Splunk ITSI (IT Service Intelligence) Reviews

We use the solution to monitor our own internal applications. We monitor analogs and various other DB Connect sources.

The tool has replaced some other products in our organization. It’s coming in very handy.

Alerts and episodes are valuable to me. These features put all notable events together and give us an opportunity to take action.

We can take actions based on NEAPs, like emails and service now tickets. It is pretty basic at the moment. The solution should integrate more features in NEAP.

I have been using the solution for about a year.

The solution is pretty stable.

The product is extremely scalable.

I work with a lot of Splunk’s support people. I like them. They're all good.

We were using a software called Genius. We use Splunk IT Service Intelligence now, and it's more cost-effective overall.

I have been maintaining the solution. The product is straightforward to maintain. We just need to follow the best practices, and it works. We have a lot of users, so it's difficult controlling what the users do in the environment.

The tool is a centralized place to collect all our data and compute against it. It has the potential for an ROI.

Pricing has some room for improvement.

We evaluated other options, but Splunk seemed to be the best. It is the industry leader, so it was a no-brainer.

We have an on-prem instance. Everything's pretty much on-prem. We work with cloud logs. Monitoring multiple cloud environments using the solution is pretty straightforward and easy. It is extremely important to us that the solution has end-to-end visibility into our cloud-native environment.

The solution has helped reduce our mean time to resolve. The product has helped improve our organization’s business resilience. Its ability to predict, identify, and solve problems in real-time is pretty good as long as the source is good and we use it well.

The tool’s ability to provide business resilience by empowering staff is alright. We have experienced cost efficiencies by switching to Splunk IT Service Intelligence. I know it used to be ingestion, and now it's like a CPU. It's always evolving. I was not involved in the initial setup. The solution still has some room for improvement.

Overall, I rate the product a six or seven out of ten.

We use Splunk ITSI for IT monitoring. It helps us monitor all our servers for things like CPU utilization and other performance metrics. We can integrate complex architectures with the service and connect the core to multiple data sources. Our customers' environments vary. In the last project, they had around eight departments and 75 employees, so I needed a web server for each department.

Before we shifted our customers to Splunk ITSI, they had issues getting insights in some circumstances. Now they have complete visibility from one dashboard. It helps them monitor and develop a proactive response to address the problems before they cause trouble. 

One issue we faced before implementing Splunk was that our customers couldn't predict how long it would take to reach their storage limit. Now we can categorize issues according to severity. 

Splunk ITSI has enabled us to streamline incident management by adopting aggregated policies. Instead of getting rid of incidents, we are placing these into several groups and removing the duplicates to see some insights based on previous incidents. 

We've been able to reduce alert noise using policies. By grouping the policies, we're able to avoid redundant alerts. When we used the other solution, we would sometimes get repeated warnings, but we eliminated that by implementing aggregate policies.

From IPSI, we can see the metrics and drill down. We can build a tool to check the metrics based on severity. Instead of taking every event's logs, we are directly getting the root cause of the issue. From there, we can see that it obviously reduces the rest of the time.

The solution has reduced our mean time to resolve issues. Before implementing it, we typically needed around six to eight hours to close a ticket. When we had an alert, we had to review all the native logs to find the correct server. With ITSI, I can see a score that tells me about potential issues before they arise. I can see if there is a critical problem with a server or application based on the data flows and resolve it. 

I like ITSI's service analyzer. We can integrate and group the service, then create multiple KPIs in the service analyzer we can monitor. We can use multiple connectors to get end-to-end network visibility. Many organizations prefer appliances, and we can completely integrate the appliance with the source to gain complex insights throughout the network.  

We are getting real-time insights from the service and the vendor and doing some projects using security analytics to check the path. We can monitor the behavior of an appliance or the organization and how they are using it. For example, you might see high usage on specific days and low usage on weekends. If we can identify patterns from this, it can help us predict the future.

We're using predictive analytics, and there are three or four algorithms. It would be helpful if this process were more standardized and scalable. 

I have used Splunk ITSI for nearly a year. 

Splunk ITSI is stable. The latest version is more stable than the previous one. 

Splunk ITSI is scalable. We can compare multiple APIs and services, so everything is organized and manageable. We can drill down to the bottom of all the logs on events.

I rate Splunk technical support a nine out of ten. If we work with cloud architecture, we usually need some help from Splunk, so we often need to contact support and ask for changes. We prepare the case, have a conversation with them, and get it done.

Positive

We were using service providers, but we had a log management solution and some other open source tools. We relied on custom builds of open source solutions. 

Splunk ITSI can be deployed in the cloud or on-prem depending on the customer's requirements. For example, if someone is running this in a closed environment, we can go with the on-prem deployment. Otherwise, customers will mostly go for a cloud deployment. We use AWS.

When I started the training, it seemed somewhat complicated, but once you learn a bit, it becomes straightforward. It isn't terribly complex. The deployment strategy depends on the scope of the project, such as whether you have a cluster or a distributed environment. 

You can deploy it with a team of three or four. Someone needs to take care of the prerequisites like clustering and another person might take care of the integration. Another will configure the dashboards. The process takes about five days.

We save substantial time on monitoring tasks because we don't have to search for what we need. Everything is packed, so you can drill down to the end values by just doing the kit. We don't spend a lot of time on this. Splunk ITSI is easy to use and not time-consuming.

The time to value is fast. The implementation takes time, but the customer can see value immediately once everything is configured, permissions are set, and we're ready to move. 

I rate Splunk ITSI a 10 out of 10. We need our website up 24/7, or we'll lose business. Every minute that it's down we lose money. I would recommend this to anyone who runs a business online and needs to monitor their infrastructure.

If you're considering a point monitoring system instead of ITSI, I would say it depends on the information you are using. Generally, Splunk ITSI is the advanced option that gives you multiple features together with service intelligence and analytics. You can make wonderful dashboards. Comparatively, this is enough to monitor the company's infrastructure. 

In ITSI, we can also integrate application and database logs, so the customer might get some research to predict when the database goes down. ITSI can be helpful to manage the customer infrastructure and minimize the impact on their business. 

We typically utilize Splunk ITSI to monitor our infrastructure and applications. Essentially, its purpose is to map our technical services and business services up to the host level, enabling us to monitor all the key performance indicators associated with them. Additionally, it serves as a primary tool for root cause analysis and event generation.

We needed a better method for monitoring our infrastructure and applications. Both infrastructure monitoring and application monitoring rely on data files. With Splunk ITSI, we are able to visualize the mapping of end-user entities to the business service. This enables us to easily monitor the impact of our technical services on our business, as well as the underlying information, using Splunk ITSI.

We deploy on Splunk Cloud and, in addition, we utilize ITSI on top of Splunk Cloud. We have another setup where we use Splunk on-premise along with ITSI. Therefore, our team has employed both models. However, if we have a high injection rate and operate in a large environment, we leverage Splunk Cloud with ITSI since we are already utilizing it.

End-to-end visibility is achievable with Splunk ITSI. The key requirement is to successfully onboard the data into our robust Splunk ITSI environment, allowing us to gain insight and visibility into all our services within Splunk ITSI.

Splunk ITSI has helped improve our organization by enhancing bandwidth efficiency and serving as a unified resource for monitoring, root cause analysis, and infrastructure monitoring. Instead of relying on multiple monitoring solutions like Elasticsearch, ThousandEyes, SolarWinds, and Netcool for network monitoring, Splunk ITSI enables us to accomplish all these tasks with a single tool. In order to determine if it is deriving its value or not, we cannot state with absolute certainty that we are assessing the value. However, for certain use cases, we can observe the value within a week. But for the majority of complex scenarios, in order to fully utilize the potential of Splunk ITSI, it would take at least a month for us to realize its complete value.

Splunk ITSI has the capability to reduce our alert noise. The maturity of Splunk ITSI depends on the data we have and the level of expertise of the engineer implementing it. Since its implementation, the alert noise has been significantly reduced.

Splunk ITSI has helped us reduce the meantime associated with deep dive services.

Splunk ITSI has helped us reduce the meantime resolve. Instead of searching for multiple resources to identify the exact points, we can now analyze deep dives and services to pinpoint where the issue is occurring before it affects our system. 

The most valuable features are the mapping of the entities, which provides a comprehensive analysis, and the service analyzer for thresholding. 

Splunk ITSI's predictive analytics has room for improvement. Currently, it is limited to predicting only the health score for the next thirty minutes of the business. Consequently, we are unable to predict our health score for a full day or even for seven days. The system's capability is limited to the next thirty days, and we need enhancements to enable us to predict the health score at least seven days in advance. Furthermore, the available algorithms are also quite limited, with only around eight to nine algorithms, including linear regression and classification. We lack a diverse range of machine learning algorithms within Splunk ITSI, which is a contributing factor to the issue. Additionally, the implementation process for Splunk ITSI is quite challenging, as we struggle to find well-trained resources capable of translating our business use cases into technical outcomes effectively using Splunk ITSI. This is a crucial aspect that needs attention. 

Splunk ITSI generates numerous false positives and has the potential for enhancement.

I have been using Splunk ITSI for over four years.

Stability depends on the infrastructure being used in ITSI. If we use their infrastructure, it means the entire server has acquired performance capability, resulting in good stability. However, when it comes to the cloud, stability is not a concern as everything is managed by Splunk. Therefore, the majority of our focus in ITSI is on the implementation part, where we need to translate the application team's requirements into technical use cases. This process requires a significant investment of our time.

We can scale Splunk ITSI based on our requirements with no limitations.

The technical support is good, but not excellent. 

Neutral

We previously used ThousandEyes, SolarWinds, and Netcool before migrating to Splunk and implementing Splunk ITSI.

Our team can enhance the value of Splunk ITSI by providing a single-pane-of-glass solution. This allows them to quickly identify potential performance issues in both their applications and infrastructure and conduct root cause analysis within a short timeframe. Previously, they had to consult multiple sources and correlate information, but now this process has become significantly easier. This is how we derive value from Splunk ITSI. Additionally, the team benefits from a single dashboard that enables them to pinpoint the exact location of performance issues, whether it's in the infrastructure layer, the malware layer, or within the application itself. They are capable of doing this effectively.

Splunk ITSI is an expensive tool, and we need to purchase the utility license. Our sales team handles the license cost, so I'm not aware of the exact amount we need to pay, but it's significantly higher compared to other tool sets.

We evaluated AppDynamics and Dynatrace, but when considering factors such as cost per data localization and other considerations, since we had already invested in Splunk and found it beneficial, we decided to choose Splunk ITSI over AppDynamics and Dynatrace.

I give Splunk ITSI a six out of ten.

In terms of incident management, we can integrate Splunk ITSI with our ITAM or ITSM layer, such as ServiceNow. However, the problem is that we often receive events and scheduled episodes from Splunk ITSI that do not meet our expectations when it comes to implementing filter sorting. As a result, we have to deal with a lot of false positives that need to be addressed before integrating with Splunk ITSM.

There are certain features, such as synthetic monitoring, analysis monitoring, and alert directors, that are not available with Splunk ITSI. Users need to be aware of the features they require before choosing an APM solution.

We have around fifty people using Splunk ITSI.

We require periodic maintenance from our end. Once we create all the key performance indicators, we need to handle additional use cases that need to be developed. If there are any issues, the team intends to onboard new data and add more servers to this particular part. They are mapping it to the KPIs, but we need to take care of it.

When evaluating Splunk ITSI, the first thing we should be clear about is the desired outcome we want to achieve from ITSI. We need to determine whether we are hiring it for specific requests or if the identified use cases by our teams can be effectively implemented using ITSI. We should not overlook this aspect. While ITSI has the potential to work wonders, implementing it can be quite challenging. It requires expertise in configuring services on the ITSI side, as it is data-intensive. Therefore, unless we have a highly skilled Splunk engineer who can handle ITSI, we won't be able to fully realize its value.

We use Splunk ITSI to empower users to visualize their data and transform it into actionable insights. For instance, if they desire to monitor CPU memory usage, they can leverage this tool to achieve that. Additionally, users can effectively search for alerts and trigger email notifications based on specific criteria. Moreover, Splunk ITSI supports the creation of entities that can represent physical or abstract concepts. This flexibility allows users to conduct any desired search on their data and subsequently create informative dashboards for visualization purposes.

We implement Splunk ITSI for our customers because it is the best in the market.

The most significant organizational benefit is leveraging data for various purposes. Based on the data collected, organizations can create visualizations, monitor product performance, and track metrics like CPU and RAM usage to identify potential issues and optimize operations.

Splunk ITSI helps to right-size the resources required to match demands. Splunk also offers on-prem and cloud options. 

The incident management team of Splunk is helpful when we have to escalate an issue.

Splunk ITSI assists our customers in decreasing the number of incidents. They can escalate cases and seek help for any issue, as Splunk can potentially identify the problem as related to an add-on, a different application, or something else entirely. This allows them to contact the appropriate team and work towards a resolution promptly.

It helps customers reduce the mean time to detection by using a real-time search rules engine feature. This enables users to process events in real time, leading to faster detection and response times.

Splunk ITSI assists customers in decreasing the mean time to resolution. A dedicated episode review page allows customers to create and manage groups of related events. Customers have complete control over their episodes and can acknowledge, resolve, build, or take other actions. A specialized dashboard with visualizations facilitates the resolution process, enabling customers to resolve episodes or actively automate this task. Both manual and automated options are available for episode resolution.

The analytics module includes a policy feature that allows users to automate actions, trigger events, add comments, and modify episode status. 

The most valuable features of Splunk ITSI are event analytics and service insight. Event analytics allows me to set up any query on raw data logs and ingest them into Splunk. This data can then be used to trigger events based on specific conditions. For example, I can create a ServiceNow incident, send an email, add comments, or perform custom actions when the system's CPU usage exceeds 90 percent. The Glass Table feature enables users to create dashboards, add services, and visualize data through various queries and tables. 

Splunk ITSI's UI needs to be more interactive and user-friendly.

The real-time search functionality is reliant on Splunk. Occasionally, ITSI customers encounter problems due to real-time search issues. As of the most recent release, a resolution for this issue has not been implemented. Additionally, search clusters are not currently supported in the cloud environment.

I have been using Splunk ITSI for two years.

If the data volume is excessive, we may encounter stability issues. Splunk can handle datasets as large as one or two million, but performance might be affected due to the time required for REST calls. Overall, however, Splunk is a reliable solution.

Splunk ITSI is scalable.

The technical support team is highly responsive and helpful. Customers can contact them directly for assistance with any issues they encounter. The team will diligently work to identify the root cause of the problem and, if necessary, consult with developers for further investigation. Developers will then promptly analyze the issue and provide a workaround or solution as soon as possible.

Positive

Customers are responsible for the infrastructure and deployment of Splunk ITSI on-premises. However, the Splunk TechOps team can assist customers throughout the cloud-based deployment process.

The deployment is straightforward. First, we must install Splunk and extract ITSI in the apps folder. One person can handle the deployment.

I rate Splunk ITSI nine out of ten.

Splunk ITSI is loaded with features and keeps adding more with each release.

The cloud version of Splunk ITSI requires no maintenance, unlike the on-premises version. While maintaining the on-premises version isn't complex, any issues arising from setup or parameter changes become my responsibility. In contrast, TechOps handles cloud maintenance, ensuring complete care.

I would recommend Splunk ITSI to others.

The cloud version of Splunk ITSI is more accessible to work with and to scale.

We have been using Splunk ITSI to detect anomalies in the services and monitor the health and overall performance of IT services.

We have implemented it for a few of our clients where we do monitor the entire IT infrastructure. It could be any server that they are running. It could be a mail server. It could be a web server. It could be any network device that is communicating. We monitor the health of these services and how they are performing. We check for any anomalies or threats associated with them. We create some kind of KPIs or key performance indicators that give insights into the health and services.

We are a Splunk partner. Our company provides solutions not just related to Splunk ITSI but for all the things covered by Splunk. We also provide our consultancy for all of their premium products such as SOAR and Enterprise Security. 

Splunk ITSI has a service-oriented approach to monitor the entire IT infrastructure. From a business perspective, people definitely do not want any downtime. Any downtime leads to a bad reputation for a company. Splunk ITSI is a solution that we can use to monitor every single service running within an organization. With the help of KPIs, we define the service needs. A person implementing ITSI needs to be aware of all of the services running so that they do not miss out on anything. With the predictive analysis of Splunk ITSI, we can monitor everything. If there is any anomaly, an alert gets triggered. The other thing is the integration part. We can integrate it with any of the ticketing platforms such as ServiceNow. As soon as the alerts get triggered, a ticket gets created so that a response can be made to a particular incident.

It is very integrable. It can be integrated with any network component, such as a router, or any of the logs. With the help of Glass Table, it becomes very easy to inspect if any of the services are down. If a person is trying DDoS on any of the IT servers, such as a web server, we will see a lot of packets getting injected. There will definitely be an increase in the number of packets that a server is receiving. With the help of Splunk ITSI, we can block that particular IP, so the actions can be taken at the same time.

With the help of machine learning and predictive analysis, it checks for any anomaly. It monitors the normal behavior of a service, and if there is an anomaly, it can definitely create an alert for the user. This is how Splunk ITSI works.

Splunk ITSI can integrate with various management tools for predictive analysis. It takes the data and tries to predict and see if anything is suspicious. It makes its own decision at that time, and based on the actions that are listed, it takes action on a particular incident.

Using Splunk ITSI in an IT environment is very helpful. It reduces the downtime and the time taken for a resolution. It can take certain actions on its own. We can monitor every service there. Splunk ITSI can be helpful to prevent something from going down and the users having to face any downtime, failures, or issues with the servers. There is a proactive approach where things can be fixed before they turn into a breach.

Nowadays, it has become very easy for attackers to perform any kind of attack on the servers. Every organization wants its servers to be up and running. So, there is definitely a lot of demand to monitor the entire IT infrastructure. Splunk ITSI is good for that. It plays a key role in the current era where organizations face a lot of attacks. It is a ten out of ten when it comes to being useful to fix all such issues.

Splunk ITSI completely integrates with the incident management platforms. For specific alerts or notable events, Splunk ITSI can also take action with the help of playbooks and defined workflows. With integrated incident management, we can take more advanced actions and make decisions for the environment.

Splunk ITSI helps reduce incident volume. It is business-centric and service-oriented. It provides visibility and is great for predictive analytics and incident management. It also reduces downtime and gives a clear picture of services from a business perspective. I do not have the metrics, but it reduced the incidents to a large volume.

Splunk ITSI reduces the mean time to detect through machine learning and predictive analytics. It observes the normal behavior of a service. If there is any anomaly, it triggers an alert based on the KPIs that are defined. If there is any suspicious behavior, Splunk ITSI can identify that.

We can define certain actions through playbooks for an alert. It can be integrated with SOAR. It can take certain actions as soon as an alert gets triggered. In the case of a DDoS attack, if an IP is sending a lot of packets, we want to block that particular IP to our firewalls. We can define this action within our playbooks, and Splunk ITSI will be able to sort that out in a quick manner.

We can integrate it with a SOAR to automate the workflows and take certain actions. Playbooks are useful for that. I do not have the data about time savings, but it saves a lot of time. Without it, a human will have to open the ticket and go through the incident before taking action, whereas Splunk ITSI can take certain actions on its own, saving a lot of time.

Splunk ITSI has saved money from the overall business perspective. No business wants to see downtime or failure of their services. For example, if you can proactively fix an issue and prevent a payment gateway service from going down, it will save you money. Splunk ITSI is very helpful in monitoring services, and certain actions can be taken to prevent them from going down. Any service going down costs a lot of money to a business.

Splunk ITSI can be easily integrated with the incident management platform. You can automate workflows and certain actions can be taken.

I like the KPIs aspect. If we have a number of services running, we can monitor each individual service. This is one thing that I find very useful. There is a feature in Splunk ITSI called Glass Table where we can visualize each service. We can check all the services there, and we can take a look from the high level to the low level. We can look at individual service. Glass Table is one of the features I like the most.

If they can somehow integrate it with AI in the near future, it will definitely be a game changer. Other than that, I do not see any issues with it. Overall, it suits our environment. Its scalability is good. The visualization is also good. The only thing we need to take care of is how we define the services. If the KPIs for a service are wrong, it is going to generate false positives and more alert noise.

It has been approximately three and a half years since I have been using Splunk along with this premium feature or the ITSI app. 

We have not faced any issues so far. It is a very stable tool. It is very helpful in monitoring overall IT infrastructure.

Scalability is definitely one of the key features. Splunk ITSI is very scalable. 

We have not faced any issues so far.

I have not used any solution other than Splunk ITSI. We have partnered with Splunk, and we provide consultancy with Splunk.

Splunk ITSI can be implemented on-premises or on a cloud such as Azure, AWS, or GCP. It is easy to deploy.

I was a part of the team that implemented it completely. I was involved in the initial setup and monitoring of the services. We defined all the KPIs. We completely set it up. 

The process is straightforward, but it depends on if you have a multi-site or single-site setup. For a single site, it is easy, but in the case of a multi-site, when we are doing a cluster setup, it can be challenging. However, it can be done, and it is possible to implement it with the help of the right KPIs.

The duration depends on the size and the number of resources a company holds. It depends on the size of the network they have. Ideally, you would want to integrate all of the services so that you have complete visibility and you can visualize it from an attacker's perspective.

In terms of implementation strategy, we need to be sure about the services that need to be monitored so that we do not miss anything. KPIs are important to reduce the noise. 

It is not difficult to maintain, but it does require maintenance. If there is any increase in services, Splunk ITSI needs to be scaled up, and there will be some costs for the licensing part.

We need the help of the security team. If it is going to be integrated with the service desk, we need to involve a system administrator. It depends on the privileges a company has. It varies from company to company.

It depends on how big an organization is. If we have a lot of resources, the licensing needs to be upgraded. If we have a small environment, the licensing cost is definitely going to be less.

To someone who already has an IT alerting and incident management solution but is considering switching to Splunk ITSI, I would say that it is a great move. Splunk gives you in-depth information about the health and performance of a particular service running within an organization. It will be a great move if they can implement Splunk ITSI in the organization.

Alert noise depends on how well you have defined the KPIs for your services. If KPIs are wrongly defined, you are definitely going to get more alert noise or false positives. To reduce that, you need to be very sure what a particular service is about and what could be a perfect KPI for that.

You need to assess the services you need to monitor. You should not miss any of the services. A small service can also be vulnerable. Based on the services, you need to define particular KPIs.

I would rate Splunk ITSI a ten out of ten.

We use ITSI for performance monitoring and incident management. How do you utilize it? I got it. And what problems were you trying to solve by implementing Splunk ITSI? That's good. 10 to 15 people use Splunk at my company.

ITSI helps us to monitor applications and identify performance problems or service degradation. It provides us with intelligence and enables us to act on it. We can reduce our incidents by about 10 percent. It has also reduced our time to resolve by 10 percent. 

I like ITSI's glass tables. They're easy to navigate by clicking through them. The interface isn't that much different from other products I've used. It provides all the information we need in one place. 

I have used Splunk ITSI for seven months.

I rate Splunk ITSI eight out of 10 for stability. There are some minor issues. 

I rate Splunk ITSI seven out of 10. Splunk is quite scalable, but we had some challenges in our environment.  

I rate Splunk support seven out of 10. We had issues with support that took a long time to resolve.

Neutral

We previously used a different solution. I don't recall which one. The license expired, so we switched to Splunk ITSI. 

We have deployed Splunk ITSI on the cloud. The multisite deployment was complex.

I rate Splunk ITSI eight out of 10. 

We have medical use cases. We monitor batch processes for our medical system. We batch-process data ingestion from our data warehouses just to make sure they're performing appropriately. If there's an outlier we'll report it or create an incident.

Splunk has just started to improve my organization. It's still in its infancy. We still have some kinks to work out, but it's actually giving us much better visibility than creating a normal Splunk dashboard. It's an easier process in that regard.

It has 100% improved my organization's business resilience. We're able to get better metrics. We have a project where we've actually saved the organization millions of dollars in regards to lost revenue. We were using Splunk Dashboards to determine a situation where billing wasn't being done correctly. Billing was never actually sent out to insurance companies, then that's where we found things that were falling between the cracks.

In terms of cost efficiencies, we're able to find situations where patient care is falling below the thresholds. We have other projects that are coming into play that are going to be huge for the organization that will be reporting back to the state. 

The most valuable feature is the Glass Tables. It gives you a nice, good overview of your KPIs. It's really slick and clean. 

Splunk's ability to predict, identify and solve problems in real time is excellent. We were able to see things we haven't been able to see before just because the data from multiple systems is so helpful.

Its ability to provide business resilience by empowering staff is excellent. Everybody wants to use it.

It could be a little easier to use with the thresholding. We've struggled a little bit with thresholding.

We have been using Splunk ITSI for one and a half to two years. 

Their stability is excellent. It's not a Windows product. I don't have to restart it. It's a ten out of ten.

We can scale horizontally. It's a nine out of ten.

Their support is good. During the time of COVID, it took a while to get somebody to get back to us, but that was expected. Overall, the support has been good. We haven't had many issues. We'll dig deep into the weeds before we even bother calling Splunk. 

I would rate support a seven out of ten. I wish their response time was better.

Neutral

Before ITSI, we had Datadog and there was one other product we were managing. We didn't have any visibility into it, and Splunk is a very visible product versus other ones where it's a little more locked down from the access respective.

We switched to Splunk because of the ease of use and the ability to ingest logs from pretty much everywhere. 

We had some in-house solutions, which weren't great because we were building in .NET versus something that's like Splunk, which we can pull data from everywhere, including from a .NET solution.

I was the first one to deploy it at the organization. We started with me and one manager, and then it turned into a team of five engineers, we had a riff, and we were down to three.

We made the mistake of initially deploying it on Windows. We learned very quickly that that was a big mistake and then we switched over to a Linux environment. In general, the deployment wasn't that bad. The documentation that Splunk offers has always been great. If we had any questions, we always went to support with those questions. It was pretty simple.

Other departments have seen ROI through being able to offer better and more efficient patient care. 

We like the old perpetual licensing model but everybody's going more towards the two-year. I think the professional services hours thrown in there is actually a pretty good benefit.

I would rate Splunk ITSI a nine out of ten. Not a ten because the learning curve makes it tricky.

There are multiple use cases, which include heat maps, glass tables, and predictive analysis.

The first one is mainly related to heat maps. For example, if you want to monitor the health of a server, you can prepare heat maps for that. When you set up any kind of alerts, they can get missed because people are too busy to check their emails. With these heat maps, the color changes automatically. The Cron job runs behind the scenes, and you don't need to run them manually. 

You can also set up a glass table in ITSI for the architecture. For example, a setup like Amazon would have web services, databases, queues, and other things. For the purchase and other things, it has to connect to the external world, so you need to place the complete architecture over there, and you can assign the threshold value. If there is an issue with any of the points, for example, there is an issue with the connectivity of the database, the heat maps would change in color, which helps you to easily identify that there is an issue.

It also has a concept called predictive analysis. For example, your WhatsApp chat backup happens every 24 hours or 7 hours, but you cannot predict how much bandwidth it's going to use during the backup. It might even use 100% of the bandwidth. You cannot set a proper threshold. In such cases, you can use predictive analysis. It'll analyze the data patterns, and based on the data pattern, it predicts if everything is good or if something is bad. It can predict if something is going to fail.

You can have an integration with the ticketing tools. For example, if something happens on any server or PC and you've directly integrated the tickets from Splunk to ServiceNow, it's automatically going to create a ticket in ServiceNow.

There's also a concept of episode review wherein it groups the alerts so that there's no ticket spam in ServiceNow. For example, if you are monitoring a server and it's down, there might be 10 to 20 alerts, which would create 10 or 20 separate tickets and spam your ticketing system. In such cases, you can use the episode review feature. It will merge all those tickets into one and include all the details in that.

Splunk ITSI allowed us to monitor the health of servers. We can also completely monitor an application and identify data patterns. Automation of ticketing tools can also be done with this. We can also do log monitoring with Splunk ITSI.

It's also helpful for developers. When they create an application, if there is an issue in their code, based on the output data, a request is automatically triggered to the engineering team stating that there is an issue with the code.

The visibility into an application is very good if you configure everything properly. You first have to analyze the application by using any of the monitoring tools such as Elastic, Splunk, etc. You have to analyze the application in and out, and afterward, you have to place the monitors in particular places for end-to-end visibility. For example, in the case of a home security system, to completely secure the home, you have to place the devices in a proper place. Until and unless you place the devices in a proper place, you cannot say that it's completely secured. If you are not keeping the cameras at the main entrance and the windows, or you haven't placed them properly, you can't say that the home is properly secured.

Splunk ITSI is very good for predictive analytics for preventing incidents before they occur. For everything, there are patterns, and based on the algorithm, you are allowing the machine to analyze the data and predict whether the data patterns are coming in a proper way or not. Splunk analyzes the data patterns based on the historical information that we give it. After analyzing the historical information, it creates triggers. If the data that we are feeding into the machine is incorrect, it's not going to work the same way.

There's the accuracy of alerts. In Splunk, the data is almost in real-time, so we get tickets in real-time. If there's a failure, we can roll over to the backup applications immediately. It saved about a million euros for one of our clients. They were having an issue with the Symantec antivirus that blocked the complete Citrix environment, so the workers were not able to sign in and access the application, which led to an outage. Within a matter of minutes, Splunk triggered a ticket, and they identified that they were having an issue with this particular antivirus, and they blocked it.

Splunk ITSI has helped streamline our incident management. There is efficiency in terms of clubbing the tickets and sending tickets with meaningful information, so mainly with the alerting system, you can configure as much information as you want using the Splunk monitoring tools. You can send some links in the ticket, or you can send a separate set of guidelines for the engineers on what has to be done. The clubbing of tickets has also helped a lot to avoid spamming.

Splunk ITSI has reduced our mean time to detect. Based on my experience and the feedback from others who are using it, it has saved a lot of time. The time reduction is significant when compared to other tools in the market.

It has reduced our mean time to resolve. Glass tables have been very helpful. With the help of Splunk ITSI, you can place the heat maps and services in place based on the application architecture to easily identify where the issue is coming from.

I find the episode review, glass tables, and correlation search features very useful.

Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well.

I've been using Splunk ITSI for five or six years.

I'd rate it a nine out of ten in terms of stability.

I'd rate it a nine out of ten in terms of scalability.

It isn't 100% satisfactory for all the cases. About 80% of the time, they are good, and about 20% of the time, they aren't as good. They can be very slow. We also had an incident where we asked them to upgrade to a version, but in that latest update, Splunk had removed some concepts because of price issues. As a result of removing a particular module, our complete environment failed. It took us a day to roll back the version and go back to normal. Overall, I'd rate them a seven out of ten.

Neutral

I used VMware vSphere and a CA Technologies tool. We switched to ITSI because the optimization was very less in them. There is also a significant difference in data parsing. We also have real-time data. 

At the beginning of my career, I found it to be complex because you need to know a lot of areas, such as network and firewall rules, routing methodologies, and the cluster concept. I kept on learning along with my teammates, and it's pretty good now.

In the beginning, my teammates helped me, but now I don't need any help. Depending on the load and the environment, I can build things.

One of our clients was paying two hundred thousand to three hundred thousand dollars for a report based on the complete data, whereas they could also get the data by running a couple of queries from the database. After the implementation of Splunk, we used something called DB Connect. It was a small tweak, and after that, the price was reduced to a hundred dollars or eighty dollars per annum. All they are doing now is creating or running SQL queries, getting the data back in Splunk, and based on that, triggering and sending a report. That's it. It was all about preparing proper monitoring. The data was already available. We prepared the alerts. Along with the alerts, we also prepared dashboards for the users to visually review the historical information for the past one or two years. They can even see the report month-wise. Two hundred thousand dollars to less than a hundred dollars is incomparable.

Its pricing has been changed as per the market. You get a good support service with it as well. They have 24/7 customer support. There is a portal, and if you are having issues, they are available in order to resolve them. So, its pricing isn't too much.

I'd advise learning the tool properly, understanding its capabilities, and utilizing it efficiently. One of our clients was paying hundreds of dollars towards the license, but they were utilizing it only for server monitoring. 

To someone who already has an APM solution but is considering switching to Splunk ITSI, I'd say that switching to ITSI is going to help them a little bit more. The grouping of the ticket to the users can be easily planned. It's not rocket science. It's easier compared to the other tools where you need to create a lot of configuration for that. The configuration has been segregated, which makes it easy for the applications team to set up their own monitoring and group them to avoid the number of tickets generated. You also have predictive analysis along with heat maps and glass tables, which aren't available in other APM tools in the market right now.

Overall, I'd rate Splunk ITSI an eight out of ten.