Splunk ITSI (IT Service Intelligence) Reviews

We use the solution to monitor our own internal applications. We monitor analogs and various other DB Connect sources.

The tool has replaced some other products in our organization. It’s coming in very handy.

Alerts and episodes are valuable to me. These features put all notable events together and give us an opportunity to take action.

We can take actions based on NEAPs, like emails and service now tickets. It is pretty basic at the moment. The solution should integrate more features in NEAP.

I have been using the solution for about a year.

The solution is pretty stable.

The product is extremely scalable.

I work with a lot of Splunk’s support people. I like them. They're all good.

Positive

We were using a software called Genius. We use Splunk IT Service Intelligence now, and it's more cost-effective overall.

I have been maintaining the solution. The product is straightforward to maintain. We just need to follow the best practices, and it works. We have a lot of users, so it's difficult controlling what the users do in the environment.

The tool is a centralized place to collect all our data and compute against it. It has the potential for an ROI.

Pricing has some room for improvement.

We evaluated other options, but Splunk seemed to be the best. It is the industry leader, so it was a no-brainer.

We have an on-prem instance. Everything's pretty much on-prem. We work with cloud logs. Monitoring multiple cloud environments using the solution is pretty straightforward and easy. It is extremely important to us that the solution has end-to-end visibility into our cloud-native environment.

The solution has helped reduce our mean time to resolve. The product has helped improve our organization’s business resilience. Its ability to predict, identify, and solve problems in real-time is pretty good as long as the source is good and we use it well.

The tool’s ability to provide business resilience by empowering staff is alright. We have experienced cost efficiencies by switching to Splunk IT Service Intelligence. I know it used to be ingestion, and now it's like a CPU. It's always evolving. I was not involved in the initial setup. The solution still has some room for improvement.

Overall, I rate the product a six or seven out of ten.

We use Splunk ITSI for IT monitoring. It helps us monitor all our servers for things like CPU utilization and other performance metrics. We can integrate complex architectures with the service and connect the core to multiple data sources. Our customers' environments vary. In the last project, they had around eight departments and 75 employees, so I needed a web server for each department.

Before we shifted our customers to Splunk ITSI, they had issues getting insights in some circumstances. Now they have complete visibility from one dashboard. It helps them monitor and develop a proactive response to address the problems before they cause trouble. 

One issue we faced before implementing Splunk was that our customers couldn't predict how long it would take to reach their storage limit. Now we can categorize issues according to severity. 

Splunk ITSI has enabled us to streamline incident management by adopting aggregated policies. Instead of getting rid of incidents, we are placing these into several groups and removing the duplicates to see some insights based on previous incidents. 

We've been able to reduce alert noise using policies. By grouping the policies, we're able to avoid redundant alerts. When we used the other solution, we would sometimes get repeated warnings, but we eliminated that by implementing aggregate policies.

From IPSI, we can see the metrics and drill down. We can build a tool to check the metrics based on severity. Instead of taking every event's logs, we are directly getting the root cause of the issue. From there, we can see that it obviously reduces the rest of the time.

The solution has reduced our mean time to resolve issues. Before implementing it, we typically needed around six to eight hours to close a ticket. When we had an alert, we had to review all the native logs to find the correct server. With ITSI, I can see a score that tells me about potential issues before they arise. I can see if there is a critical problem with a server or application based on the data flows and resolve it. 

I like ITSI's service analyzer. We can integrate and group the service, then create multiple KPIs in the service analyzer we can monitor. We can use multiple connectors to get end-to-end network visibility. Many organizations prefer appliances, and we can completely integrate the appliance with the source to gain complex insights throughout the network.  

We are getting real-time insights from the service and the vendor and doing some projects using security analytics to check the path. We can monitor the behavior of an appliance or the organization and how they are using it. For example, you might see high usage on specific days and low usage on weekends. If we can identify patterns from this, it can help us predict the future.

We're using predictive analytics, and there are three or four algorithms. It would be helpful if this process were more standardized and scalable. 

I have used Splunk ITSI for nearly a year. 

Splunk ITSI is stable. The latest version is more stable than the previous one. 

Splunk ITSI is scalable. We can compare multiple APIs and services, so everything is organized and manageable. We can drill down to the bottom of all the logs on events.

I rate Splunk technical support a nine out of ten. If we work with cloud architecture, we usually need some help from Splunk, so we often need to contact support and ask for changes. We prepare the case, have a conversation with them, and get it done.

Positive

We were using service providers, but we had a log management solution and some other open source tools. We relied on custom builds of open source solutions. 

Splunk ITSI can be deployed in the cloud or on-prem depending on the customer's requirements. For example, if someone is running this in a closed environment, we can go with the on-prem deployment. Otherwise, customers will mostly go for a cloud deployment. We use AWS.

When I started the training, it seemed somewhat complicated, but once you learn a bit, it becomes straightforward. It isn't terribly complex. The deployment strategy depends on the scope of the project, such as whether you have a cluster or a distributed environment. 

You can deploy it with a team of three or four. Someone needs to take care of the prerequisites like clustering and another person might take care of the integration. Another will configure the dashboards. The process takes about five days.

We save substantial time on monitoring tasks because we don't have to search for what we need. Everything is packed, so you can drill down to the end values by just doing the kit. We don't spend a lot of time on this. Splunk ITSI is easy to use and not time-consuming.

The time to value is fast. The implementation takes time, but the customer can see value immediately once everything is configured, permissions are set, and we're ready to move. 

I rate Splunk ITSI a 10 out of 10. We need our website up 24/7, or we'll lose business. Every minute that it's down we lose money. I would recommend this to anyone who runs a business online and needs to monitor their infrastructure.

If you're considering a point monitoring system instead of ITSI, I would say it depends on the information you are using. Generally, Splunk ITSI is the advanced option that gives you multiple features together with service intelligence and analytics. You can make wonderful dashboards. Comparatively, this is enough to monitor the company's infrastructure. 

In ITSI, we can also integrate application and database logs, so the customer might get some research to predict when the database goes down. ITSI can be helpful to manage the customer infrastructure and minimize the impact on their business. 

We use ITSI for performance monitoring and incident management. How do you utilize it? I got it. And what problems were you trying to solve by implementing Splunk ITSI? That's good. 10 to 15 people use Splunk at my company.

ITSI helps us to monitor applications and identify performance problems or service degradation. It provides us with intelligence and enables us to act on it. We can reduce our incidents by about 10 percent. It has also reduced our time to resolve by 10 percent. 

I like ITSI's glass tables. They're easy to navigate by clicking through them. The interface isn't that much different from other products I've used. It provides all the information we need in one place. 

I have used Splunk ITSI for seven months.

I rate Splunk ITSI eight out of 10 for stability. There are some minor issues. 

I rate Splunk ITSI seven out of 10. Splunk is quite scalable, but we had some challenges in our environment.  

I rate Splunk support seven out of 10. We had issues with support that took a long time to resolve.

Neutral

We previously used a different solution. I don't recall which one. The license expired, so we switched to Splunk ITSI. 

We have deployed Splunk ITSI on the cloud. The multisite deployment was complex.

I rate Splunk ITSI eight out of 10. 

We have medical use cases. We monitor batch processes for our medical system. We batch-process data ingestion from our data warehouses just to make sure they're performing appropriately. If there's an outlier we'll report it or create an incident.

Splunk has just started to improve my organization. It's still in its infancy. We still have some kinks to work out, but it's actually giving us much better visibility than creating a normal Splunk dashboard. It's an easier process in that regard.

It has 100% improved my organization's business resilience. We're able to get better metrics. We have a project where we've actually saved the organization millions of dollars in regards to lost revenue. We were using Splunk Dashboards to determine a situation where billing wasn't being done correctly. Billing was never actually sent out to insurance companies, then that's where we found things that were falling between the cracks.

In terms of cost efficiencies, we're able to find situations where patient care is falling below the thresholds. We have other projects that are coming into play that are going to be huge for the organization that will be reporting back to the state. 

The most valuable feature is the Glass Tables. It gives you a nice, good overview of your KPIs. It's really slick and clean. 

Splunk's ability to predict, identify and solve problems in real time is excellent. We were able to see things we haven't been able to see before just because the data from multiple systems is so helpful.

Its ability to provide business resilience by empowering staff is excellent. Everybody wants to use it.

It could be a little easier to use with the thresholding. We've struggled a little bit with thresholding.

We have been using Splunk ITSI for one and a half to two years. 

Their stability is excellent. It's not a Windows product. I don't have to restart it. It's a ten out of ten.

We can scale horizontally. It's a nine out of ten.

Their support is good. During the time of COVID, it took a while to get somebody to get back to us, but that was expected. Overall, the support has been good. We haven't had many issues. We'll dig deep into the weeds before we even bother calling Splunk. 

I would rate support a seven out of ten. I wish their response time was better.

Neutral

Before ITSI, we had Datadog and there was one other product we were managing. We didn't have any visibility into it, and Splunk is a very visible product versus other ones where it's a little more locked down from the access respective.

We switched to Splunk because of the ease of use and the ability to ingest logs from pretty much everywhere. 

We had some in-house solutions, which weren't great because we were building in .NET versus something that's like Splunk, which we can pull data from everywhere, including from a .NET solution.

I was the first one to deploy it at the organization. We started with me and one manager, and then it turned into a team of five engineers, we had a riff, and we were down to three.

We made the mistake of initially deploying it on Windows. We learned very quickly that that was a big mistake and then we switched over to a Linux environment. In general, the deployment wasn't that bad. The documentation that Splunk offers has always been great. If we had any questions, we always went to support with those questions. It was pretty simple.

Other departments have seen ROI through being able to offer better and more efficient patient care. 

We like the old perpetual licensing model but everybody's going more towards the two-year. I think the professional services hours thrown in there is actually a pretty good benefit.

I would rate Splunk ITSI a nine out of ten. Not a ten because the learning curve makes it tricky.

There are multiple use cases, which include heat maps, glass tables, and predictive analysis.

The first one is mainly related to heat maps. For example, if you want to monitor the health of a server, you can prepare heat maps for that. When you set up any kind of alerts, they can get missed because people are too busy to check their emails. With these heat maps, the color changes automatically. The Cron job runs behind the scenes, and you don't need to run them manually. 

You can also set up a glass table in ITSI for the architecture. For example, a setup like Amazon would have web services, databases, queues, and other things. For the purchase and other things, it has to connect to the external world, so you need to place the complete architecture over there, and you can assign the threshold value. If there is an issue with any of the points, for example, there is an issue with the connectivity of the database, the heat maps would change in color, which helps you to easily identify that there is an issue.

It also has a concept called predictive analysis. For example, your WhatsApp chat backup happens every 24 hours or 7 hours, but you cannot predict how much bandwidth it's going to use during the backup. It might even use 100% of the bandwidth. You cannot set a proper threshold. In such cases, you can use predictive analysis. It'll analyze the data patterns, and based on the data pattern, it predicts if everything is good or if something is bad. It can predict if something is going to fail.

You can have an integration with the ticketing tools. For example, if something happens on any server or PC and you've directly integrated the tickets from Splunk to ServiceNow, it's automatically going to create a ticket in ServiceNow.

There's also a concept of episode review wherein it groups the alerts so that there's no ticket spam in ServiceNow. For example, if you are monitoring a server and it's down, there might be 10 to 20 alerts, which would create 10 or 20 separate tickets and spam your ticketing system. In such cases, you can use the episode review feature. It will merge all those tickets into one and include all the details in that.

Splunk ITSI allowed us to monitor the health of servers. We can also completely monitor an application and identify data patterns. Automation of ticketing tools can also be done with this. We can also do log monitoring with Splunk ITSI.

It's also helpful for developers. When they create an application, if there is an issue in their code, based on the output data, a request is automatically triggered to the engineering team stating that there is an issue with the code.

The visibility into an application is very good if you configure everything properly. You first have to analyze the application by using any of the monitoring tools such as Elastic, Splunk, etc. You have to analyze the application in and out, and afterward, you have to place the monitors in particular places for end-to-end visibility. For example, in the case of a home security system, to completely secure the home, you have to place the devices in a proper place. Until and unless you place the devices in a proper place, you cannot say that it's completely secured. If you are not keeping the cameras at the main entrance and the windows, or you haven't placed them properly, you can't say that the home is properly secured.

Splunk ITSI is very good for predictive analytics for preventing incidents before they occur. For everything, there are patterns, and based on the algorithm, you are allowing the machine to analyze the data and predict whether the data patterns are coming in a proper way or not. Splunk analyzes the data patterns based on the historical information that we give it. After analyzing the historical information, it creates triggers. If the data that we are feeding into the machine is incorrect, it's not going to work the same way.

There's the accuracy of alerts. In Splunk, the data is almost in real-time, so we get tickets in real-time. If there's a failure, we can roll over to the backup applications immediately. It saved about a million euros for one of our clients. They were having an issue with the Symantec antivirus that blocked the complete Citrix environment, so the workers were not able to sign in and access the application, which led to an outage. Within a matter of minutes, Splunk triggered a ticket, and they identified that they were having an issue with this particular antivirus, and they blocked it.

Splunk ITSI has helped streamline our incident management. There is efficiency in terms of clubbing the tickets and sending tickets with meaningful information, so mainly with the alerting system, you can configure as much information as you want using the Splunk monitoring tools. You can send some links in the ticket, or you can send a separate set of guidelines for the engineers on what has to be done. The clubbing of tickets has also helped a lot to avoid spamming.

Splunk ITSI has reduced our mean time to detect. Based on my experience and the feedback from others who are using it, it has saved a lot of time. The time reduction is significant when compared to other tools in the market.

It has reduced our mean time to resolve. Glass tables have been very helpful. With the help of Splunk ITSI, you can place the heat maps and services in place based on the application architecture to easily identify where the issue is coming from.

I find the episode review, glass tables, and correlation search features very useful.

Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well.

I've been using Splunk ITSI for five or six years.

I'd rate it a nine out of ten in terms of stability.

I'd rate it a nine out of ten in terms of scalability.

It isn't 100% satisfactory for all the cases. About 80% of the time, they are good, and about 20% of the time, they aren't as good. They can be very slow. We also had an incident where we asked them to upgrade to a version, but in that latest update, Splunk had removed some concepts because of price issues. As a result of removing a particular module, our complete environment failed. It took us a day to roll back the version and go back to normal. Overall, I'd rate them a seven out of ten.

Neutral

I used VMware vSphere and a CA Technologies tool. We switched to ITSI because the optimization was very less in them. There is also a significant difference in data parsing. We also have real-time data. 

At the beginning of my career, I found it to be complex because you need to know a lot of areas, such as network and firewall rules, routing methodologies, and the cluster concept. I kept on learning along with my teammates, and it's pretty good now.

In the beginning, my teammates helped me, but now I don't need any help. Depending on the load and the environment, I can build things.

One of our clients was paying two hundred thousand to three hundred thousand dollars for a report based on the complete data, whereas they could also get the data by running a couple of queries from the database. After the implementation of Splunk, we used something called DB Connect. It was a small tweak, and after that, the price was reduced to a hundred dollars or eighty dollars per annum. All they are doing now is creating or running SQL queries, getting the data back in Splunk, and based on that, triggering and sending a report. That's it. It was all about preparing proper monitoring. The data was already available. We prepared the alerts. Along with the alerts, we also prepared dashboards for the users to visually review the historical information for the past one or two years. They can even see the report month-wise. Two hundred thousand dollars to less than a hundred dollars is incomparable.

Its pricing has been changed as per the market. You get a good support service with it as well. They have 24/7 customer support. There is a portal, and if you are having issues, they are available in order to resolve them. So, its pricing isn't too much.

I'd advise learning the tool properly, understanding its capabilities, and utilizing it efficiently. One of our clients was paying hundreds of dollars towards the license, but they were utilizing it only for server monitoring. 

To someone who already has an APM solution but is considering switching to Splunk ITSI, I'd say that switching to ITSI is going to help them a little bit more. The grouping of the ticket to the users can be easily planned. It's not rocket science. It's easier compared to the other tools where you need to create a lot of configuration for that. The configuration has been segregated, which makes it easy for the applications team to set up their own monitoring and group them to avoid the number of tickets generated. You also have predictive analysis along with heat maps and glass tables, which aren't available in other APM tools in the market right now.

Overall, I'd rate Splunk ITSI an eight out of ten.

We have some business-oriented monitoring. The technical components are aggregated to business services up to a certain level. We could do a lot more, but this is what we are doing currently.

Splunk ITSI has improved our mean time to resolution. We can essentially notice things before somebody calls. We have better customer satisfaction. It is hard to say how much time it has saved, but if we do not use it, it will take quite a while until we notice something is down or until we find out what exactly is the issue.

We monitor multiple cloud environments with it. It is no more difficult than anything else.

Splunk ITSI has end-to-end visibility into our cloud-native environment. We also have SignalFx. We are an early adopter of SignalFx in Switzerland. It is integrated, and we have been beta-testing the integration. It is quite easy and workable. It is quite nice.

It provides business resilience by empowering staff. That is the core feature. You can tailor the solution and give the exact information in a certain context. This correlation and this presentation help the business, the users, or the person responsible for the application or the stack. That is the interesting part.

Splunk Episodes are valuable because it correlates and aggregates all the information, and you do not have one million events to look at and triage, so it is quite convenient.

The solution is okay. I am not sure whether the current release has already moved to the new framework where instead of the glass tables, we can directly use the Dashboard Studio. It would be nice to have that integrated into the same framework.

We have been using Splunk ITSI for more than four years.

Its stability is excellent.

Its scalability is excellent.

They used different tools for different parts. For the service aggregation part, they used Netuitive. They still use Dynatrace for some of the things, but they have mostly moved to SignalFx. Dashboarding was one area for which they never had anything.

The guys with the container-based workload absolutely demanded SignalFx. That had the repercussions of finally moving to Splunk ITSI.

I was not involved in its deployment.

I am not sure about the ROI of Splunk ITSI, but we have definitely got an ROI from Splunk. We have been using Splunk since version 3 and doing lots of things. We have hundreds of use cases. If you ask anybody in the business, they would say that it is essential and critical.

Splunk has improved our business resilience in combination with Splunk Enterprise. It is widely adopted by our developers, and we also have a fairly large number of dashboards where core services, such as managed file transfer, are transparent for the users that own a system that is connected as a sending or receiving device so that they can self-service and check if everything is working. There is also alerting on that. So, there are multitudes of use cases. It is more of a framework; it is more of a platform. There is wide adoption of it. 100% of the users in the company have access to it. Not everybody uses it, but everybody has access to it.

It is interesting. I am not involved that much lately, but if I recall correctly, you license primarily on the volume of data that you are using in Splunk ITSI, but there is no way Splunk can ever check if that is true, so that is interesting. We are not doing it, but someone can pretend to just use 10%, and it would be super cheap. It is tricky, but it is more tricky for Splunk than for us.

There were quite a few solutions that we looked at. We were beta testing Splunk ITSI, but unfortunately, the adoption was not possible back then. They had a few market-leading products in the procurement. Due to SignalFx, we finally chose Splunk ITSI.

I would rate Splunk ITSI an eight out of ten.

We are trying to take regular dashboards that we have for monitoring and pull them all together for a high-level view of what is going on.

We have not got very far with it yet. We have done a service decomposition. We had some KPIs set up, and we have got just a couple of health scores, but we have not really pulled it all together. We have not gotten value out of it yet, but we are getting there. We have not seen any improvements yet, but we have high hopes. 

Splunk has helped improve our company's business resilience, but with ITSI, we are not there yet. Splunk has been great so far in terms of the ability to predict, identify, and solve problems in real-time. I have not played around with any other IT ops platforms, but it has been fantastic for us for monitoring systems with dashboards, etc.

We have not yet experienced any cost efficiencies by switching to this solution, but Splunk has certainly saved time for our system maintainers because our dashboards now roll up alerts. We just need ITSI to pull all those alerts together so that we get one alert for one problem.

We have not had any time saving with ITSI yet. We are just not that far. It has also not yet helped to reduce our mean time to resolve, but hopefully, it will.

The solution has been stable. It seems like a great solution. We have not gotten far enough with our application to see its benefits yet, but we are getting there.

It has been a large learning curve. We used Splunk Enterprise. The dashboards are pretty simplistic for the developer at first, but when they went into ITSI, it was a different world. We lacked training. We played with it a little bit, and then we brought the Splunk team in, and they did a service decomposition and whiteboarding, and it made more sense, but it was an intimidating tool for us to jump into at the beginning.

We have been using this solution for just about a year.

We have not had any issues related to stability.

We are just starting. I have got a couple of services in there. We have not scaled anything yet.

The support has been hit or miss. We are on a classified program, so we had clear points of contact assigned to us. There was a transition, and we have got some new ones. Everyone is busy and overwhelmed, and their hands are full, but the last couple of times that we reached out, we did not get much of a response.

In the past, their support was a nine out of ten, but recently, it has been a seven out of ten.

Neutral

We had a homegrown user interface that had alerts, logs, and things like that, but it was painful to manage ourselves.

We do not have any cloud. It is just on-prem. I was involved a little bit in its deployment. I was involved more as a lead but not hands-on.

We had deployed to bare metal servers at the beginning, and then we migrated to a cloud-like environment. It is not a cloud, but it is a service provider for us. At the same time, we moved to Kubernetes and containerized all of our systems. We thought we would use Splunk containers, but that did not work out for us, so we ended up pulling Splunk containers back out and installing Splunk back on VMs. That is where we are now. I do not remember the specifics, but we had trouble with deploying Splunk containers.

We implemented it ourselves.

We did not evaluate other solutions because we were already using Splunk Enterprise, so it made sense.

At this stage, I would rate it an eight out of ten because we do not have proof yet that we will get where we want to be.

Attending Splunk conferences gets me out of the office and lets me focus on Splunk for a week. They are super helpful.

We utilize Splunk ITSI to enhance our IT operations within our infrastructure. Our goal is to monitor only the most critical KPIs. Additionally, we have access to a detailed overview of the KPI services and entities, allowing us to identify issues in real time. 

We deploy Splunk ITSI both on-premises and in the Splunk cloud. 

We implemented infrastructure monitoring using ITSI to track various aspects such as latencies and specific components like CPU and memory. I can now provide detailed information about the specific cause of CPU-related issues. The problem lies in determining the process through which we can obtain a high-level overview of our services. When we delve deeper, we have access to numerous details to identify the KPI responsible for disrupting the service application. I can now explore ways to monitor its performance and locate the service in question. With ITSI, we can receive alerts and easily navigate to the precise location to resolve the problem.

The end-to-end visibility of Splunk ITSI in our network environment depends on the individual utilizing it. While it may be present, it is crucial to possess a solid understanding of ITSI. In order to illustrate this aspect, we require a well-defined use case that demonstrates our intention to employ ITSI. Overall, I would describe the end-to-end view as highly effective. It facilitates seamless data acquisition and enables us to easily analyze the data afterward.

Splunk ITSI can be utilized for predictive analytics to prevent incidents before they happen. It is regarded as the superior option for observability. While observability is commendable, we also make efforts to view data from SignalFX and leverage ITSI's capabilities to analyze and access large volumes of data. ITSI serves as a tool for analytics, but we can also employ it for observability, albeit SignalFX remains our primary choice for that purpose.

Splunk ITSI has helped us streamline our incident management, particularly through its correlation searches and event policies. With these features, we can efficiently handle multiple tasks by grouping them together under correlations. We can easily search for and identify these tasks and then review them in-network, allowing us to determine the specific episode and identify any high alerts. This enables us to drill down and investigate further, depending on our proficiency with ITSI. Additionally, we have the ability to create a dashboard for editing reviews. This way, we can access our episodes, drill down into our dashboard, and examine the detailed information about the issues we are facing.

ITSI has helped reduce our alert noise by thirty percent. We don't need to extract a large amount of information from our correlation strategies. We can simply refine them and obtain the essential details, thus avoiding unnecessary noise in our environment. We just need to grasp the main idea.

Splunk ITSI has helped us reduce our mean time to detect by approximately fifteen percent. I have been collaborating with individuals who also utilize ITSI for the past five years, and we have observed its continuous improvement each year. The mean time to detect is contingent upon our level of dedication to ITSI in that aspect.

Splunk ITSI has helped us reduce our mean time to resolve by approximately fifteen percent. If we also have a good dashboard alongside it, we can drill down and go straight to the issue.

One of the excellent features is the service analyzer, which is truly impressive. Additionally, we have the infrastructure review, which allows us to assess our infrastructure comprehensively. That is fantastic! Furthermore, the latest ITSI connects the new tenant we have for tenant management. This feature enables us to retire an entity instead of merely deleting it, and if needed, we can easily reactivate it. There are numerous exciting new additions. Splunk ITSI itself is highly interactive, making the overall service experience truly remarkable.

Splunk ITSI could function even better, particularly when it comes to refreshing the service infrastructure. If we could have the option to go back not just sixty minutes, but also one or five minutes, it would enhance our capabilities.

The service analyzer component is excellent, particularly the default analyzer. However, I believe the refresh time should be faster. If it also takes five minutes to complete, as suggested by the KPI requirements, then the refresh time should be significantly reduced. If the data doesn't load within five minutes, our service and KPI will not function properly. Therefore, it is crucial to make it faster.

I would appreciate having more customizable dashboards to assist with in-depth analyses.

I have been using Splunk ITSI for two years.

Since I started using Splunk ITSI, it has remained stable.

Splunk ITSI is scalable.

The documentation for Splunk Doctors is excellent, particularly when it comes to addressing installation issues. However, when it comes to Splunk Processing Language, Splunk itself is unable to assist us. I would recommend relying on the documentation as a valuable resource.

Positive

The initial setup is complex. Even if we have installed ITSI, we still need to install the other apps that accompany ITSI. Perhaps we want to work on this matter, so it depends on whether I am deploying it in a large environment or just a single environment with minimal activity. Therefore, we need to include all of these in the architecture. The ITSI app is one component, but the other apps that derive from it must also be taken into consideration.

We have a tool that we use in our team to expedite the deployment process. However, we are unable to disclose the details as it is a proprietary system. On an average day, if we have access to ITSI, I can personally complete the task within a few hours due to my prior experience. However, for someone without technical expertise, it may take up to a day. Although one knowledgeable person can complete the deployment, it is easier with two people.

I have witnessed a significant return on investment in that aspect. However, it ultimately depends on the customer's use case. Everyone desires to acquire Splunk, but not everyone understands its functionality in that aspect. So, if we have a customer and a strong use case, and we know what they want, we will definitely be able to achieve it. But if we don't have a customer and lack knowledge about it, it will just remain as is.

Splunk ITSI is expensive; however, with the appropriate use case, it justifies the cost.

I rate Splunk ITSI an eight out of ten.

Anyone who is considering a point monitoring system instead of Splunk ITSI should know that with ITSI, we gain access to several other features. Even just with the service analyzer, we can observe our KPIs and identify their affected components. We can determine which settings are causing the issues and make informed decisions, such as trying alternative options. We can also evaluate if a particular KPI has significant importance, as it has a substantial impact on the overall order of operations. This provides us with a detailed perspective in terms of data and other relevant aspects. While it may not offer a purely granular view, having everything consolidated into a single interface is extremely convenient. Working with ITSI requires a considerable level of willingness and experience. However, as we are transitioning towards various new tools, including the ability to easily integrate plug-and-play devices, the only issue with ITSI might be the initial setup. Once we have it implemented, we will have the capability to accomplish all our desired tasks.

The way Splunk sells ITSI is not the way we use it. We can make much better use of ITSI. The most important aspect, in my opinion, of ITSI is the episode review. For instance, when we encounter an issue that is not immediately visible, how can we evaluate that aspect? Therefore, ITSI is beneficial. From my perspective, we need individuals to sit down and explain how it works, as it can be confusing initially. However, once we have a clear understanding, it works well.

In my organization, my team is the only one working with ITSI. We handle all deployments, and typically, we deploy on public cloud infrastructure such as Azure, AWS, and GCP. Nowadays, most deployments are cloud-based. Additionally, with the rapid growth of Splunk Cloud, installation is not a concern as it is taken care of. Our focus is on the implementation if we choose to go the Splunk Cloud route. However, we still handle the installation process ourselves, so we need to ensure our preparedness in that regard.

We have roughly 20 people in our organization that use Splunk ITSI.

In the beginning, we need to ensure that the data we receive is valid. Once we have confirmed its validity, we can rest assured that the system will generate alerts, eliminating the need to worry about maintenance.

I recommend Splunk ITSI for organizations that are interested in IT operations, monitoring, or analytics. By ensuring optimal utilization of Splunk ITSI, organizations can achieve a good return on investment that justifies the purchase.