Splunk ITSI (IT Service Intelligence) Reviews

I have used Splunk ITSI to build a lot of glass tables and set up thresholds. We have also used MLTK for machine learning, predictive analytics, and anomaly detection. We use MLTK, which is an external application. We can get notified of issues well before the time to take proactive action.

We use core Splunk and Splunk IT Service Intelligence. It is a multisided cluster environment. Whenever the customer wants glass tables, notable events, or to set up some alert notifications, the product has helped our organization. We can set up our own threshold activities. We can also add ad-hoc searches in the solution. We can get the data of the indexes and alerts tracking by writing a search query.

The glass tables are very helpful. The solution also provides topologies showing exceptions or criticalities whenever something goes down. It is very helpful for customers. The notable events, glass tables, and setting up thresholds are the most valuable features of the solution.

Every customer has a different need and their own customized threshold settings. Some customers need 99% as critical, and some need 80%. We can set the customized thresholds in the product and get the alerts.

If the product had some prebuilt machine learning features, it would add value to our use cases. It would be very good if the product had some in-built predictive analytics and future forecasting features.

I have been using Splunk for almost four years.

The support depends on the licensing we use. There are different licenses available based on the volume and vCPUs. We use the license based on vCPU. It depends on how many virtual CPUs we use. It would be good if Splunk could give on-demand support.

Whenever we raise a support case, the support team follows the SLA and gives us a response. Sometimes, companies will also have on-demand support based on the support credits. Companies generally expect support persons and engineers to join the Zoom sessions when P1 and P2 issues arise. The support team takes a long time to join the meetings at such times. If we can have an engineer join the Zoom sessions right away, it would be helpful for the customers. The support team needs to respond quickly to P2 issues.

We had a P3-level case with a severity level of S2. It was a corrupt bucket issue. The case was in open status for six months. Generally, we don't need six months to fix a corrupt bucket issue. If the support case had been escalated to a higher-level engineer with advanced knowledge in debugging the issues, it would have been easier and would have taken less time.

Neutral

We have been using Enterprise Security. It is for intrusion detection and threat intelligence. It helps our enterprise security team to find vulnerabilities and take proactive actions. We started using Splunk IT Service Intelligence because it gives us some good topology if we build glass tables based on our data. The product provides us with service intelligence.

The deployment process is straightforward. It is the same as core Splunk. The solution uses summary indexing, itsi_tracked_alerts, and itsi_summary_metrics indexes. We must ensure these indexes are available and have a good retention policy.

Our customers have seen improvements in resilience and cost.

It would have been good if the product cost was much lower.

We chose Splunk over other vendors because it is much more reliable. We have done a POC to test how well the tool can help the customers and provide good value to their business. We have used other products like Elasticsearch and Cribl. However, we feel that Splunk is better. Log monitoring is very important to customers. Other log monitoring tools are not user-friendly and flexible. It is also not easy to write search queries on them. However, it is easy to write search queries on Splunk. It also has bucket lifecycles. It is easier to have a centralized repository to maintain and use the data.

Our clients monitor multiple cloud environments. We get data from different third-party clouds like Google Cloud, Microsoft Azure, or AWS. Sometimes, we also use Snowflake. Customers mostly try to build out their own dashboards and knowledge objects. They use Splunk IT Service Intelligence to be notified about any exceptions or critical issues. 

We cannot integrate the product directly with the cloud applications. First, we have to integrate our core Splunk with different clouds. We must first integrate add-ons using Splunkbase, a REST API mechanism, or an HTTP Event Collector (HEC) mechanism into core Splunk. Then, we can use the same ad-hoc search in Splunk IT Service Intelligence to get proper glass tables and results. It's easy to monitor multiple cloud environments using the solution, but we could directly integrate with it if it had the right integration features.

It is important for our organization that the solution has end-to-end visibility into our cloud-native environment. In today's world, most data goes into the cloud. Every organization wants to move the data to the cloud so that it would be more reliable and they can get the data easily. It's less cost-effective as well. So, most organizations are going to the cloud. It's really beneficial and important to the customers because they can easily get the data from the cloud and perform cost optimizations. Managing cloud-native environments with the solution is cost-effective.

The product has definitely helped reduce our mean time to resolve by 70%. If it has built-in machine learning or artificial intelligence techniques, it will be helpful to reduce the remaining 30%.

The tool has helped improve our customer's business resilience. Different SIEM applications and tools are available for enterprise security in today's world. Splunk's next version will have enhanced SOAR features. It will be useful if the product has additional features to help customers and organizations.

We used the MLTK app from Splunkbase and deployed it in Splunk IT Service Intelligence. It helped us to do predictive analysis, forecasting, and anomaly detection. It helped us gain some insights. I rate the tool's ability to provide business resilience a seven out of ten.

If we have a Splunk add-on for Unix and Windows, we can use those add-ons in our core Splunk to get the base monitoring, like OS metrics. For these things, Splunk has PowerShell scripts. It runs every five minutes. So, it is not in real-time. Every organization would need real-time monitoring. The product should provide these features in real time. For OS metrics, we use custom thresholds.

Our customers see time to value within seven days. We implement Splunk with minimal architecture, like two deployment servers, two heavy forwarders, four indexes, and three searchers. We initially had the search factor as two and the replication factor as two. We had very little data initially. We tested in our lower environment with the POC and found the data the customers wanted to see in Splunk. It was helpful for the customers. They can find the exceptions, write their own search queries, and build their own knowledge objects.

We get different types of security management tools in the market, like Enterprise Security, SOAR, and Phantom. The product brings a lot of value to the customers. It gives a lot of insights into notable events and predictive analysis. It also has a good dashboard. I expect the solution to provide enhanced features in the upcoming release.

Attending Splunk conferences provides us with an opportunity to interact and get more details on the products from different vendors. More than 1,000 vendors attend the conferences. The more we interact with the vendors, the more insights we get from them. It is also helpful to build relationships with the vendor.

Overall, I rate the tool an eight out of ten.

We typically utilize Splunk ITSI to monitor our infrastructure and applications. Essentially, its purpose is to map our technical services and business services up to the host level, enabling us to monitor all the key performance indicators associated with them. Additionally, it serves as a primary tool for root cause analysis and event generation.

We needed a better method for monitoring our infrastructure and applications. Both infrastructure monitoring and application monitoring rely on data files. With Splunk ITSI, we are able to visualize the mapping of end-user entities to the business service. This enables us to easily monitor the impact of our technical services on our business, as well as the underlying information, using Splunk ITSI.

We deploy on Splunk Cloud and, in addition, we utilize ITSI on top of Splunk Cloud. We have another setup where we use Splunk on-premise along with ITSI. Therefore, our team has employed both models. However, if we have a high injection rate and operate in a large environment, we leverage Splunk Cloud with ITSI since we are already utilizing it.

End-to-end visibility is achievable with Splunk ITSI. The key requirement is to successfully onboard the data into our robust Splunk ITSI environment, allowing us to gain insight and visibility into all our services within Splunk ITSI.

Splunk ITSI has helped improve our organization by enhancing bandwidth efficiency and serving as a unified resource for monitoring, root cause analysis, and infrastructure monitoring. Instead of relying on multiple monitoring solutions like Elasticsearch, ThousandEyes, SolarWinds, and Netcool for network monitoring, Splunk ITSI enables us to accomplish all these tasks with a single tool. In order to determine if it is deriving its value or not, we cannot state with absolute certainty that we are assessing the value. However, for certain use cases, we can observe the value within a week. But for the majority of complex scenarios, in order to fully utilize the potential of Splunk ITSI, it would take at least a month for us to realize its complete value.

Splunk ITSI has the capability to reduce our alert noise. The maturity of Splunk ITSI depends on the data we have and the level of expertise of the engineer implementing it. Since its implementation, the alert noise has been significantly reduced.

Splunk ITSI has helped us reduce the meantime associated with deep dive services.

Splunk ITSI has helped us reduce the meantime resolve. Instead of searching for multiple resources to identify the exact points, we can now analyze deep dives and services to pinpoint where the issue is occurring before it affects our system. 

The most valuable features are the mapping of the entities, which provides a comprehensive analysis, and the service analyzer for thresholding. 

Splunk ITSI's predictive analytics has room for improvement. Currently, it is limited to predicting only the health score for the next thirty minutes of the business. Consequently, we are unable to predict our health score for a full day or even for seven days. The system's capability is limited to the next thirty days, and we need enhancements to enable us to predict the health score at least seven days in advance. Furthermore, the available algorithms are also quite limited, with only around eight to nine algorithms, including linear regression and classification. We lack a diverse range of machine learning algorithms within Splunk ITSI, which is a contributing factor to the issue. Additionally, the implementation process for Splunk ITSI is quite challenging, as we struggle to find well-trained resources capable of translating our business use cases into technical outcomes effectively using Splunk ITSI. This is a crucial aspect that needs attention. 

Splunk ITSI generates numerous false positives and has the potential for enhancement.

I have been using Splunk ITSI for over four years.

Stability depends on the infrastructure being used in ITSI. If we use their infrastructure, it means the entire server has acquired performance capability, resulting in good stability. However, when it comes to the cloud, stability is not a concern as everything is managed by Splunk. Therefore, the majority of our focus in ITSI is on the implementation part, where we need to translate the application team's requirements into technical use cases. This process requires a significant investment of our time.

We can scale Splunk ITSI based on our requirements with no limitations.

The technical support is good, but not excellent. 

Neutral

We previously used ThousandEyes, SolarWinds, and Netcool before migrating to Splunk and implementing Splunk ITSI.

Our team can enhance the value of Splunk ITSI by providing a single-pane-of-glass solution. This allows them to quickly identify potential performance issues in both their applications and infrastructure and conduct root cause analysis within a short timeframe. Previously, they had to consult multiple sources and correlate information, but now this process has become significantly easier. This is how we derive value from Splunk ITSI. Additionally, the team benefits from a single dashboard that enables them to pinpoint the exact location of performance issues, whether it's in the infrastructure layer, the malware layer, or within the application itself. They are capable of doing this effectively.

Splunk ITSI is an expensive tool, and we need to purchase the utility license. Our sales team handles the license cost, so I'm not aware of the exact amount we need to pay, but it's significantly higher compared to other tool sets.

We evaluated AppDynamics and Dynatrace, but when considering factors such as cost per data localization and other considerations, since we had already invested in Splunk and found it beneficial, we decided to choose Splunk ITSI over AppDynamics and Dynatrace.

I give Splunk ITSI a six out of ten.

In terms of incident management, we can integrate Splunk ITSI with our ITAM or ITSM layer, such as ServiceNow. However, the problem is that we often receive events and scheduled episodes from Splunk ITSI that do not meet our expectations when it comes to implementing filter sorting. As a result, we have to deal with a lot of false positives that need to be addressed before integrating with Splunk ITSM.

There are certain features, such as synthetic monitoring, analysis monitoring, and alert directors, that are not available with Splunk ITSI. Users need to be aware of the features they require before choosing an APM solution.

We have around fifty people using Splunk ITSI.

We require periodic maintenance from our end. Once we create all the key performance indicators, we need to handle additional use cases that need to be developed. If there are any issues, the team intends to onboard new data and add more servers to this particular part. They are mapping it to the KPIs, but we need to take care of it.

When evaluating Splunk ITSI, the first thing we should be clear about is the desired outcome we want to achieve from ITSI. We need to determine whether we are hiring it for specific requests or if the identified use cases by our teams can be effectively implemented using ITSI. We should not overlook this aspect. While ITSI has the potential to work wonders, implementing it can be quite challenging. It requires expertise in configuring services on the ITSI side, as it is data-intensive. Therefore, unless we have a highly skilled Splunk engineer who can handle ITSI, we won't be able to fully realize its value.

We have some business-oriented monitoring. The technical components are aggregated to business services up to a certain level. We could do a lot more, but this is what we are doing currently.

Splunk ITSI has improved our mean time to resolution. We can essentially notice things before somebody calls. We have better customer satisfaction. It is hard to say how much time it has saved, but if we do not use it, it will take quite a while until we notice something is down or until we find out what exactly is the issue.

We monitor multiple cloud environments with it. It is no more difficult than anything else.

Splunk ITSI has end-to-end visibility into our cloud-native environment. We also have SignalFx. We are an early adopter of SignalFx in Switzerland. It is integrated, and we have been beta-testing the integration. It is quite easy and workable. It is quite nice.

It provides business resilience by empowering staff. That is the core feature. You can tailor the solution and give the exact information in a certain context. This correlation and this presentation help the business, the users, or the person responsible for the application or the stack. That is the interesting part.

Splunk Episodes are valuable because it correlates and aggregates all the information, and you do not have one million events to look at and triage, so it is quite convenient.

The solution is okay. I am not sure whether the current release has already moved to the new framework where instead of the glass tables, we can directly use the Dashboard Studio. It would be nice to have that integrated into the same framework.

We have been using Splunk ITSI for more than four years.

Its stability is excellent.

Its scalability is excellent.

They used different tools for different parts. For the service aggregation part, they used Netuitive. They still use Dynatrace for some of the things, but they have mostly moved to SignalFx. Dashboarding was one area for which they never had anything.

The guys with the container-based workload absolutely demanded SignalFx. That had the repercussions of finally moving to Splunk ITSI.

I was not involved in its deployment.

I am not sure about the ROI of Splunk ITSI, but we have definitely got an ROI from Splunk. We have been using Splunk since version 3 and doing lots of things. We have hundreds of use cases. If you ask anybody in the business, they would say that it is essential and critical.

Splunk has improved our business resilience in combination with Splunk Enterprise. It is widely adopted by our developers, and we also have a fairly large number of dashboards where core services, such as managed file transfer, are transparent for the users that own a system that is connected as a sending or receiving device so that they can self-service and check if everything is working. There is also alerting on that. So, there are multitudes of use cases. It is more of a framework; it is more of a platform. There is wide adoption of it. 100% of the users in the company have access to it. Not everybody uses it, but everybody has access to it.

It is interesting. I am not involved that much lately, but if I recall correctly, you license primarily on the volume of data that you are using in Splunk ITSI, but there is no way Splunk can ever check if that is true, so that is interesting. We are not doing it, but someone can pretend to just use 10%, and it would be super cheap. It is tricky, but it is more tricky for Splunk than for us.

There were quite a few solutions that we looked at. We were beta testing Splunk ITSI, but unfortunately, the adoption was not possible back then. They had a few market-leading products in the procurement. Due to SignalFx, we finally chose Splunk ITSI.

I would rate Splunk ITSI an eight out of ten.

We use the solution for intelligence. For example, if I have a website that sells games, it might have a lot of things like databases, servers, et cetera. I can see how many users have logged in, what purchases can be made, and so on. Splunk provides the logs to see all of the data for all actions on the site. I can see things on a technical level, like how CPUs are performing.

I can see things in real-time, and it's based on real data. This is the advantage Splunk has. There is complete visibility and I can monitor KPIs as well.

I can look at how my database looks, how my sales look, et cetera, and all metrics are in one place.

There's machine learning as well, including anomaly detection. You can look at and understand the date very easily. It helps us provide a complete understanding of business so that I can understand anomalies better and watch the daily data. It gives me alerts in which I can take a deeper dive.

I have a ticketing system. If I have a Splunk power user, they can look at the data and create a ticket for future inspection. People can correlate and collaborate on the same ticket.

Basically, everything you need you can find on Splunk. You can also create custom actions. 

We can do actions right on the Splunk UI. 

The compatibility is good.

The end-to-end visibility is okay. The only thing that is lacking is the application monitoring. We struggled with one use case where payments were failing and they couldn't understand if it was the infrastructure or bandwidth. The capability of recording any transaction is not possible in Splunk. You have to write your own scripts, however, it's not as user-friendly.

The predictive analytics are pretty good. I've seen people using it. That said, I'd say the admin needs a deep understanding of the infrastructure. It has a tendency to create noise. If you have a noisy system, when there's an alert, people tend to miss issues. 

Customers have noted the solution helps streamline incident management. At a single glance, there is a complete view of infrastructure. It's good for the customer on the technical side. Teams were able to map the availability of the system more accurately - up by 28%.

It's helped reduce alert noise. It can aggregate the alerts and just create an alert only when needed. From the UI, you can correlate the alerts using dynamic conditions (not just static ones).

We've been able to reduce the mean time to detect. It has a similar meantime to detect as Dynatrace. We've used it when there wasn't an existing system, and we would have had similar results with other tools in the market. It's helped with MTTR for sure. Previous to implementing Splunk, the mean time was one hour or so. Once we implemented it, the alert notification was automatically sent to people, so it automatically reduced the time to two to five minutes. 

The mean time to resolve has been reduced thanks to Splunk. 

If you are using Splunk ITS and Splunk Enterprise Security, you have to run different searches. You cannot run both on the same server. You can bifurcate it however you want, however.

The license cost is expensive. When I want a premium application it's extra. I need to pay for this on top of my base license. 

We'd like to see more use of artificial intelligence. There's no easy knowledge-base bot. It would help if they had a ChatGPT-like AI that could show them the knowledge base information they could use to address tickets.

I've used Splunk as a product for about five years. 

The solution is stable. 

The solution can scale. I'd rate it seven out of ten. There are some requirements on the backend in terms of scaling. If you want extra storage, it will cost more money. If you are adding a new server you will have to go and configure it and then you have to restart everything, so there may be downtime. 

I've contacted technical support. They were good in terms of experience. The cloud support is excellent. 

Positive

I did not previously use a different solution. 

You can install the solution on-premises or on the cloud. If you want to send the data to your own on-premises environment, you can do so.

I was involved in the initial deployment. The setup was very straightforward, however, the requirements gathering can be complex, as well as gathering the KPIs and developing an understanding of requirements. You need someone who has a complete understanding and a holistic view of the environment. 

How many people you need for the deployment depends on how big the infrastructure is, what you want to monitor, and the timeline you have.

The on-premises deployment requires maintenance as you have to monitor the server. The cloud requires less maintenance. 

We tend to implement the solution for our customers. 

The solution can be costly. You have to have a fixed license. It's very difficult for people to know beforehand how much they will be charged. 

We're Splunk partners. 

For someone who already has an APM solution and is considering switching to ITSI, I'd advise them to look at the licensing and their budget and to consider where their APM is currently lacking. If you aren't getting the alerts you need or you can't see how your infrastructure looks, it might make sense to switch. They need to be aware, however, there will be an extra cost.

Secondly, if you can't see the logs in your application and can't fetch the logs, for example, if you are on Dynatrace, and Dynatrace does not provide your login analysis, you can just go and write a query. However, it depends on what your end customer needs as well. If they need good dashboards and they need flexible dashboarding, to which you can add images, and customize the way you want, you may need something more robust, like Splunk. We were able to pull it off using Splunk ITSI as it gives you very easy-to-customize dashboards. 

To someone who's considering a point monitoring system instead of ITSI, I'll say that, depending on your infrastructure, it might be a good idea. If you have less data, and you can manage with the manual alerts, you're fine. However, if you're wasting a lot of time with the alerts and get a lot of alert noise, that means you can be missing major alerts. For major infrastructure, it's a good idea to have ITSI.

You need a minimum of 14 days before seeing time to value. 14 days is required in order to be able to use the complete solution. That allows the system to get good at anomaly detection. 

I'd rate the solution eight out of ten.

We are trying to take regular dashboards that we have for monitoring and pull them all together for a high-level view of what is going on.

We have not got very far with it yet. We have done a service decomposition. We had some KPIs set up, and we have got just a couple of health scores, but we have not really pulled it all together. We have not gotten value out of it yet, but we are getting there. We have not seen any improvements yet, but we have high hopes. 

Splunk has helped improve our company's business resilience, but with ITSI, we are not there yet. Splunk has been great so far in terms of the ability to predict, identify, and solve problems in real-time. I have not played around with any other IT ops platforms, but it has been fantastic for us for monitoring systems with dashboards, etc.

We have not yet experienced any cost efficiencies by switching to this solution, but Splunk has certainly saved time for our system maintainers because our dashboards now roll up alerts. We just need ITSI to pull all those alerts together so that we get one alert for one problem.

We have not had any time saving with ITSI yet. We are just not that far. It has also not yet helped to reduce our mean time to resolve, but hopefully, it will.

The solution has been stable. It seems like a great solution. We have not gotten far enough with our application to see its benefits yet, but we are getting there.

It has been a large learning curve. We used Splunk Enterprise. The dashboards are pretty simplistic for the developer at first, but when they went into ITSI, it was a different world. We lacked training. We played with it a little bit, and then we brought the Splunk team in, and they did a service decomposition and whiteboarding, and it made more sense, but it was an intimidating tool for us to jump into at the beginning.

We have been using this solution for just about a year.

We have not had any issues related to stability.

We are just starting. I have got a couple of services in there. We have not scaled anything yet.

The support has been hit or miss. We are on a classified program, so we had clear points of contact assigned to us. There was a transition, and we have got some new ones. Everyone is busy and overwhelmed, and their hands are full, but the last couple of times that we reached out, we did not get much of a response.

In the past, their support was a nine out of ten, but recently, it has been a seven out of ten.

Neutral

We had a homegrown user interface that had alerts, logs, and things like that, but it was painful to manage ourselves.

We do not have any cloud. It is just on-prem. I was involved a little bit in its deployment. I was involved more as a lead but not hands-on.

We had deployed to bare metal servers at the beginning, and then we migrated to a cloud-like environment. It is not a cloud, but it is a service provider for us. At the same time, we moved to Kubernetes and containerized all of our systems. We thought we would use Splunk containers, but that did not work out for us, so we ended up pulling Splunk containers back out and installing Splunk back on VMs. That is where we are now. I do not remember the specifics, but we had trouble with deploying Splunk containers.

We implemented it ourselves.

We did not evaluate other solutions because we were already using Splunk Enterprise, so it made sense.

At this stage, I would rate it an eight out of ten because we do not have proof yet that we will get where we want to be.

Attending Splunk conferences gets me out of the office and lets me focus on Splunk for a week. They are super helpful.

Splunk ITSI is our platform for data ingestion from various sources. We leverage it to manage Kubernetes configurations, licenses, reports, dashboards, and user permissions. Additionally, we utilize ITSI for field extraction and data model retrieval.

We successfully integrated Splunk ITSI with ServiceNow. The integration process was straightforward. We downloaded the Splunk Integration application from the ServiceNow app store and configured the ServiceNow account using the provided URL, username, password, and authentication method.

Splunk ITSI offers end-to-end visibility through a centralized admin console. This console allows us to monitor all aspects of our system, including indexing performance, daily resource usage, CPU utilization, and insights.

Splunk ITSI has helped our organization save time. We saw the benefits within the first three minutes of use.

We saw time to value within minutes of using Splunk ITSI.

The KPS used to automate the integration policy is the most valuable feature of Splunk ITSI.

After upgrading Splunk ITSI from version 4.11 to 4.13, the analyzer stopped finding values for KPS and services. We had to manually deploy a script to resolve this issue.

I have been using Splunk ITSI for three years.

Splunk ITSI is stable.

Splunk ITSI is a resilient solution able to recover quickly.

Splunk ITSI is scalable.

The technical support team is great. They've helped troubleshoot our issues. Once we raise a ticket, we can continue the process using a DLL file.

Positive

The initial deployment is straightforward. The setup is automated.

Five people were required for the deployment.

The implementation was completed in-house.

The licensing is based on data usage.

I would rate Splunk ITSI eight out of ten.

I recommend Splunk ITSI over other APMs because we can monitor everything from a single console.

Splunk ITSI is deployed across multiple locations.

No maintenance is required for Splunk ITSI.

We utilize Splunk ITSI to enhance our IT operations within our infrastructure. Our goal is to monitor only the most critical KPIs. Additionally, we have access to a detailed overview of the KPI services and entities, allowing us to identify issues in real time. 

We deploy Splunk ITSI both on-premises and in the Splunk cloud. 

We implemented infrastructure monitoring using ITSI to track various aspects such as latencies and specific components like CPU and memory. I can now provide detailed information about the specific cause of CPU-related issues. The problem lies in determining the process through which we can obtain a high-level overview of our services. When we delve deeper, we have access to numerous details to identify the KPI responsible for disrupting the service application. I can now explore ways to monitor its performance and locate the service in question. With ITSI, we can receive alerts and easily navigate to the precise location to resolve the problem.

The end-to-end visibility of Splunk ITSI in our network environment depends on the individual utilizing it. While it may be present, it is crucial to possess a solid understanding of ITSI. In order to illustrate this aspect, we require a well-defined use case that demonstrates our intention to employ ITSI. Overall, I would describe the end-to-end view as highly effective. It facilitates seamless data acquisition and enables us to easily analyze the data afterward.

Splunk ITSI can be utilized for predictive analytics to prevent incidents before they happen. It is regarded as the superior option for observability. While observability is commendable, we also make efforts to view data from SignalFX and leverage ITSI's capabilities to analyze and access large volumes of data. ITSI serves as a tool for analytics, but we can also employ it for observability, albeit SignalFX remains our primary choice for that purpose.

Splunk ITSI has helped us streamline our incident management, particularly through its correlation searches and event policies. With these features, we can efficiently handle multiple tasks by grouping them together under correlations. We can easily search for and identify these tasks and then review them in-network, allowing us to determine the specific episode and identify any high alerts. This enables us to drill down and investigate further, depending on our proficiency with ITSI. Additionally, we have the ability to create a dashboard for editing reviews. This way, we can access our episodes, drill down into our dashboard, and examine the detailed information about the issues we are facing.

ITSI has helped reduce our alert noise by thirty percent. We don't need to extract a large amount of information from our correlation strategies. We can simply refine them and obtain the essential details, thus avoiding unnecessary noise in our environment. We just need to grasp the main idea.

Splunk ITSI has helped us reduce our mean time to detect by approximately fifteen percent. I have been collaborating with individuals who also utilize ITSI for the past five years, and we have observed its continuous improvement each year. The mean time to detect is contingent upon our level of dedication to ITSI in that aspect.

Splunk ITSI has helped us reduce our mean time to resolve by approximately fifteen percent. If we also have a good dashboard alongside it, we can drill down and go straight to the issue.

One of the excellent features is the service analyzer, which is truly impressive. Additionally, we have the infrastructure review, which allows us to assess our infrastructure comprehensively. That is fantastic! Furthermore, the latest ITSI connects the new tenant we have for tenant management. This feature enables us to retire an entity instead of merely deleting it, and if needed, we can easily reactivate it. There are numerous exciting new additions. Splunk ITSI itself is highly interactive, making the overall service experience truly remarkable.

Splunk ITSI could function even better, particularly when it comes to refreshing the service infrastructure. If we could have the option to go back not just sixty minutes, but also one or five minutes, it would enhance our capabilities.

The service analyzer component is excellent, particularly the default analyzer. However, I believe the refresh time should be faster. If it also takes five minutes to complete, as suggested by the KPI requirements, then the refresh time should be significantly reduced. If the data doesn't load within five minutes, our service and KPI will not function properly. Therefore, it is crucial to make it faster.

I would appreciate having more customizable dashboards to assist with in-depth analyses.

I have been using Splunk ITSI for two years.

Since I started using Splunk ITSI, it has remained stable.

Splunk ITSI is scalable.

The documentation for Splunk Doctors is excellent, particularly when it comes to addressing installation issues. However, when it comes to Splunk Processing Language, Splunk itself is unable to assist us. I would recommend relying on the documentation as a valuable resource.

Positive

The initial setup is complex. Even if we have installed ITSI, we still need to install the other apps that accompany ITSI. Perhaps we want to work on this matter, so it depends on whether I am deploying it in a large environment or just a single environment with minimal activity. Therefore, we need to include all of these in the architecture. The ITSI app is one component, but the other apps that derive from it must also be taken into consideration.

We have a tool that we use in our team to expedite the deployment process. However, we are unable to disclose the details as it is a proprietary system. On an average day, if we have access to ITSI, I can personally complete the task within a few hours due to my prior experience. However, for someone without technical expertise, it may take up to a day. Although one knowledgeable person can complete the deployment, it is easier with two people.

I have witnessed a significant return on investment in that aspect. However, it ultimately depends on the customer's use case. Everyone desires to acquire Splunk, but not everyone understands its functionality in that aspect. So, if we have a customer and a strong use case, and we know what they want, we will definitely be able to achieve it. But if we don't have a customer and lack knowledge about it, it will just remain as is.

Splunk ITSI is expensive; however, with the appropriate use case, it justifies the cost.

I rate Splunk ITSI an eight out of ten.

Anyone who is considering a point monitoring system instead of Splunk ITSI should know that with ITSI, we gain access to several other features. Even just with the service analyzer, we can observe our KPIs and identify their affected components. We can determine which settings are causing the issues and make informed decisions, such as trying alternative options. We can also evaluate if a particular KPI has significant importance, as it has a substantial impact on the overall order of operations. This provides us with a detailed perspective in terms of data and other relevant aspects. While it may not offer a purely granular view, having everything consolidated into a single interface is extremely convenient. Working with ITSI requires a considerable level of willingness and experience. However, as we are transitioning towards various new tools, including the ability to easily integrate plug-and-play devices, the only issue with ITSI might be the initial setup. Once we have it implemented, we will have the capability to accomplish all our desired tasks.

The way Splunk sells ITSI is not the way we use it. We can make much better use of ITSI. The most important aspect, in my opinion, of ITSI is the episode review. For instance, when we encounter an issue that is not immediately visible, how can we evaluate that aspect? Therefore, ITSI is beneficial. From my perspective, we need individuals to sit down and explain how it works, as it can be confusing initially. However, once we have a clear understanding, it works well.

In my organization, my team is the only one working with ITSI. We handle all deployments, and typically, we deploy on public cloud infrastructure such as Azure, AWS, and GCP. Nowadays, most deployments are cloud-based. Additionally, with the rapid growth of Splunk Cloud, installation is not a concern as it is taken care of. Our focus is on the implementation if we choose to go the Splunk Cloud route. However, we still handle the installation process ourselves, so we need to ensure our preparedness in that regard.

We have roughly 20 people in our organization that use Splunk ITSI.

In the beginning, we need to ensure that the data we receive is valid. Once we have confirmed its validity, we can rest assured that the system will generate alerts, eliminating the need to worry about maintenance.

I recommend Splunk ITSI for organizations that are interested in IT operations, monitoring, or analytics. By ensuring optimal utilization of Splunk ITSI, organizations can achieve a good return on investment that justifies the purchase.

We use Splunk ITSI for better CMDB management and control of all infrastructure devices.

We had many old devices and legacy systems, and architects used to configure them as they saw fit. To streamline and standardize our operations, we had to rely on Splunk. Splunk invented device discovery, which allowed us to learn what devices are on the network, what type they are, and how to classify them. Splunk ITSI has been very helpful to us.

We deployed Splunk ITSI on-premises, and it can also be deployed in the cloud.

Splunk ITSI helps the advisory board's cab team increase efficiency by instilling trust in systems over manual administrators. Splunk ITSI also provides a central source for the documentation of our application dependencies.

Splunk ITSI provides end-to-end visibility into our network environment, which reduces the manual effort required to capture configuration data and helps us identify weaknesses in our network.

Once we have implemented the CMDB to meet our requirements, Splunk ITSI's predictive analytics can identify any devices that will be affected by planned changes and provide us with that information. This will allow us to prioritize incidents based on their criticality and notify stakeholders accordingly.

Splunk ITSI has helped our organization in many ways. It has centralized all resources for administrators and service personnel. Architects can plan better using the environmental details provided by ITSI. The CAB team can provide approvals quickly because the information is easily accessible. Splunk ITSI is reliable, and its AI-driven predictive analytics help identify potential component or device failures.

Splunk ITSI streamlined our incident management by allowing Splunk administrators to easily see all incident details and cascade them down to relevant stakeholders and customers. This enabled us to inform the service desk team so they could better prepare responses to end-user queries. We can also easily identify and address infrastructure challenges affecting specific companies.

It helps reduce our alert noise by a minimum of ten percent and it can go significantly more. We categorize and close alerts directly through ServiceNow after integrating our account. This automated process frees up our admins' time to focus on more important tasks.

Splunk ITSI has reduced our MTTD by over ten percent. We can meet our SLAs with Splunk ITSI 99.8 percent of the time. It has also reduced our MTTR by five to ten percent each quarter. We can resolve almost 90 percent of our tickets.

With Splunk ITSI, we can optimize business processes and systems. ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use. This also enables proactive responses to trends and events, as events are already segregated based on how they have been mapped.

Splunk ITSI consumes a lot of CPU resources. I would like a more lightweight solution in terms of resource consumption.

The price has room for improvement.

I have been using Splunk ITSI for five years.

Splunk ITSI is stable.

Resilience is valuable because it functions perfectly, helping to reduce risk and assist our admins and architects.

Splunk ITSI is scalable.

We previously used our internal CMDB solution, which was not streamlined and depended on a few key architects. We wanted more control and better governance, so we switched to Splunk ITSI.

The difficulty level of the deployment depends on the knowledge of those doing the implementation. A person with moderate knowledge will require some time to do all the configurations.

Our deployment took around four to six weeks to complete.

I have seen ROI from Splunk ITSI of close to 30 percent at both my current and previous organizations. The returns have been presented to leadership.

The cost of the modules is a bit high for non-global companies, making it difficult for them to afford Splunk ITSI.

I would rate Splunk ITSI eight out of ten.

Splunk ITSI is the best application performance monitoring tool because it helps administrators do their jobs better, has more computing power, and allows staff to focus on governance and automation.

Organizations may benefit from considering a point monitoring system instead of Splunk ITSI, depending on their environment.

We achieved time to value with Splunk ITSI within the first four to six weeks of deployment.

Splunk ITSI is deployed across multiple departments in our organization and there are 20 users.

Maintenance is required for updates.

I recommend Splunk ITSI. The solution can discover all types of devices in our environment.