Splunk ITSI (IT Service Intelligence) Reviews

We have been using Splunk ITSI to detect anomalies in the services and monitor the health and overall performance of IT services.

We have implemented it for a few of our clients where we do monitor the entire IT infrastructure. It could be any server that they are running. It could be a mail server. It could be a web server. It could be any network device that is communicating. We monitor the health of these services and how they are performing. We check for any anomalies or threats associated with them. We create some kind of KPIs or key performance indicators that give insights into the health and services.

We are a Splunk partner. Our company provides solutions not just related to Splunk ITSI but for all the things covered by Splunk. We also provide our consultancy for all of their premium products such as SOAR and Enterprise Security. 

Splunk ITSI has a service-oriented approach to monitor the entire IT infrastructure. From a business perspective, people definitely do not want any downtime. Any downtime leads to a bad reputation for a company. Splunk ITSI is a solution that we can use to monitor every single service running within an organization. With the help of KPIs, we define the service needs. A person implementing ITSI needs to be aware of all of the services running so that they do not miss out on anything. With the predictive analysis of Splunk ITSI, we can monitor everything. If there is any anomaly, an alert gets triggered. The other thing is the integration part. We can integrate it with any of the ticketing platforms such as ServiceNow. As soon as the alerts get triggered, a ticket gets created so that a response can be made to a particular incident.

It is very integrable. It can be integrated with any network component, such as a router, or any of the logs. With the help of Glass Table, it becomes very easy to inspect if any of the services are down. If a person is trying DDoS on any of the IT servers, such as a web server, we will see a lot of packets getting injected. There will definitely be an increase in the number of packets that a server is receiving. With the help of Splunk ITSI, we can block that particular IP, so the actions can be taken at the same time.

With the help of machine learning and predictive analysis, it checks for any anomaly. It monitors the normal behavior of a service, and if there is an anomaly, it can definitely create an alert for the user. This is how Splunk ITSI works.

Splunk ITSI can integrate with various management tools for predictive analysis. It takes the data and tries to predict and see if anything is suspicious. It makes its own decision at that time, and based on the actions that are listed, it takes action on a particular incident.

Using Splunk ITSI in an IT environment is very helpful. It reduces the downtime and the time taken for a resolution. It can take certain actions on its own. We can monitor every service there. Splunk ITSI can be helpful to prevent something from going down and the users having to face any downtime, failures, or issues with the servers. There is a proactive approach where things can be fixed before they turn into a breach.

Nowadays, it has become very easy for attackers to perform any kind of attack on the servers. Every organization wants its servers to be up and running. So, there is definitely a lot of demand to monitor the entire IT infrastructure. Splunk ITSI is good for that. It plays a key role in the current era where organizations face a lot of attacks. It is a ten out of ten when it comes to being useful to fix all such issues.

Splunk ITSI completely integrates with the incident management platforms. For specific alerts or notable events, Splunk ITSI can also take action with the help of playbooks and defined workflows. With integrated incident management, we can take more advanced actions and make decisions for the environment.

Splunk ITSI helps reduce incident volume. It is business-centric and service-oriented. It provides visibility and is great for predictive analytics and incident management. It also reduces downtime and gives a clear picture of services from a business perspective. I do not have the metrics, but it reduced the incidents to a large volume.

Splunk ITSI reduces the mean time to detect through machine learning and predictive analytics. It observes the normal behavior of a service. If there is any anomaly, it triggers an alert based on the KPIs that are defined. If there is any suspicious behavior, Splunk ITSI can identify that.

We can define certain actions through playbooks for an alert. It can be integrated with SOAR. It can take certain actions as soon as an alert gets triggered. In the case of a DDoS attack, if an IP is sending a lot of packets, we want to block that particular IP to our firewalls. We can define this action within our playbooks, and Splunk ITSI will be able to sort that out in a quick manner.

We can integrate it with a SOAR to automate the workflows and take certain actions. Playbooks are useful for that. I do not have the data about time savings, but it saves a lot of time. Without it, a human will have to open the ticket and go through the incident before taking action, whereas Splunk ITSI can take certain actions on its own, saving a lot of time.

Splunk ITSI has saved money from the overall business perspective. No business wants to see downtime or failure of their services. For example, if you can proactively fix an issue and prevent a payment gateway service from going down, it will save you money. Splunk ITSI is very helpful in monitoring services, and certain actions can be taken to prevent them from going down. Any service going down costs a lot of money to a business.

Splunk ITSI can be easily integrated with the incident management platform. You can automate workflows and certain actions can be taken.

I like the KPIs aspect. If we have a number of services running, we can monitor each individual service. This is one thing that I find very useful. There is a feature in Splunk ITSI called Glass Table where we can visualize each service. We can check all the services there, and we can take a look from the high level to the low level. We can look at individual service. Glass Table is one of the features I like the most.

If they can somehow integrate it with AI in the near future, it will definitely be a game changer. Other than that, I do not see any issues with it. Overall, it suits our environment. Its scalability is good. The visualization is also good. The only thing we need to take care of is how we define the services. If the KPIs for a service are wrong, it is going to generate false positives and more alert noise.

It has been approximately three and a half years since I have been using Splunk along with this premium feature or the ITSI app. 

We have not faced any issues so far. It is a very stable tool. It is very helpful in monitoring overall IT infrastructure.

Scalability is definitely one of the key features. Splunk ITSI is very scalable. 

We have not faced any issues so far.

I have not used any solution other than Splunk ITSI. We have partnered with Splunk, and we provide consultancy with Splunk.

Splunk ITSI can be implemented on-premises or on a cloud such as Azure, AWS, or GCP. It is easy to deploy.

I was a part of the team that implemented it completely. I was involved in the initial setup and monitoring of the services. We defined all the KPIs. We completely set it up. 

The process is straightforward, but it depends on if you have a multi-site or single-site setup. For a single site, it is easy, but in the case of a multi-site, when we are doing a cluster setup, it can be challenging. However, it can be done, and it is possible to implement it with the help of the right KPIs.

The duration depends on the size and the number of resources a company holds. It depends on the size of the network they have. Ideally, you would want to integrate all of the services so that you have complete visibility and you can visualize it from an attacker's perspective.

In terms of implementation strategy, we need to be sure about the services that need to be monitored so that we do not miss anything. KPIs are important to reduce the noise. 

It is not difficult to maintain, but it does require maintenance. If there is any increase in services, Splunk ITSI needs to be scaled up, and there will be some costs for the licensing part.

We need the help of the security team. If it is going to be integrated with the service desk, we need to involve a system administrator. It depends on the privileges a company has. It varies from company to company.

It depends on how big an organization is. If we have a lot of resources, the licensing needs to be upgraded. If we have a small environment, the licensing cost is definitely going to be less.

To someone who already has an IT alerting and incident management solution but is considering switching to Splunk ITSI, I would say that it is a great move. Splunk gives you in-depth information about the health and performance of a particular service running within an organization. It will be a great move if they can implement Splunk ITSI in the organization.

Alert noise depends on how well you have defined the KPIs for your services. If KPIs are wrongly defined, you are definitely going to get more alert noise or false positives. To reduce that, you need to be very sure what a particular service is about and what could be a perfect KPI for that.

You need to assess the services you need to monitor. You should not miss any of the services. A small service can also be vulnerable. Based on the services, you need to define particular KPIs.

I would rate Splunk ITSI a ten out of ten.

We use ITSI for performance monitoring and incident management. How do you utilize it? I got it. And what problems were you trying to solve by implementing Splunk ITSI? That's good. 10 to 15 people use Splunk at my company.

ITSI helps us to monitor applications and identify performance problems or service degradation. It provides us with intelligence and enables us to act on it. We can reduce our incidents by about 10 percent. It has also reduced our time to resolve by 10 percent. 

I like ITSI's glass tables. They're easy to navigate by clicking through them. The interface isn't that much different from other products I've used. It provides all the information we need in one place. 

I have used Splunk ITSI for seven months.

I rate Splunk ITSI eight out of 10 for stability. There are some minor issues. 

I rate Splunk ITSI seven out of 10. Splunk is quite scalable, but we had some challenges in our environment.  

I rate Splunk support seven out of 10. We had issues with support that took a long time to resolve.

Neutral

We previously used a different solution. I don't recall which one. The license expired, so we switched to Splunk ITSI. 

We have deployed Splunk ITSI on the cloud. The multisite deployment was complex.

I rate Splunk ITSI eight out of 10. 

It monitors every level of infrastructure in our environment, including remote locations across the world.

Splunk ITSI has end-to-end visibility into the cloud-native environment. This is important but not as important because we are primarily on-prem in every aspect of our IT infrastructure. However, for things that we do have in the cloud, it is important that we have visibility there.

Splunk ITSI has helped reduce our mean time to resolve. We can see very quickly when things are down and where they are down. I have taken steps to reduce the time to identify and time to resolve with Splunk ITSI.

The unified platform helps consolidate networking, security, and IT observability tools. It forces certain groups to work together and more closely, as they should. It increases awareness of the current statuses of other environments, which is important.

Instant usability of gathered event metrics is available. We have metrics data from systems, and we can use that to instantly get system status and trends.

There should be entity conflict resolution, specifically regarding duplicate entities. There should be case sensitivity for various keys amongst entities, specifically host names. We need IT metrics-based indexes and more content packs. I know they are coming out with these features.

I have been using Splunk ITSI for two years.

Its stability is great.

It is handling well what it is supposed to handle for some parts of our setup, and with the new version, it is only going to get better.

I have never used their support. Community is the first place I go.

I started with the company two years ago. They had it long before that.

I would rate Splunk ITSI an eight out of ten. It is pretty good, but there are some inflexibilities with the analyzer that can be annoying. 

We have medical use cases. We monitor batch processes for our medical system. We batch-process data ingestion from our data warehouses just to make sure they're performing appropriately. If there's an outlier we'll report it or create an incident.

Splunk has just started to improve my organization. It's still in its infancy. We still have some kinks to work out, but it's actually giving us much better visibility than creating a normal Splunk dashboard. It's an easier process in that regard.

It has 100% improved my organization's business resilience. We're able to get better metrics. We have a project where we've actually saved the organization millions of dollars in regards to lost revenue. We were using Splunk Dashboards to determine a situation where billing wasn't being done correctly. Billing was never actually sent out to insurance companies, then that's where we found things that were falling between the cracks.

In terms of cost efficiencies, we're able to find situations where patient care is falling below the thresholds. We have other projects that are coming into play that are going to be huge for the organization that will be reporting back to the state. 

The most valuable feature is the Glass Tables. It gives you a nice, good overview of your KPIs. It's really slick and clean. 

Splunk's ability to predict, identify and solve problems in real time is excellent. We were able to see things we haven't been able to see before just because the data from multiple systems is so helpful.

Its ability to provide business resilience by empowering staff is excellent. Everybody wants to use it.

It could be a little easier to use with the thresholding. We've struggled a little bit with thresholding.

We have been using Splunk ITSI for one and a half to two years. 

Their stability is excellent. It's not a Windows product. I don't have to restart it. It's a ten out of ten.

We can scale horizontally. It's a nine out of ten.

Their support is good. During the time of COVID, it took a while to get somebody to get back to us, but that was expected. Overall, the support has been good. We haven't had many issues. We'll dig deep into the weeds before we even bother calling Splunk. 

I would rate support a seven out of ten. I wish their response time was better.

Neutral

Before ITSI, we had Datadog and there was one other product we were managing. We didn't have any visibility into it, and Splunk is a very visible product versus other ones where it's a little more locked down from the access respective.

We switched to Splunk because of the ease of use and the ability to ingest logs from pretty much everywhere. 

We had some in-house solutions, which weren't great because we were building in .NET versus something that's like Splunk, which we can pull data from everywhere, including from a .NET solution.

I was the first one to deploy it at the organization. We started with me and one manager, and then it turned into a team of five engineers, we had a riff, and we were down to three.

We made the mistake of initially deploying it on Windows. We learned very quickly that that was a big mistake and then we switched over to a Linux environment. In general, the deployment wasn't that bad. The documentation that Splunk offers has always been great. If we had any questions, we always went to support with those questions. It was pretty simple.

Other departments have seen ROI through being able to offer better and more efficient patient care. 

We like the old perpetual licensing model but everybody's going more towards the two-year. I think the professional services hours thrown in there is actually a pretty good benefit.

I would rate Splunk ITSI a nine out of ten. Not a ten because the learning curve makes it tricky.

There are multiple use cases, which include heat maps, glass tables, and predictive analysis.

The first one is mainly related to heat maps. For example, if you want to monitor the health of a server, you can prepare heat maps for that. When you set up any kind of alerts, they can get missed because people are too busy to check their emails. With these heat maps, the color changes automatically. The Cron job runs behind the scenes, and you don't need to run them manually. 

You can also set up a glass table in ITSI for the architecture. For example, a setup like Amazon would have web services, databases, queues, and other things. For the purchase and other things, it has to connect to the external world, so you need to place the complete architecture over there, and you can assign the threshold value. If there is an issue with any of the points, for example, there is an issue with the connectivity of the database, the heat maps would change in color, which helps you to easily identify that there is an issue.

It also has a concept called predictive analysis. For example, your WhatsApp chat backup happens every 24 hours or 7 hours, but you cannot predict how much bandwidth it's going to use during the backup. It might even use 100% of the bandwidth. You cannot set a proper threshold. In such cases, you can use predictive analysis. It'll analyze the data patterns, and based on the data pattern, it predicts if everything is good or if something is bad. It can predict if something is going to fail.

You can have an integration with the ticketing tools. For example, if something happens on any server or PC and you've directly integrated the tickets from Splunk to ServiceNow, it's automatically going to create a ticket in ServiceNow.

There's also a concept of episode review wherein it groups the alerts so that there's no ticket spam in ServiceNow. For example, if you are monitoring a server and it's down, there might be 10 to 20 alerts, which would create 10 or 20 separate tickets and spam your ticketing system. In such cases, you can use the episode review feature. It will merge all those tickets into one and include all the details in that.

Splunk ITSI allowed us to monitor the health of servers. We can also completely monitor an application and identify data patterns. Automation of ticketing tools can also be done with this. We can also do log monitoring with Splunk ITSI.

It's also helpful for developers. When they create an application, if there is an issue in their code, based on the output data, a request is automatically triggered to the engineering team stating that there is an issue with the code.

The visibility into an application is very good if you configure everything properly. You first have to analyze the application by using any of the monitoring tools such as Elastic, Splunk, etc. You have to analyze the application in and out, and afterward, you have to place the monitors in particular places for end-to-end visibility. For example, in the case of a home security system, to completely secure the home, you have to place the devices in a proper place. Until and unless you place the devices in a proper place, you cannot say that it's completely secured. If you are not keeping the cameras at the main entrance and the windows, or you haven't placed them properly, you can't say that the home is properly secured.

Splunk ITSI is very good for predictive analytics for preventing incidents before they occur. For everything, there are patterns, and based on the algorithm, you are allowing the machine to analyze the data and predict whether the data patterns are coming in a proper way or not. Splunk analyzes the data patterns based on the historical information that we give it. After analyzing the historical information, it creates triggers. If the data that we are feeding into the machine is incorrect, it's not going to work the same way.

There's the accuracy of alerts. In Splunk, the data is almost in real-time, so we get tickets in real-time. If there's a failure, we can roll over to the backup applications immediately. It saved about a million euros for one of our clients. They were having an issue with the Symantec antivirus that blocked the complete Citrix environment, so the workers were not able to sign in and access the application, which led to an outage. Within a matter of minutes, Splunk triggered a ticket, and they identified that they were having an issue with this particular antivirus, and they blocked it.

Splunk ITSI has helped streamline our incident management. There is efficiency in terms of clubbing the tickets and sending tickets with meaningful information, so mainly with the alerting system, you can configure as much information as you want using the Splunk monitoring tools. You can send some links in the ticket, or you can send a separate set of guidelines for the engineers on what has to be done. The clubbing of tickets has also helped a lot to avoid spamming.

Splunk ITSI has reduced our mean time to detect. Based on my experience and the feedback from others who are using it, it has saved a lot of time. The time reduction is significant when compared to other tools in the market.

It has reduced our mean time to resolve. Glass tables have been very helpful. With the help of Splunk ITSI, you can place the heat maps and services in place based on the application architecture to easily identify where the issue is coming from.

I find the episode review, glass tables, and correlation search features very useful.

Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well.

I've been using Splunk ITSI for five or six years.

I'd rate it a nine out of ten in terms of stability.

I'd rate it a nine out of ten in terms of scalability.

It isn't 100% satisfactory for all the cases. About 80% of the time, they are good, and about 20% of the time, they aren't as good. They can be very slow. We also had an incident where we asked them to upgrade to a version, but in that latest update, Splunk had removed some concepts because of price issues. As a result of removing a particular module, our complete environment failed. It took us a day to roll back the version and go back to normal. Overall, I'd rate them a seven out of ten.

Neutral

I used VMware vSphere and a CA Technologies tool. We switched to ITSI because the optimization was very less in them. There is also a significant difference in data parsing. We also have real-time data. 

At the beginning of my career, I found it to be complex because you need to know a lot of areas, such as network and firewall rules, routing methodologies, and the cluster concept. I kept on learning along with my teammates, and it's pretty good now.

In the beginning, my teammates helped me, but now I don't need any help. Depending on the load and the environment, I can build things.

One of our clients was paying two hundred thousand to three hundred thousand dollars for a report based on the complete data, whereas they could also get the data by running a couple of queries from the database. After the implementation of Splunk, we used something called DB Connect. It was a small tweak, and after that, the price was reduced to a hundred dollars or eighty dollars per annum. All they are doing now is creating or running SQL queries, getting the data back in Splunk, and based on that, triggering and sending a report. That's it. It was all about preparing proper monitoring. The data was already available. We prepared the alerts. Along with the alerts, we also prepared dashboards for the users to visually review the historical information for the past one or two years. They can even see the report month-wise. Two hundred thousand dollars to less than a hundred dollars is incomparable.

Its pricing has been changed as per the market. You get a good support service with it as well. They have 24/7 customer support. There is a portal, and if you are having issues, they are available in order to resolve them. So, its pricing isn't too much.

I'd advise learning the tool properly, understanding its capabilities, and utilizing it efficiently. One of our clients was paying hundreds of dollars towards the license, but they were utilizing it only for server monitoring. 

To someone who already has an APM solution but is considering switching to Splunk ITSI, I'd say that switching to ITSI is going to help them a little bit more. The grouping of the ticket to the users can be easily planned. It's not rocket science. It's easier compared to the other tools where you need to create a lot of configuration for that. The configuration has been segregated, which makes it easy for the applications team to set up their own monitoring and group them to avoid the number of tickets generated. You also have predictive analysis along with heat maps and glass tables, which aren't available in other APM tools in the market right now.

Overall, I'd rate Splunk ITSI an eight out of ten.

We use the solution to monitor throughout the enterprise. We get alerts and create incidents and use it in our ticketing tool. 

We have set up alerts so we can effectively monitor our infrastructure. Even small alerts the users face we can monitor. 

We started small with a few users and once we saw the visibility we could achieve and the performance of the solution, we rolled it out on a larger scale. 

The analysis and KPIs it provides are very useful. We can create episode monitoring. 

The service analyzer is quite useful. 

Its end-to-end visibility is very good. We can get to the root cause of troubleshooting. It makes the process easier. Troubleshooting happens very quickly - and that means we have less downtime. 

We use the predictive analysis capabilities. It plays a major role as it allows us to act faster. 

Our response time is almost instant. We can create alerts and check reports. It checks everything in real-time so that we can jump into action much faster.

It's helped with incident management. It's helped us reduce incidents while improving performance and visibility. It reduces the amount of work we need to do as well. We've likely reduced work by 30% or so. 

Since it's reduced alerts, it's reduced alert noise. We do have triggers for alerts, and we can shortlist them and troubleshoot the ones that create the most noise. 

Our performance metrics have improved. Alert noise has dropped by 60%. We've been able to maintain everything much easier. Handling the infra is simpler. 

Our mean time to detect is down to 5 minutes. That's down from 15 to 20 minutes in the past.

We're getting alerts with delays of maybe five minutes, however, we'd like to see real-time alerting in the future. 

From a predictive analysis point of view, we'd like to see emails corresponding to the alerts we get. That would be an added benefit. 

I've been using the solution at least 2 years. 

Every time we upgrade, we do find some issue, however, it does get resolved. Overall, I'd rate stability 9 out of 10. Most of the time, it's stable. 

We have two to three people using the solution. We have the solution across multiple locations. 

The solution is very scalable. 

Technical support is very good. I'm satisfied with the level of knowledge the techs have and the response time. 

Positive

We did not use any other solutions. 

The initial setup is not complex. I'm not sure exactly how long it takes to implement as it was already in place when I began.

There is some maintenance required. You may have to run regular upgrades. 

We've seen an ROI in the lack of downtime, which has improved by 80%.

I don't have any visibility on the cost of the product.

I'm a Splunk customer. 

We don't have Splunk integrated with any other solutions. 

For someone who already has an APM solution, but is considering switching to Splunk ITSI, I'd advise them to take a look at it against other solutions. However, Splunk is very, very good. It's likely to help any organization. I'd recommend it over a different monitoring solution. It eliminates much broader downtime and allows teams to act on alerts faster. 

resilience is very important to us and Splunk helps us maintain that. It's very reliable. 

I'd recommend the solution to others. 

It's a good idea to go through the documentation so that everyone is on the same page with the setup.

I'd rate the solution ten out of ten.

Splunk ITSI is our platform for data ingestion from various sources. We leverage it to manage Kubernetes configurations, licenses, reports, dashboards, and user permissions. Additionally, we utilize ITSI for field extraction and data model retrieval.

We successfully integrated Splunk ITSI with ServiceNow. The integration process was straightforward. We downloaded the Splunk Integration application from the ServiceNow app store and configured the ServiceNow account using the provided URL, username, password, and authentication method.

Splunk ITSI offers end-to-end visibility through a centralized admin console. This console allows us to monitor all aspects of our system, including indexing performance, daily resource usage, CPU utilization, and insights.

Splunk ITSI has helped our organization save time. We saw the benefits within the first three minutes of use.

We saw time to value within minutes of using Splunk ITSI.

The KPS used to automate the integration policy is the most valuable feature of Splunk ITSI.

After upgrading Splunk ITSI from version 4.11 to 4.13, the analyzer stopped finding values for KPS and services. We had to manually deploy a script to resolve this issue.

I have been using Splunk ITSI for three years.

Splunk ITSI is stable.

Splunk ITSI is a resilient solution able to recover quickly.

Splunk ITSI is scalable.

The technical support team is great. They've helped troubleshoot our issues. Once we raise a ticket, we can continue the process using a DLL file.

Positive

The initial deployment is straightforward. The setup is automated.

Five people were required for the deployment.

The implementation was completed in-house.

The licensing is based on data usage.

I would rate Splunk ITSI eight out of ten.

I recommend Splunk ITSI over other APMs because we can monitor everything from a single console.

Splunk ITSI is deployed across multiple locations.

No maintenance is required for Splunk ITSI.

We use the solution for intelligence. For example, if I have a website that sells games, it might have a lot of things like databases, servers, et cetera. I can see how many users have logged in, what purchases can be made, and so on. Splunk provides the logs to see all of the data for all actions on the site. I can see things on a technical level, like how CPUs are performing.

I can see things in real-time, and it's based on real data. This is the advantage Splunk has. There is complete visibility and I can monitor KPIs as well.

I can look at how my database looks, how my sales look, et cetera, and all metrics are in one place.

There's machine learning as well, including anomaly detection. You can look at and understand the date very easily. It helps us provide a complete understanding of business so that I can understand anomalies better and watch the daily data. It gives me alerts in which I can take a deeper dive.

I have a ticketing system. If I have a Splunk power user, they can look at the data and create a ticket for future inspection. People can correlate and collaborate on the same ticket.

Basically, everything you need you can find on Splunk. You can also create custom actions. 

We can do actions right on the Splunk UI. 

The compatibility is good.

The end-to-end visibility is okay. The only thing that is lacking is the application monitoring. We struggled with one use case where payments were failing and they couldn't understand if it was the infrastructure or bandwidth. The capability of recording any transaction is not possible in Splunk. You have to write your own scripts, however, it's not as user-friendly.

The predictive analytics are pretty good. I've seen people using it. That said, I'd say the admin needs a deep understanding of the infrastructure. It has a tendency to create noise. If you have a noisy system, when there's an alert, people tend to miss issues. 

Customers have noted the solution helps streamline incident management. At a single glance, there is a complete view of infrastructure. It's good for the customer on the technical side. Teams were able to map the availability of the system more accurately - up by 28%.

It's helped reduce alert noise. It can aggregate the alerts and just create an alert only when needed. From the UI, you can correlate the alerts using dynamic conditions (not just static ones).

We've been able to reduce the mean time to detect. It has a similar meantime to detect as Dynatrace. We've used it when there wasn't an existing system, and we would have had similar results with other tools in the market. It's helped with MTTR for sure. Previous to implementing Splunk, the mean time was one hour or so. Once we implemented it, the alert notification was automatically sent to people, so it automatically reduced the time to two to five minutes. 

The mean time to resolve has been reduced thanks to Splunk. 

If you are using Splunk ITS and Splunk Enterprise Security, you have to run different searches. You cannot run both on the same server. You can bifurcate it however you want, however.

The license cost is expensive. When I want a premium application it's extra. I need to pay for this on top of my base license. 

We'd like to see more use of artificial intelligence. There's no easy knowledge-base bot. It would help if they had a ChatGPT-like AI that could show them the knowledge base information they could use to address tickets.

I've used Splunk as a product for about five years. 

The solution is stable. 

The solution can scale. I'd rate it seven out of ten. There are some requirements on the backend in terms of scaling. If you want extra storage, it will cost more money. If you are adding a new server you will have to go and configure it and then you have to restart everything, so there may be downtime. 

I've contacted technical support. They were good in terms of experience. The cloud support is excellent. 

Positive

I did not previously use a different solution. 

You can install the solution on-premises or on the cloud. If you want to send the data to your own on-premises environment, you can do so.

I was involved in the initial deployment. The setup was very straightforward, however, the requirements gathering can be complex, as well as gathering the KPIs and developing an understanding of requirements. You need someone who has a complete understanding and a holistic view of the environment. 

How many people you need for the deployment depends on how big the infrastructure is, what you want to monitor, and the timeline you have.

The on-premises deployment requires maintenance as you have to monitor the server. The cloud requires less maintenance. 

We tend to implement the solution for our customers. 

The solution can be costly. You have to have a fixed license. It's very difficult for people to know beforehand how much they will be charged. 

We're Splunk partners. 

For someone who already has an APM solution and is considering switching to ITSI, I'd advise them to look at the licensing and their budget and to consider where their APM is currently lacking. If you aren't getting the alerts you need or you can't see how your infrastructure looks, it might make sense to switch. They need to be aware, however, there will be an extra cost.

Secondly, if you can't see the logs in your application and can't fetch the logs, for example, if you are on Dynatrace, and Dynatrace does not provide your login analysis, you can just go and write a query. However, it depends on what your end customer needs as well. If they need good dashboards and they need flexible dashboarding, to which you can add images, and customize the way you want, you may need something more robust, like Splunk. We were able to pull it off using Splunk ITSI as it gives you very easy-to-customize dashboards. 

To someone who's considering a point monitoring system instead of ITSI, I'll say that, depending on your infrastructure, it might be a good idea. If you have less data, and you can manage with the manual alerts, you're fine. However, if you're wasting a lot of time with the alerts and get a lot of alert noise, that means you can be missing major alerts. For major infrastructure, it's a good idea to have ITSI.

You need a minimum of 14 days before seeing time to value. 14 days is required in order to be able to use the complete solution. That allows the system to get good at anomaly detection. 

I'd rate the solution eight out of ten.

We have some business-oriented monitoring. The technical components are aggregated to business services up to a certain level. We could do a lot more, but this is what we are doing currently.

Splunk ITSI has improved our mean time to resolution. We can essentially notice things before somebody calls. We have better customer satisfaction. It is hard to say how much time it has saved, but if we do not use it, it will take quite a while until we notice something is down or until we find out what exactly is the issue.

We monitor multiple cloud environments with it. It is no more difficult than anything else.

Splunk ITSI has end-to-end visibility into our cloud-native environment. We also have SignalFx. We are an early adopter of SignalFx in Switzerland. It is integrated, and we have been beta-testing the integration. It is quite easy and workable. It is quite nice.

It provides business resilience by empowering staff. That is the core feature. You can tailor the solution and give the exact information in a certain context. This correlation and this presentation help the business, the users, or the person responsible for the application or the stack. That is the interesting part.

Splunk Episodes are valuable because it correlates and aggregates all the information, and you do not have one million events to look at and triage, so it is quite convenient.

The solution is okay. I am not sure whether the current release has already moved to the new framework where instead of the glass tables, we can directly use the Dashboard Studio. It would be nice to have that integrated into the same framework.

We have been using Splunk ITSI for more than four years.

Its stability is excellent.

Its scalability is excellent.

They used different tools for different parts. For the service aggregation part, they used Netuitive. They still use Dynatrace for some of the things, but they have mostly moved to SignalFx. Dashboarding was one area for which they never had anything.

The guys with the container-based workload absolutely demanded SignalFx. That had the repercussions of finally moving to Splunk ITSI.

I was not involved in its deployment.

I am not sure about the ROI of Splunk ITSI, but we have definitely got an ROI from Splunk. We have been using Splunk since version 3 and doing lots of things. We have hundreds of use cases. If you ask anybody in the business, they would say that it is essential and critical.

Splunk has improved our business resilience in combination with Splunk Enterprise. It is widely adopted by our developers, and we also have a fairly large number of dashboards where core services, such as managed file transfer, are transparent for the users that own a system that is connected as a sending or receiving device so that they can self-service and check if everything is working. There is also alerting on that. So, there are multitudes of use cases. It is more of a framework; it is more of a platform. There is wide adoption of it. 100% of the users in the company have access to it. Not everybody uses it, but everybody has access to it.

It is interesting. I am not involved that much lately, but if I recall correctly, you license primarily on the volume of data that you are using in Splunk ITSI, but there is no way Splunk can ever check if that is true, so that is interesting. We are not doing it, but someone can pretend to just use 10%, and it would be super cheap. It is tricky, but it is more tricky for Splunk than for us.

There were quite a few solutions that we looked at. We were beta testing Splunk ITSI, but unfortunately, the adoption was not possible back then. They had a few market-leading products in the procurement. Due to SignalFx, we finally chose Splunk ITSI.

I would rate Splunk ITSI an eight out of ten.

We utilize Splunk ITSI to enhance our IT operations within our infrastructure. Our goal is to monitor only the most critical KPIs. Additionally, we have access to a detailed overview of the KPI services and entities, allowing us to identify issues in real time. 

We deploy Splunk ITSI both on-premises and in the Splunk cloud. 

We implemented infrastructure monitoring using ITSI to track various aspects such as latencies and specific components like CPU and memory. I can now provide detailed information about the specific cause of CPU-related issues. The problem lies in determining the process through which we can obtain a high-level overview of our services. When we delve deeper, we have access to numerous details to identify the KPI responsible for disrupting the service application. I can now explore ways to monitor its performance and locate the service in question. With ITSI, we can receive alerts and easily navigate to the precise location to resolve the problem.

The end-to-end visibility of Splunk ITSI in our network environment depends on the individual utilizing it. While it may be present, it is crucial to possess a solid understanding of ITSI. In order to illustrate this aspect, we require a well-defined use case that demonstrates our intention to employ ITSI. Overall, I would describe the end-to-end view as highly effective. It facilitates seamless data acquisition and enables us to easily analyze the data afterward.

Splunk ITSI can be utilized for predictive analytics to prevent incidents before they happen. It is regarded as the superior option for observability. While observability is commendable, we also make efforts to view data from SignalFX and leverage ITSI's capabilities to analyze and access large volumes of data. ITSI serves as a tool for analytics, but we can also employ it for observability, albeit SignalFX remains our primary choice for that purpose.

Splunk ITSI has helped us streamline our incident management, particularly through its correlation searches and event policies. With these features, we can efficiently handle multiple tasks by grouping them together under correlations. We can easily search for and identify these tasks and then review them in-network, allowing us to determine the specific episode and identify any high alerts. This enables us to drill down and investigate further, depending on our proficiency with ITSI. Additionally, we have the ability to create a dashboard for editing reviews. This way, we can access our episodes, drill down into our dashboard, and examine the detailed information about the issues we are facing.

ITSI has helped reduce our alert noise by thirty percent. We don't need to extract a large amount of information from our correlation strategies. We can simply refine them and obtain the essential details, thus avoiding unnecessary noise in our environment. We just need to grasp the main idea.

Splunk ITSI has helped us reduce our mean time to detect by approximately fifteen percent. I have been collaborating with individuals who also utilize ITSI for the past five years, and we have observed its continuous improvement each year. The mean time to detect is contingent upon our level of dedication to ITSI in that aspect.

Splunk ITSI has helped us reduce our mean time to resolve by approximately fifteen percent. If we also have a good dashboard alongside it, we can drill down and go straight to the issue.

One of the excellent features is the service analyzer, which is truly impressive. Additionally, we have the infrastructure review, which allows us to assess our infrastructure comprehensively. That is fantastic! Furthermore, the latest ITSI connects the new tenant we have for tenant management. This feature enables us to retire an entity instead of merely deleting it, and if needed, we can easily reactivate it. There are numerous exciting new additions. Splunk ITSI itself is highly interactive, making the overall service experience truly remarkable.

Splunk ITSI could function even better, particularly when it comes to refreshing the service infrastructure. If we could have the option to go back not just sixty minutes, but also one or five minutes, it would enhance our capabilities.

The service analyzer component is excellent, particularly the default analyzer. However, I believe the refresh time should be faster. If it also takes five minutes to complete, as suggested by the KPI requirements, then the refresh time should be significantly reduced. If the data doesn't load within five minutes, our service and KPI will not function properly. Therefore, it is crucial to make it faster.

I would appreciate having more customizable dashboards to assist with in-depth analyses.

I have been using Splunk ITSI for two years.

Since I started using Splunk ITSI, it has remained stable.

Splunk ITSI is scalable.

The documentation for Splunk Doctors is excellent, particularly when it comes to addressing installation issues. However, when it comes to Splunk Processing Language, Splunk itself is unable to assist us. I would recommend relying on the documentation as a valuable resource.

Positive

The initial setup is complex. Even if we have installed ITSI, we still need to install the other apps that accompany ITSI. Perhaps we want to work on this matter, so it depends on whether I am deploying it in a large environment or just a single environment with minimal activity. Therefore, we need to include all of these in the architecture. The ITSI app is one component, but the other apps that derive from it must also be taken into consideration.

We have a tool that we use in our team to expedite the deployment process. However, we are unable to disclose the details as it is a proprietary system. On an average day, if we have access to ITSI, I can personally complete the task within a few hours due to my prior experience. However, for someone without technical expertise, it may take up to a day. Although one knowledgeable person can complete the deployment, it is easier with two people.

I have witnessed a significant return on investment in that aspect. However, it ultimately depends on the customer's use case. Everyone desires to acquire Splunk, but not everyone understands its functionality in that aspect. So, if we have a customer and a strong use case, and we know what they want, we will definitely be able to achieve it. But if we don't have a customer and lack knowledge about it, it will just remain as is.

Splunk ITSI is expensive; however, with the appropriate use case, it justifies the cost.

I rate Splunk ITSI an eight out of ten.

Anyone who is considering a point monitoring system instead of Splunk ITSI should know that with ITSI, we gain access to several other features. Even just with the service analyzer, we can observe our KPIs and identify their affected components. We can determine which settings are causing the issues and make informed decisions, such as trying alternative options. We can also evaluate if a particular KPI has significant importance, as it has a substantial impact on the overall order of operations. This provides us with a detailed perspective in terms of data and other relevant aspects. While it may not offer a purely granular view, having everything consolidated into a single interface is extremely convenient. Working with ITSI requires a considerable level of willingness and experience. However, as we are transitioning towards various new tools, including the ability to easily integrate plug-and-play devices, the only issue with ITSI might be the initial setup. Once we have it implemented, we will have the capability to accomplish all our desired tasks.

The way Splunk sells ITSI is not the way we use it. We can make much better use of ITSI. The most important aspect, in my opinion, of ITSI is the episode review. For instance, when we encounter an issue that is not immediately visible, how can we evaluate that aspect? Therefore, ITSI is beneficial. From my perspective, we need individuals to sit down and explain how it works, as it can be confusing initially. However, once we have a clear understanding, it works well.

In my organization, my team is the only one working with ITSI. We handle all deployments, and typically, we deploy on public cloud infrastructure such as Azure, AWS, and GCP. Nowadays, most deployments are cloud-based. Additionally, with the rapid growth of Splunk Cloud, installation is not a concern as it is taken care of. Our focus is on the implementation if we choose to go the Splunk Cloud route. However, we still handle the installation process ourselves, so we need to ensure our preparedness in that regard.

We have roughly 20 people in our organization that use Splunk ITSI.

In the beginning, we need to ensure that the data we receive is valid. Once we have confirmed its validity, we can rest assured that the system will generate alerts, eliminating the need to worry about maintenance.

I recommend Splunk ITSI for organizations that are interested in IT operations, monitoring, or analytics. By ensuring optimal utilization of Splunk ITSI, organizations can achieve a good return on investment that justifies the purchase.