Splunk ITSI (IT Service Intelligence) Reviews

Splunk ITSI is used to analyze data and create alerts. This helps us to maintain our security best practices.

Our organization was looking for a security monitoring tool. I use Splunk ITSI as a monitoring and security tool. It helps me to protect data and prevent malware and hackers from accessing my environment. Splunk ITSI can be used to protect our role and infrastructure. It can also provide insights into how and what is helpful within our infrastructure.

Splunk ITSI provides great end-to-end visibility into our network environment. It can identify the exact root cause of an issue without any additional troubleshooting on my part.

Predictive analytics is valuable for preventing incidents before they occur because it allows me to see when the data stopped being indexed, which saves me time from having to investigate.

Splunk ITSI makes it easier to secure our entire infrastructure. Before Splunk ITSI, our environment was chaotic.

Splunk ITSI streamlines our incident management by providing a financial report of all applications in our environment.

Splunk ITSI has helped us reduce alert noise. After configuring ITSI, we set certain parameters based on our alerts. These alerts are the conditions that ITSI uses to automatically reduce noise.

Splunk ITSI helps to reduce our mean time to detect by monitoring key performance indicators such as CPU overload and the percentage of use revenue trend. On average the automation has reduced our mean time to detect by five minutes.

Splunk ITSI significantly reduces our mean time to resolve because most of our time was previously spent troubleshooting. With ITSI, we don't have to troubleshoot at all.

Splunk ITSI can help reduce downtime, but the extent of its effectiveness depends on how it is implemented.

Splunk ITSI has a lot of advantages. There are a lot of different aspects when implementing Splunk ITSI in our environment.

Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered. This automation can pass through the CI/CD pipeline tool, which helps to increase security.

The data recovery has room for improvement.

I have been using Splunk ITSI for three years now.

Splunk ITSI can be deployed on-premises or in the cloud. However, we typically deploy it in the cloud because of the available services. These services do require a lot of permissions.

Splunk ITSI is stable.

Splunk ITSI is scalable.

The quality of support depends on the individual use case and how we configure the solution.

Splunk ITSI can be installed remotely or manually. The deployment time depends on the operating system being used to deploy the solution into the cloud. Once ITSI is deployed, I can perform a ROM test through the CI/CD pipeline.

Splunk ITSI's visibility into our environment provides good value to our organization.

Splunk ITSI is a pay-per-use service that is priced fairly based on the amount of data we use.

I give Splunk ITSI an eight out of ten.

Splunk ITSI is a cheaper and easier-to-use alternative to APM solutions. Unlike APM solutions, Splunk ITSI also helps with application management, memory management, host log volume, and CPU usage.

Our clients vary in size, with some using small amounts of data and others using terabytes of data within Splunk ITSI.

Splunk ITSI maintenance involves updating the software and ensuring that it is compatible with the applications that it will integrate with.

We are trying to take regular dashboards that we have for monitoring and pull them all together for a high-level view of what is going on.

We have not got very far with it yet. We have done a service decomposition. We had some KPIs set up, and we have got just a couple of health scores, but we have not really pulled it all together. We have not gotten value out of it yet, but we are getting there. We have not seen any improvements yet, but we have high hopes. 

Splunk has helped improve our company's business resilience, but with ITSI, we are not there yet. Splunk has been great so far in terms of the ability to predict, identify, and solve problems in real-time. I have not played around with any other IT ops platforms, but it has been fantastic for us for monitoring systems with dashboards, etc.

We have not yet experienced any cost efficiencies by switching to this solution, but Splunk has certainly saved time for our system maintainers because our dashboards now roll up alerts. We just need ITSI to pull all those alerts together so that we get one alert for one problem.

We have not had any time saving with ITSI yet. We are just not that far. It has also not yet helped to reduce our mean time to resolve, but hopefully, it will.

The solution has been stable. It seems like a great solution. We have not gotten far enough with our application to see its benefits yet, but we are getting there.

It has been a large learning curve. We used Splunk Enterprise. The dashboards are pretty simplistic for the developer at first, but when they went into ITSI, it was a different world. We lacked training. We played with it a little bit, and then we brought the Splunk team in, and they did a service decomposition and whiteboarding, and it made more sense, but it was an intimidating tool for us to jump into at the beginning.

We have been using this solution for just about a year.

We have not had any issues related to stability.

We are just starting. I have got a couple of services in there. We have not scaled anything yet.

The support has been hit or miss. We are on a classified program, so we had clear points of contact assigned to us. There was a transition, and we have got some new ones. Everyone is busy and overwhelmed, and their hands are full, but the last couple of times that we reached out, we did not get much of a response.

In the past, their support was a nine out of ten, but recently, it has been a seven out of ten.

Neutral

We had a homegrown user interface that had alerts, logs, and things like that, but it was painful to manage ourselves.

We do not have any cloud. It is just on-prem. I was involved a little bit in its deployment. I was involved more as a lead but not hands-on.

We had deployed to bare metal servers at the beginning, and then we migrated to a cloud-like environment. It is not a cloud, but it is a service provider for us. At the same time, we moved to Kubernetes and containerized all of our systems. We thought we would use Splunk containers, but that did not work out for us, so we ended up pulling Splunk containers back out and installing Splunk back on VMs. That is where we are now. I do not remember the specifics, but we had trouble with deploying Splunk containers.

We implemented it ourselves.

We did not evaluate other solutions because we were already using Splunk Enterprise, so it made sense.

At this stage, I would rate it an eight out of ten because we do not have proof yet that we will get where we want to be.

Attending Splunk conferences gets me out of the office and lets me focus on Splunk for a week. They are super helpful.

Our customer is an internal department. We have about 150 teams that use Splunk and we provide Splunk for all of them. Our IT is currently setting it up for one of them. This customer is really impressed by the Glass Tables, possibilities for management, and the Showcase.

The department that uses ITSI runs the public buses for Switzerland. They use it to collect data about the cars. We will build Glass Tables for them. It's a management summary for tickets. They use it to collect data about the solution flow regarding the response time and ticketing flow. 

It helps optimize the business by speeding up trouble ticket resolutions.

We have a lot of teams using Splunk and they would be blind without it.

We have problems doing upgrades and operating alternate new versions.

The migration of the existing glass tables needs improvement. There were at least two upgrades where we had to heavily update the existing glass tables to get them to work with the new version. 

That's something that Splunk could improve on. They should simplify the upgrade process. 

I have never used their support. We solve our problems by ourselves. 

I would rate Splunk's ability to predict, identify, and solve problems in real-time a five out of ten.

I would rate Splunk an eight out of ten. It has great potential but it is a little complex to set up.

Our use cases for Splunk ITSI have been created around our critical services like payment gateways.

Splunk ITSI lacks out-of-the-box solutions for enterprise users. Currently, everything needs to be created from scratch.

In their next release, Splunk should offer API integrations with products like ThousandEyes, and AppDynamics, or some other network monitoring tools or dashboards. 

I have been using Splunk IT Service Intelligence for two years.

Splunk ITSI is stable. We have less than 24 technical staff.

The solution is easy to scale. All you need is to procure another license from Splunk and add new users.

Our company has approximately 500 users of Splunk ITSI.

Technical support from Splunk is very good. I would rate them a five out of five for service and support.

Positive

The initial setup of Splunk ITSI is simple.

The pricing of Splunk is a bit high. I would rate it a four out of five when thinking about the affordability of the solution.

I would recommend this solution to all big enterprises that actually have live traffic, like banks or telecoms.

Overall, I would rate Splunk ITSI an eight out of ten.

We use Splunk IT Service Intelligence (ITSI) to find out about system outages and reports about the outages. We have a lot of platforms that monitor solutions, outages, and downtime. Still, we're keener on the reporting, and how fast the insights can be generated, so those are our prominent use cases for Splunk IT Service Intelligence (ITSI).

After understanding and learning more about Splunk IT Service Intelligence (ITSI), particularly its capabilities, the solution helped my company look into recommendations and insights shared with stakeholders on improving the company's product.

The feature that stood out to me most from Splunk IT Service Intelligence (ITSI) was automated dashboarding or reporting. The solution lists the severity level of issues, and the response times, for example, so automated reporting is what I like best about Splunk IT Service Intelligence (ITSI).

Integration is the most critical area to improve in Splunk IT Service Intelligence (ITSI). It wasn't a great experience because you had to do a little back and forth to integrate the solution.

I want more integrations in the next release of Splunk IT Service Intelligence (ITSI), and the solution should be seamlessly connected with other solutions during integration.

I've used Splunk IT Service Intelligence (ITSI) for about six months, and I'm still using the solution.

Splunk IT Service Intelligence (ITSI) is a stable solution.

If you have the money, then Splunk IT Service Intelligence (ITSI) is scalable. It could be limited if you have to make do with whatever capacity or seats you have.

I have no experience contacting Splunk IT Service Intelligence (ITSI) technical support.

The initial setup for Splunk IT Service Intelligence (ITSI) was straightforward because you only needed to log in and connect your APIs.

I've seen ROI from Splunk IT Service Intelligence (ITSI).

We evaluated Accenture myWizard.

I'm into IT service intelligence or products focusing on monitoring and understanding systems, such as Splunk IT Service Intelligence (ITSI).

I don't remember the Splunk IT Service Intelligence (ITSI) version, but my company signed up for it in June, so it should be the latest version.

Five people use Splunk IT Service Intelligence (ITSI) within the company, and the same people take care of the deployment and maintenance of the solution.

There's no plan to increase the usage of Splunk IT Service Intelligence (ITSI), and there won't be for a long time because what my company has right now fits the budget and spending.

My advice to anyone looking into implementing the solution is to have a clear picture of the integration process and the timeline and have internal and technical capabilities, so you can address any breakdown that could happen while setting up Splunk IT Service Intelligence (ITSI).

As Splunk IT Service Intelligence (ITSI) has value and potential, I'd rate it eight out of ten.

We use this solution both on the cloud and on-premises. We are currently using the most recent version.

The observability is great and valuable because it allows us to work with all our sets.

There are no areas I can pinpoint that need improvement because the product is working well. It would be good if an interface was included in the next release.

We have been using this solution for two years.

The solution has very good stability.

The solution is scalable.

We have had positive experiences using customer service and support.

The initial setup was straightforward. We are in a NOC solution, and we have 30 people. We used a team of five people to deploy the solution. 

We implemented this solution through our partner organization.

We would rate this solution a ten out of ten.

We primarily use the solution for monitoring our infra.

We use it for monitoring the potential application, depending on what the data source ingestion is. There are many use cases. Based on the data source, we can know the best recommendation use case to provide to the customer. For example, if you are ingesting data from the firewall, you can see any traffic from the firewall itself.

There are many use cases. You can use it for all kinds of ingested data. 

The solution is stable.

It's scalable and expands well. 

It's easy to use. 

We haven't come across any shortcomings. 

We'd like them to show more inputs on the dashboard. 

The Wizard should be easier to use. 

I've been dealing with Splunk for three years and this particular solution for two. 

The solution is very stable. There are no bugs or glitches and it doesn't crash or freeze. 

It is a scalable product. 

We have around ten people using it currently. 

I don't have any insights into technical support. It's the same level of support as Phanton, as far as I know. 

I don't directly handle the deployment. I can't speak to if the implementation is easy or hard. 

There is a licensing fee a company would have to pay. The amount would depend on the data ingestion. It varies according to a company's use. It's not overly expensive. 

We sell and support this product. 

The product can be deployed on-premises and the cloud. 

I'd rate the solution nine out of ten. We're quite pleased with its capabilities. 

I would recommend the solution for others who need to monitor their infrastructure. 

ITSI's most valuable feature is that it's easy to integrate DLP.

I've been using Splunk ITSI for two to three years.

ITSI is stable.

Splunk's technical support is very fast.

The initial setup was straightforward.

We used a vendor team.

The cost of the license could be lower.

Splunk ITSI is fast and provides a lot of out-of-the-box integration. I would give this solution a score of eight out of ten.

I work for the Royal Bank of Canada. I work in a group called Investor and Treasury Services IT. We take care of all the IT systems within the Investor and Treasury Services arm, which is a global unit. My role is to ensure that we have the visibility and capabilities to ensure our systems are resilient so we can resolve any problems that may arise very quickly, and move on. My role generally deals with everything from application performance management to maintenance automation. Overall, my single goal is to increase the resiliency of our applications and gain better insight into how our operations are working from an IT operations and application maintenance perspective. 

We liked the built-in calculation of health scores. We were able to adjust the different parameters, and really build out that health score — the RAG status (Red, Amber, Green), which is very powerful from an executive perspective. At the time, we were having a lot of issues from a stability perspective. It condensed everything, allowing our executives to easily ensure that everything was running smoothly: were there any incidents overnight? Those kinds of things. That way, when our CIO woke up and got the call from the head of IMTS, he knew whether or not there was going to be trouble.

Something that we did find with the product (they may have resolved since then), had to do with the ability to contextualize the data sources. For example, we might bring in data for 50 applications from one source, but for each one of those applications, we would have to set up a different data source connection. Because of this, I had to set up one connection each for application A and then B and then C, rather than being able to set up one connection and then segregate the data coming in for those dashboards. That was probably the biggest challenge that we faced. We also faced challenges relating to UI development — being able to get the UI the way we wanted it to look performance-wise. Some of the customization levels of the UI just weren't there.

We used this solution for roughly one year. We were in a POC state for about a year, but we decided not to move forward with the prospect as a whole. The organization didn't want to invest in the product.

The stability issues we experienced were not with the Splunk ITSI product itself. The biggest challenge that we ran into was getting good, consistent data. We're a very large organization; getting at some of the data can be very difficult, especially since a lot of the data isn't centralized in one area.

Overall, it's a very stable product. It ran really well during the time that it was up and running. We didn't have any production issues at all with it.

We were running just a single instance, but we were pulling in data for about 250 applications.

The technical support with Splunk is really good. We didn't have any issues. Now, part of that is, we are Royal Bank of Canada and because of that, we have a certain cache with the vendors and they tend to bend over backward to make sure that they take care of us.

I wouldn't say it's special for the Royal Bank of Canada, but I would say that like any other support, having the right relationship with the vendor makes all the difference in the world. With Royal Bank of Canada being the largest financial institution in Canada, the top 15 in the world, we're afforded certain privileges. A smaller IT operations shop is probably not going to get the same kind of visibility into the products as a company like RBC, mainly because when Splunk wants to advertise that they're doing something, they want to be able to say that they're doing it with RBC, not an unknown corporation down the street.

No. We weren't using a different solution at all before; Splunk IT Service Intelligence was an opportunity area that we were looking into.

We had already had Splunk in our environment more than anything else. We've been running Splunk from a log aggregation and search perspective for about six or seven years now. When we were looking at what that next step looked like, it was just a natural evolution to move into ITSI.

The initial setup was straightforward.

Deployment was relatively quick mainly because it was a POC. We didn't go through all the regular rigor that we would with a production application. So we were able to have it up and running in production in a matter of three to four weeks. That included provision of the service, which takes time within a large organization like ours. 

My biggest piece of advice would be to make sure you have access to the data that you need and know what that data is. The product itself is going to do what it's going to do; there are no issues with that. However, it's gaining access to all those things in the background, that's the problem. If you're a smaller organization or you're highly centralized, getting access to that data may be really simple. For an organization the size of RBC, with the amount of segregation across the organization and the amount of division within the organization, it's more challenging. For this reason, our infrastructure partners use a different tool. They don't use Splunk, they use ELK. They're very much down that road, so getting access to data when the team that you're trying to partner with has a different solution, can sometimes be more difficult.

On a scale from one to ten, I would give this solution a rating of eight.

We use ITSI mainly for IT Infrastructure Operations Monitoring. The service model health scores allow us to identify when KPIs are starting to impact our services and to proactively manage our environments. To date, we have leveraged this data within Splunk to enable alerting so that we can solve incidents in real-time, but we are growing into our usage of the ITSI model for predictive modeling of our environment. Our infrastructure includes commodity hardware, mid-range, mainframe, on-premise data center, and cloud offerings. (Please note that these views are my personal opinions and not those of my employer)

The modeling required to setup ITSI has been very helpful in providing us a better understanding and a logical view of our services. The modeling is flexible and can be as granular or high level as our needs dictate. This flexibility also means that you need to gather a detailed understanding of your services, processes, and applications in order to build a useful model. ITSI is allowing us to more quickly identify what services are impacted by underlying infrastructure concerns.  

The health scores and glass tables are extremely valuable and useful. These provide flexible visibility options to convey the meaning of the big data analysis being performed by Splunk behind the scenes. Glass tables allow you to create graphical displays that convey critical meaning with a simple clean look and feel. The deep dive also provides the ability to dig into metrics and KPIs, which are useful to isolate the time frame involved and that should be focused on. Once in the deep dive, you can quickly identify the first KPI or metric to impact the health score and focus your efforts on it. 

ITSI could benefit from a security model that would allow operations team members to get involved in model building, KPI implementation, and model maintenance while maintaining appropriate segregation of duties. To date, all of our ITSI development is being done by our Splunk Admins, while our KPIs and much of the modeling work are managed by our Splunk developers. Future development of templates and ready to use add-ons could facilitate faster time to value, as many IT infra and even Packaged Application data models are consistent across organizations and could be plugged in easily. 

I have been using Splunk ITSI for two years. 

This is a stable solution.

It is extremely scalable, and can have high data storage costs. 

Customer service has been very responsive to our needs. 

No, we did not replace another solution with ITSI. We used it to enhance existing solutions. 

The initial setup was fairly straightforward, but we had help from Splunk professional services. 

We had help from Splunk professional services. They were extremely knowledgeable. 

I was not involved in the evaluation for ITSI. 

This is a powerful solution requiring configuration to meet your needs.