the system more accurately - up by 28%.

It's helped reduce alert noise. It can aggregate the alerts and just create an alert only when needed. From the UI, you can correlate the alerts using dynamic conditions (not just static ones).

We've been able to reduce the mean time to detect. It has a similar meantime to detect as Dynatrace. We've used it when there wasn't an existing system, and we would have had similar results with other tools in the market. It's helped with MTTR for sure. Previous to implementing Splunk, the mean time was one hour or so. Once we implemented it, the alert notification was automatically sent to people, so it automatically reduced the time to two to five minutes. 

The mean time to resolve has been reduced thanks to Splunk. 

If you are using Splunk ITS and Splunk Enterprise Security, you have to run different searches. You cannot run both on the same server. You can bifurcate it however you want, however.

The license cost is expensive. When I want a premium application it's extra. I need to pay for this on top of my base license. 

We'd like to see more use of artificial intelligence. There's no easy knowledge-base bot. It would help if they had a ChatGPT-like AI that could show them the knowledge base information they could use to address tickets.

I've used Splunk as a product for about five years. 

The solution is stable. 

The solution can scale. I'd rate it seven out of ten. There are some requirements on the backend in terms of scaling. If you want extra storage, it will cost more money. If you are adding a new server you will have to go and configure it and then you have to restart everything, so there may be downtime. 

I've contacted technical support. They were good in terms of experience. The cloud support is excellent. 

Positive

I did not previously use a different solution. 

You can install the solution on-premises or on the cloud. If you want to send the data to your own on-premises environment, you can do so.

I was involved in the initial deployment. The setup was very straightforward, however, the requirements gathering can be complex, as well as gathering the KPIs and developing an understanding of requirements. You need someone who has a complete understanding and a holistic view of the environment. 

How many people you need for the deployment depends on how big the infrastructure is, what you want to monitor, and the timeline you have.

The on-premises deployment requires maintenance as you have to monitor the server. The cloud requires less maintenance. 

We tend to implement the solution for our customers. 

The solution can be costly. You have to have a fixed license. It's very difficult for people to know beforehand how much they will be charged. 

We're Splunk partners. 

For someone who already has an APM solution and is considering switching to ITSI, I'd advise them to look at the licensing and their budget and to consider where their APM is currently lacking. If you aren't getting the alerts you need or you can't see how your infrastructure looks, it might make sense to switch. They need to be aware, however, there will be an extra cost.

Secondly, if you can't see the logs in your application and can't fetch the logs, for example, if you are on Dynatrace, and Dynatrace does not provide your login analysis, you can just go and write a query. However, it depends on what your end customer needs as well. If they need good dashboards and they need flexible dashboarding, to which you can add images, and customize the way you want, you may need something more robust, like Splunk. We were able to pull it off using Splunk ITSI as it gives you very easy-to-customize dashboards. 

To someone who's considering a point monitoring system instead of ITSI, I'll say that, depending on your infrastructure, it might be a good idea. If you have less data, and you can manage with the manual alerts, you're fine. However, if you're wasting a lot of time with the alerts and get a lot of alert noise, that means you can be missing major alerts. For major infrastructure, it's a good idea to have ITSI.

You need a minimum of 14 days before seeing time to value. 14 days is required in order to be able to use the complete solution. That allows the system to get good at anomaly detection. 

I'd rate the solution eight out of ten.

I use the solution in my company for event management and areas consisting of episodes.

Splunk ITSI (IT Service Intelligence) has helped our organization correlate events into episodes.

The most valuable feature of the solution is event analytics, and it is because that was our core function when we moved from NOC to IBM Netcool Network Management and then from IBM Netcool Network Management to Splunk ITSI (IT Service Intelligence).

The main benefit I have experienced from using Splunk ITSI is that it has been helpful to have one consolidated tool.

My organization monitors multiple cloud environments using the product. In terms of the ease or difficulty one may have when trying to monitor multiple cloud environments, it is tricky. You have to learn and test things out.

It is important for our organization that Splunk ITSI (IT Service Intelligence) provides visibility into our cloud-native environment, but I would say that it is done in the dev and production environments.

Splunk ITSI (IT Service Intelligence) has helped us with the organization's business resilience. My impression of Splunk's ability to predict, identify, and solve problems in real-time, is that with the new AI feature set coming in, users can apply that logic to the episodes.

I have experienced cost efficiencies by switching to Splunk ITSI (IT Service Intelligence). The doc suggests that too has one pane of glass to go into the system and do automation straight from one page because they get hit with thousands of alerts and alarms every day, and we try to correlate that to a simplistic event.

I have experienced time to value using Splunk ITSI (IT Service Intelligence) over a couple of months.

Splunk's unified platform helps consolidate networking and IT observability tools but not security because our company is not in that space. The consolidation of tools impacts our organization since I feel it is easier to have fewer tools than more.

The dashboard function inside the individual episodes, not at the ITSI Notable Event Aggregation Policy level but actually at the correlation search layer, is an area where improvements are required.

In the next release of the tool, the product should offer a dashboard ID in the correlation search.

I have been using Splunk ITSI (IT Service Intelligence) for five years.

In the early days, the Java-based engine was kinda buggy, and some of the interfaces for Splunk ITSI (IT Service Intelligence) and event analytics needed to feel new and not outdated. It still kinda feels outdated, and I feel like Splunk hasn't really put a lot of thought into such a specific area in the last few years.

The solution's scalability is fine.

The solution's technical support team is okay. For most of the stuff I escalate, I have to always wait for a response from tier-two or tier-three level support.

I am used to solving stuff myself and providing a lot of debugging as to what tier-one or tier-two level support would do, and by the time I get to the aforementioned spot, I see that I have to wait and explain a lot of cycles because I am doing the same research as level one or level two support. I rate the technical support a five out of ten.

Neutral

I have experience with Tivoli Netcool, which is a legacy event system from IBM that has the same or similar approach as Splunk ITSI (IT Service Intelligence). I saw that Splunk ITSI (IT Service Intelligence) provides the same features as Tivoli Netcool.

When it came to the deployment part, Splunk's professional services did not know much of what our company needed, considering the level that we were expecting from the product. I come from a telco background where the company used to deal with 1,00,000 alarms a day, and event analytics wasn't something that was really built for it in the beginning when I first deployed it. There were a lot of learning curves that I had to go through to deal with the tool. As I continued to grow with the product, I started pitching probably around 20 ideas at a time to the team, and a lot of my ideas actually made it to Splunk's GA launches. I worked with Isha, Ross Wilkinson, and another person who was right in the middle between them. Though I had spoken to the senior VP of a particular sector and pitched the idea of using Fandom for IT automation, it eventually died out.

The solution is deployed on an on-premises model. I use the cloud services from AWS.

Splunk directly helped with the product's deployment.

I have experienced an ROI using the tool, considering the efficiency it offers so that we do not have to take care of certain functions.

Pricing was pretty good, and it is possible to just add on the features we want.

I considered Resolve systems for automation and a tool named Moogsoft. Moogsoft has a lot better visual capabilities and looks better than Splunk ITSI (IT Service Intelligence) when it comes to event analytics. I am hoping that with a better dashboard, Splunk ITSI (IT Service Intelligence) can build a better UI layer.

I feel like there is a lot more that can be done in the tool, but I don't know if it is going to be a dying product or if Splunk Observability will try to take over some of the core functions of Splunk ITSI (IT Service Intelligence).

I rate the solution a seven out of ten.

We use Splunk ITSI to collect the infrastructure metrics and visualize them.

Splunk ITSI provides end-to-end visibility into your IT environment. It displays key performance indicators for various services. If a KPI is red, indicating an issue, clicking on the corresponding service will take you to the server for further investigation. Splunk ITSI can also automatically trigger incidents for critical issues, allowing your support team to resolve them quickly.

It has significantly improved our incident management process. Previously, we relied solely on a service indicator that simply displayed the service status. If the indicator turned red, we would then manually create an incident report. Now, we've implemented static thresholds that automatically trigger incidents to be added to our queue. This is a major advantage.

Splunk ITSI has reduced our alert noise by 30 percent.

Since implementing Splunk ITSI, we've significantly reduced our mean time to detection. Previously, we relied on receiving incident reports, which caused delays.

Splunk ITSI has reduced our mean time to resolve.

We collect infrastructure metrics from various servers, including Windows Services. One particularly useful feature of Splunk ITSI is the ability to create custom services. This functionality makes it easy to identify specific functions that are malfunctioning or experiencing problems. With this information, we can quickly troubleshoot and fix the issues.

In Splunk ITSI, thresholds automatically trigger incidents when a service value falls below the threshold. This prevents us from automatically triggering alerts for situations where the service value is within the acceptable range. We've identified this as an issue with the ITSI product and are working with Splunk for guidance on how to implement the desired behavior.

While the overall Splunk documentation is detailed, the documentation for specific premium apps, like Splunk ITSI, is more brief.

The technical support has room for improvement.

I have been using Splunk ITSI for one year.

I would rate the stability of Splunk ITSI nine out of ten.

Splunk ITSI is a scalable solution, meaning it can handle increasing amounts of data and users as our needs grow.

We experience occasional delays in receiving solutions from Splunk technical support. Splunk's support for P3 cases seems inadequate, as they frequently switch support personnel. For instance, in a single P3 case, we had three different technical support representatives assigned. We were ultimately forced to escalate the issue to our account manager to get it resolved. In essence, we never receive complete support from a single point of contact; instead, the support team keeps changing, necessitating us to explain the problem from scratch each time.

Neutral

The initial deployment is a straightforward process. However, the time it takes can vary depending on whether we're installing for the first time or performing an upgrade. For a first-time installation, Splunk ITSI typically takes around 30 minutes. Upgrading an existing installation requires additional time to clean up previous configurations; this process usually takes about 40 minutes to complete.

Two people were involved in the deployment.

We are using Splunk Enterprise software. We contacted Splunk to demo ITSI, and we were impressed with its functionality and the included options. Therefore, we decided to try ITSI exclusively and did not evaluate any other vendors.

I would rate Splunk ITSI eight out of ten.

We're currently working on implementing adaptive thresholds. This functionality would analyze service trends over the past seven days automatically set thresholds and generate incidents based on that data. Successfully implementing this would be a significant achievement, but we're encountering some technical challenges. We've opened a support case with Splunk to address these issues, and we're hopeful for a resolution within the next few weeks.

We have around 150 people using Splunk ITSI.

Two people are responsible for the maintenance of Splunk ITSI in our organization.

I would rate the resilience of Splunk ITSI nine out of ten.

In my experience starting my career with Splunk, I haven't encountered any marketing tools that can quite compare. Splunk offers a comprehensive set of features and well-organized documentation. The detailed and clear documentation that Splunk provides is something I particularly appreciate.

I recommend Splunk ITSI.

Splunk ITSI is used to analyze data and create alerts. This helps us to maintain our security best practices.

Our organization was looking for a security monitoring tool. I use Splunk ITSI as a monitoring and security tool. It helps me to protect data and prevent malware and hackers from accessing my environment. Splunk ITSI can be used to protect our role and infrastructure. It can also provide insights into how and what is helpful within our infrastructure.

Splunk ITSI provides great end-to-end visibility into our network environment. It can identify the exact root cause of an issue without any additional troubleshooting on my part.

Predictive analytics is valuable for preventing incidents before they occur because it allows me to see when the data stopped being indexed, which saves me time from having to investigate.

Splunk ITSI makes it easier to secure our entire infrastructure. Before Splunk ITSI, our environment was chaotic.

Splunk ITSI streamlines our incident management by providing a financial report of all applications in our environment.

Splunk ITSI has helped us reduce alert noise. After configuring ITSI, we set certain parameters based on our alerts. These alerts are the conditions that ITSI uses to automatically reduce noise.

Splunk ITSI helps to reduce our mean time to detect by monitoring key performance indicators such as CPU overload and the percentage of use revenue trend. On average the automation has reduced our mean time to detect by five minutes.

Splunk ITSI significantly reduces our mean time to resolve because most of our time was previously spent troubleshooting. With ITSI, we don't have to troubleshoot at all.

Splunk ITSI can help reduce downtime, but the extent of its effectiveness depends on how it is implemented.

Splunk ITSI has a lot of advantages. There are a lot of different aspects when implementing Splunk ITSI in our environment.

Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered. This automation can pass through the CI/CD pipeline tool, which helps to increase security.

The data recovery has room for improvement.

I have been using Splunk ITSI for three years now.

Splunk ITSI can be deployed on-premises or in the cloud. However, we typically deploy it in the cloud because of the available services. These services do require a lot of permissions.

Splunk ITSI is stable.

Splunk ITSI is scalable.

The quality of support depends on the individual use case and how we configure the solution.

Positive

Splunk ITSI can be installed remotely or manually. The deployment time depends on the operating system being used to deploy the solution into the cloud. Once ITSI is deployed, I can perform a ROM test through the CI/CD pipeline.

Splunk ITSI's visibility into our environment provides good value to our organization.

Splunk ITSI is a pay-per-use service that is priced fairly based on the amount of data we use.

I give Splunk ITSI an eight out of ten.

Splunk ITSI is a cheaper and easier-to-use alternative to APM solutions. Unlike APM solutions, Splunk ITSI also helps with application management, memory management, host log volume, and CPU usage.

Our clients vary in size, with some using small amounts of data and others using terabytes of data within Splunk ITSI.

Splunk ITSI maintenance involves updating the software and ensuring that it is compatible with the applications that it will integrate with.

Splunk ITSI is our platform for data ingestion from various sources. We leverage it to manage Kubernetes configurations, licenses, reports, dashboards, and user permissions. Additionally, we utilize ITSI for field extraction and data model retrieval.

We successfully integrated Splunk ITSI with ServiceNow. The integration process was straightforward. We downloaded the Splunk Integration application from the ServiceNow app store and configured the ServiceNow account using the provided URL, username, password, and authentication method.

Splunk ITSI offers end-to-end visibility through a centralized admin console. This console allows us to monitor all aspects of our system, including indexing performance, daily resource usage, CPU utilization, and insights.

Splunk ITSI has helped our organization save time. We saw the benefits within the first three minutes of use.

We saw time to value within minutes of using Splunk ITSI.

The KPS used to automate the integration policy is the most valuable feature of Splunk ITSI.

After upgrading Splunk ITSI from version 4.11 to 4.13, the analyzer stopped finding values for KPS and services. We had to manually deploy a script to resolve this issue.

I have been using Splunk ITSI for three years.

Splunk ITSI is stable.

Splunk ITSI is a resilient solution able to recover quickly.

Splunk ITSI is scalable.

The technical support team is great. They've helped troubleshoot our issues. Once we raise a ticket, we can continue the process using a DLL file.

Positive

The initial deployment is straightforward. The setup is automated.

Five people were required for the deployment.

The implementation was completed in-house.

The licensing is based on data usage.

I would rate Splunk ITSI eight out of ten.

I recommend Splunk ITSI over other APMs because we can monitor everything from a single console.

Splunk ITSI is deployed across multiple locations.

No maintenance is required for Splunk ITSI.

We have some business-oriented monitoring. The technical components are aggregated to business services up to a certain level. We could do a lot more, but this is what we are doing currently.

Splunk ITSI has improved our mean time to resolution. We can essentially notice things before somebody calls. We have better customer satisfaction. It is hard to say how much time it has saved, but if we do not use it, it will take quite a while until we notice something is down or until we find out what exactly is the issue.

We monitor multiple cloud environments with it. It is no more difficult than anything else.

Splunk ITSI has end-to-end visibility into our cloud-native environment. We also have SignalFx. We are an early adopter of SignalFx in Switzerland. It is integrated, and we have been beta-testing the integration. It is quite easy and workable. It is quite nice.

It provides business resilience by empowering staff. That is the core feature. You can tailor the solution and give the exact information in a certain context. This correlation and this presentation help the business, the users, or the person responsible for the application or the stack. That is the interesting part.

Splunk Episodes are valuable because it correlates and aggregates all the information, and you do not have one million events to look at and triage, so it is quite convenient.

The solution is okay. I am not sure whether the current release has already moved to the new framework where instead of the glass tables, we can directly use the Dashboard Studio. It would be nice to have that integrated into the same framework.

We have been using Splunk ITSI for more than four years.

Its stability is excellent.

Its scalability is excellent.

They used different tools for different parts. For the service aggregation part, they used Netuitive. They still use Dynatrace for some of the things, but they have mostly moved to SignalFx. Dashboarding was one area for which they never had anything.

The guys with the container-based workload absolutely demanded SignalFx. That had the repercussions of finally moving to Splunk ITSI.

I was not involved in its deployment.

I am not sure about the ROI of Splunk ITSI, but we have definitely got an ROI from Splunk. We have been using Splunk since version 3 and doing lots of things. We have hundreds of use cases. If you ask anybody in the business, they would say that it is essential and critical.

Splunk has improved our business resilience in combination with Splunk Enterprise. It is widely adopted by our developers, and we also have a fairly large number of dashboards where core services, such as managed file transfer, are transparent for the users that own a system that is connected as a sending or receiving device so that they can self-service and check if everything is working. There is also alerting on that. So, there are multitudes of use cases. It is more of a framework; it is more of a platform. There is wide adoption of it. 100% of the users in the company have access to it. Not everybody uses it, but everybody has access to it.

It is interesting. I am not involved that much lately, but if I recall correctly, you license primarily on the volume of data that you are using in Splunk ITSI, but there is no way Splunk can ever check if that is true, so that is interesting. We are not doing it, but someone can pretend to just use 10%, and it would be super cheap. It is tricky, but it is more tricky for Splunk than for us.

There were quite a few solutions that we looked at. We were beta testing Splunk ITSI, but unfortunately, the adoption was not possible back then. They had a few market-leading products in the procurement. Due to SignalFx, we finally chose Splunk ITSI.

I would rate Splunk ITSI an eight out of ten.