Splunk ITSI (IT Service Intelligence) Reviews

My use case for Splunk ITSI is incident management. We check the episodes and troubleshoot them. With the incident management feature, we can categorize the client who has provided some knowledge bases. According to that, we troubleshoot the problem and escalate the issue to the client or the next teams.

The best features of Splunk ITSI are that it is safe and secure to hide the client details, and we can check all previous incident or episode details. We can categorize them with priorities and add the knowledge base. These features are very frequent and sophisticated and good to use for the user, and it is simple and easy to understand.

Regarding customizable dashboards, we can find that the episodes were auto-triggered. We have all the information whether the count is increasing, if it is severe, critical, or priority-based. We can check and categorize all that, and it is simple and very effective in workflow.

There are areas in Splunk ITSI that have room for improvement, such as the episodes, the speed, or the accuracy. Sometimes they do not clear and sometimes they auto-populate, and without any reason, sometimes the episodes or incidents were triggered by Splunk ITSI, which confuses us sometimes. The only other area for improvement besides the speed and accuracy is nothing else.

I have been using Splunk ITSI for two years from 2024.

I would rate the stability of Splunk ITSI as 7 to 8, as I mentioned earlier with some complaints about accuracy and speed.

For scalability, I will give 10 out of 10.

I would rate the technical support that Splunk provides as an eight.

Positive

I do not have an idea about other vendors since it is my first project and first tool that I used, but I felt very comfortable with this.

The deployment is easy. It takes time according to the task or activity, but not too much time; we are comfortable with the time frame.

We do not do any maintenance, as the other team will handle those things; we just monitor.

It has saved me a lot of money and a lot of time. It is above 60%, not 10% or 20%.

Regarding pricing, I think it is cost-efficient, helpful, and effective for both the clients and the delivery partners.

I do not use the intelligent alerting.

I would advise others looking to implement this product that it feels safer and I will definitely recommend it. 

We use Splunk ITSI to monitor the different stages, spaces, and processes of payment operation.

Splunk helps us improve our incident response time. We have a dedicated observability monitoring team that continuously monitors our systems for failures or delays in payments, 24/7. This monitoring generates alerts that we use to identify potential issues. We have established SLAs for all of these issues. Splunk allows us to alert the appropriate people well in advance of a potential breach, so they can resolve the issue faster and minimize downtime.

I would rate Splunk's predictive analytics for preventing incidents an 8 out of 10.

Splunk ITSI has helped reduce our mean time to resolve.

The most valuable features are the service analyzer and Glass Tables.

Since ITSI is primarily used for monitoring-related services, it would be beneficial if Splunk offered pre-built dashboards or a drag-and-drop interface for creating custom dashboards. This would simplify the process for users, especially for monitoring basic services like Windows and Linux servers. Currently, Splunk doesn't provide this functionality, requiring users to write queries and build dashboards manually. Including pre-built panels would significantly enhance the value of Splunk for ITSI users.

The end-to-end visibility in Splunk ITSI is limited and has room for improvement.

I have been using Splunk ITSI for over 1 year.

Splunk is generally considered stable when deployed on-premises. However, its performance on cloud platforms like AWS or others may vary.

I would rate the stability 7 out of 10.

The resilience of Splunk is based on how well it performs on high loads so I would rate it 7 out of 10.

I would rate the scalability 9 out of 10.

I am dissatisfied with the customer support team's response times. When we submit a ticket for a high-priority incident, it takes Splunk support approximately 2 hours to respond and connect with us. We have consistently experienced these delays on multiple occasions.

Additionally, when encountering issues with core configuration or out-of-the-box features, tickets are frequently reassigned to different representatives. This handoff process necessitates us to explain the problem repeatedly, which is frustrating and time-consuming.

Neutral

In my previous project, I successfully led the end-to-end deployment of a Splunk migration. The process went smoothly thanks in part to Splunk's professional services team. They conducted a thorough assessment, identified all our potential pain points, and developed a tailored solution and migration plan. This comprehensive approach ensured a seamless transition.

Our core deployment team consisted of 5 internal members and two specialists from Splunk. Additionally, the project included a project manager and a product owner. We also benefited from the expertise of two professional service consultants and two representatives from the customer's side. An on-site admin architect further provided valuable technical support.

Throughout the deployment process, we leveraged support from various resources whenever necessary. This included assistance with configuration changes, deployments, and other related tasks. We also collaborated effectively with our teammates to ensure a smooth and successful implementation.

For the implementation, we had a consultant from Splunk in-house.

Splunk ITSI is expensive. While tools like Grafana offer a significantly lower cost around 30 percent of Splunk's price, their capabilities are more limited. Splunk can ingest and store a much larger volume of raw data up to 50 percent compared to Grafana's 15 percent. This translates to greater observability but at a higher price point.

Splunk ITSI is worth the cost.

I compared Grafana, New Relic, and Dynatrace to understand their competitive landscape. Splunk was the most impressive option, except for its pricing.

I would rate Splunk ITSI 7 out of 10.

For organizations already using a different APM solution, Splunk ITSI offers a compelling alternative. While other tools might focus on onboarding metrics, Splunk ITSI prioritizes log data analysis for deeper insights. In addition to ITSI's capabilities, a Splunk Enterprise license unlocks log monitoring functionalities. This provides a comprehensive solution, and if you plan to migrate to Splunk Enterprise Security in the future, you'll be well-positioned. By purchasing a single Splunk Enterprise license and the ITSI and Enterprise Security premium apps, you'll gain a one-stop shop for all your event management, internal monitoring, and APM observability needs.

Splunk ITSI is deployed in multiple site clusters and located in multiple data centers. We have around 500 users.

Platform maintenance is handled by the Linux team. We take care of everything else.

I recommend Splunk ITSI to those looking to implement ITSI.

I have experience utilizing Splunk ITSI in financial institutions and federal government settings. As a Splunk administrator at a bank, I focus on the platform's administration and development aspects. We are migrating from an on-premises environment to the cloud, leveraging Splunk ITSI to provide a unified view of the client's infrastructure. Through ITSI-generated reports, we are developing a strategic roadmap to guide our clients' IT journey.

End-to-end visibility simplifies our configurations by allowing us to index or search at the cluster level. We can utilize multiple indexers or split the workload as needed. For instance, long-running queries exceeding 15 minutes can be removed from the main list, improving efficiency for other users.

Splunk ITSI is a powerful tool for predictive data analysis. When we create and test KPIs within ITSI, it becomes significantly easier to set targets. For instance, if a system's memory capacity is 100 GB and usage consistently approaches or exceeds 80 to 90 percent, ITSI can generate alerts, visualize in a dashboard, and send notifications to the team. This proactive monitoring prevents potential issues. Similarly, ITSI can identify performance bottlenecks in search queries, allowing workload distribution to optimize system efficiency. The entire environment becomes transparent, simplifying tasks for developers and users alike. Regarding user criteria, ITSI offers a tree diagram visualization to easily understand data distribution across indexes, source types, business units, states, and communities with a single click.

Splunk ITSI enables us to allocate resources more precisely to meet demand. Its unified view provides full information in one location, allowing me to monitor index CPU and memory usage, injection rates, and individual user data. While gathering this information might take around ten minutes, the streamlined process significantly simplifies my work.

Splunk has significantly streamlined our incident management process. Its ability to analyze usage, memory consumption, and other environmental factors makes it superior to other tools, allowing us to delve deeper into complex issues. Regardless of length, we can effortlessly examine any log and pinpoint the exact cause of problems, such as UI errors or system failures. We can quickly identify code changes, root causes, and error origins by simply writing a query, providing invaluable insights that accelerate problem resolution and enhance overall system reliability.

It has been instrumental in reducing the overall volume of incidents by automatically triggering alerts when potential issues are detected before they escalate into full-blown incidents. This proactive approach simplifies data analysis and enables us to identify and rectify errors before they impact our systems. Consequently, we can more confidently implement changes or updates without fear of unforeseen complications, as ITSI helps us prevent errors from occurring in the first place.

Splunk ITSI has helped reduce our alert noise by ten percent and improved the mean time to detect down to ten minutes.

Our mean time to remediate is less than one hour when using Splunk ITSI.

We've implemented automation using Splunk, replacing multiple tools previously used for backend testing. We integrated Splunk with ServiceNow to automatically send alerts to the team whenever issues arise. This eliminates the need for manual ticket creation and assignment, streamlines the process, and ensures timely responses, saving us around ten hours weekly.

Splunk has helped us significantly reduce downtime, manpower costs, and the penalties for missing service level agreements. Previously, we relied on two to three people, primarily from the testing team, to manage these issues. By implementing Splunk, we've decreased staffing needs while improving workflow efficiency and reducing overall costs.

Splunk impressed me because it can monitor and modify live data flexibly, generating live data, reports, alerts, or dashboards as needed. Its single-pane-of-glass view provides a full overview of the entire environment, and its easy ingestion of diverse data sources, such as databases, AWS, or any cloud platform, is remarkable. Additionally, Splunk's intuitive interface and scalability make it accessible to non-technical users, and its capacity to monitor every millisecond of data across multiple applications is truly impressive.

Some developers struggle to write accurate queries, often inputting incorrect text or using asterisks in the source or index, which can significantly degrade search performance and overwhelm the queues. To prevent this, I suggest implementing a system that warns users about incorrect syntax or automatically corrects errors, particularly for complex queries like regular expressions. While Splunk has existing add-ons, they are unreliable and do not provide accurate results. Improving query autocorrection and regular expression handling would be beneficial.

I have been using Splunk ITSI for eight years.

I have frequently observed Splunk ITSI experiencing lagging and crashing issues. As a result, several customers have transitioned from Splunk to Elk and other alternatives.

I would rate the scalability of Splunk ITSI eight out of ten.

The response time and quality of technical support vary between P1 and P2 levels. For instance, our dashboard, containing 120 panels, experiences significant lag. When reported, support prioritizes issues differently; dashboard loading, while crucial for customer interaction and satisfaction, is deemed less important to them. This discrepancy in perspective leads to delayed responses, impacting our ability to provide a seamless customer experience.

Neutral

We utilized Kibana, Elk, Cribl, and Tableau for our analysis. Elk, in particular, excelled in certain areas compared to other tools. Our business team previously compared Elk and Splunk, finding Elk to be faster. I observed that Splunk typically had a higher user count, while Elk's user base was smaller. This difference and the reduced search and checking workload in Elk compared to Splunk influenced our decision. Some customers migrated applications to Elk due to its accurate log-checking capabilities despite encountering minor challenges.

Initial Splunk ITSI deployment is straightforward, especially if you are familiar with Linux-based unzip commands. With all prerequisites, a single knowledgeable person can typically complete the process within 40 minutes.

I would rate Splunk ITSI eight out of ten.

I suggest using Splunk because the live data is good. The market is constantly evolving, with new applications and alternatives emerging yearly. Splunk offers a full suite of tools and add-ons that can match or exceed the capabilities of these alternatives at a similar cost. Although Splunk may be more expensive, it provides a robust cloud-based solution and can significantly simplify data management and analysis tasks, ultimately improving efficiency.

End users do not need to perform maintenance; however, as administrators, we are responsible for monitoring the environment for updates and changes.

Users familiar with Splunk's flexibility and features will more easily experiment and envision how the solution can best fit their organization's needs.

We use ITSI in the health industry. In the UK, the NHS currently uses ITSI as one of its monitoring sources of information. In ITSI, service components are based around each area of the NHS. For any solutions that have been digitally transformed and require monitoring related to our vaccination campaigns, the logs are ingested through Splunk and monitored through ITSI.

We realized ITSI's benefits immediately after it was deployed. When the COVID pandemic broke out, it kicked off a lot of crazy stuff within the UK. Having a powerful tool to aggregate data and allow real-time monitoring helped our campaign.

ITSI can help us right-size resources, but it depends on how you do things. We have a culture, and Splunk told us not to do this because they have different methods and stuff. In ITSM, you skim what you need at the source and then push that into Splunk. Having that as the centralized logging analytic is great for that, especially when so many things are tied to ingestion, storage, etc. However, for what we do, it leaves much to be desired. You're talking about an enterprise solution on the scale of the NHS with multiple people, contractors, and all these moving parts. Some services do it well where they only send in what you need. Some services just dump everything. You've got a load of load of logs. We can right size appropriately, but it's just yeah. For us, it's it's not really done now as well, I think.

ITSI has helped us streamline our incident management. We have a 24/7 service team working around the clock, responding to alerts that Splunk produces. It's linked to ServiceNow, our service management tool. When the team inputs all the information from Splunk into these tickets, they're raised in ServiceNow. Previously, we used software called Cherwell that looked horrendous. This helps bring the package together.

We've reduced our alerts, but it requires a conscious effort to configure them. That depends on how you use the platform. It goes back to getting the right metrics out of the logs that you're producing. The tool itself is powerful, but if you don't use it properly, things can be a bit noisy, and this is quite noisy, whereas that's down to our configuration sometimes.

Reducing alert noise also takes some tweaking. You've got KPIs and correlation searches that are great for real-time monitoring, but if you set them up immediately, you will get a lot of noise anyway. It depends on how you configure it. They have a couple of tools in the forwarders to say you're only ingesting alert logs or error logs, so you pick up on whatever those error logs would trigger.

It would help to give you accuracy in your ITSI alert noise. However, it might get a bit noisy if you've got more than that and they're not configured into the perfect use case you need. Overall, it's been a conscious effort to ensure we've got our stuff configured right.

It has reduced our mean detection time. For Microsoft/CloudStrike stuff, we can have an SLA as short as three minutes. The feeds are coming in quickly, so our detection time is between three and 10 minutes. For major outages, an SLA of a few minutes is good, especially when it's not a cyber-level threat. 

The resolution time is determined by how quickly we can pass the detection along to the IT team and triage the logs to determine the issue. We've had quite quick resolutions because everything's partitioned in a way where it is specifically service-bound. You can look through the data and specific areas. You can optimize these things.  The search system in Splunk is powerful and helps speed up resolutions. 

ITSI helps to automate routine tasks. That's what the safe searches are for. It's a complete package with Splunk Cloud and ITSI for deeper drill-downs, but not everyone can access the ITSI dashboard all day. Automation helps us get these alert structures, especially at night. When you've got a file that's meant to come in at 3 a.m., you don't need someone waiting around to look at that. 

This is what those alerts and automation are for. You can put custom wrappers around stuff. It's a custom output. However, Splunk is trying to make something more standardized at the moment. It saves our IT services multiple hours a week because you don't have to do tasks or sit and look through dashboards to ensure everything is all right. These constant checks every five minutes add up over the week, so that equals tens of hours a week for a lot of different services.

ITSI's KPI and correlation search aspects are powerful, and the service creation suits the project well. It allows for good segregation of the monitoring solution and up-to-date quick-time monitoring. We're notified quickly when something goes wrong.

The end-to-end visibility is excellent. A lot of the information we get is from the cloud, and the data pipelines we introduce have a clear log trail, so it's easy to pinpoint where it goes wrong. 

The UI could be updated. Some elements of the KPI section aren't where you'd expect. It looks like a website from 2010 or maybe older. You can't change some things, like if it doesn't word-wrap well. For example, if you have a long list of KPIs that exceed a character limit, you need to hover over them and wait for the HTML text to pop up to see which KPI it is.

Packaging synthetic monitoring in ITSI would be good. I'd also like a complete package for doing health checks. It would also be nice if Splunk standardized the add-ons. Splunk relies on these add-ons that users build. It's like the App Store. People put time and effort into these custom things, and if they get big enough, Splunk will purchase them and take them over. 

For example, we have a custom Slack output. It'd be good if they put some effort into stuff like that because it's useful. Instead, we're putting custom wrappers around stuff, but why isn't this a thing produced by this massive platform that costs so much? They recently partnered with Cisco and don't have any plans to improve ITSI in that area. It feels like they could do more.

I have used Splunk ITSI for two and a half years.

Splunk ITSI is generally stable. It's the system that has problems. When we have problems, we escalate them to a higher authority, who sorts everything out. We've only experienced two big glitches with the product and indexes not performing as they need to be. 

ITSI is quite scalable. When we have problems, we can discuss them with our Splunk case manager at biweekly meetings. We might need to add some more indexing capability. With the team's support, it's easy to add new indexes and scale up.

I rate Splunk support five out of 10. The support quality leaves much to be desired because ITSI support can be outsourced. If you're dealing with regulations that limit data access to people and entities within the country, outsourced support can cause problems. We've had a couple of calls outsourced to India, and they couldn't access the data because they weren't in the UK.  

When we've received local support from professional services, they've been helpful. Also, sometimes, we've asked a few questions and it didn't feel like we got a real answer or the answer was that we essentially had to solve the issue ourselves. 

Neutral

I've used New Relic and Dynatrace. They have good visualizations and use similar processing languages. However, you can get locked into Splunk because other competitors aren't as powerful. Though Splunk is expensive, it's a powerful platform. 

Splunk ITSI is an expensive solution. Splunk probably doesn't save us money because it's one of the most expensive monitoring solutions on the market. This isn't a tool to save money. You purchase this to improve the efficacy of your service department. This is especially true now that Cisco has acquired them. Cisco is notorious for its high prices.

There's another called LogicMonitor that has better metrics and observability, but we found that it lacks as much power as Splunk. We're heavily in favor of Splunk.

I rate Splunk ITSI nine out of 10 and would recommend it, depending on the use case. If someone wants to switch, it comes down to a financial decision. You need to compare your current platform's capabilities to what Splunk can offer you. If it's a perfect match, then I would say go for it. 

Sometimes, there's a steep learning curve, but you get out of it what you put into it. The visualizations are great, and the ITSI search function enables you to narrow down log analytics well. 

Splunk ITSI (IT Service Intelligence) is primarily used for managing alerts and events. It helps me monitor different APIs in inbound and outbound scenarios and triggers alerts. The tool is primarily used to handle threat intelligence and manage event alerts, despite certain limitations like false positives.

Splunk ITSI has enabled us to better manage events and alerts, aiding in quicker data retrieval and enhanced system uptime. Its ability to correlate multiple event sources allows for comprehensive integration, which has been valuable in improving our organization's security posture.

Splunk ITSI allows for integration with threat intelligence, enabling my organization to correlate more than two events for generating alerts. It has a swift data ingestion and retrieval capability due to its robust query language. The system helps reduce data loss and improve event management, offering a platform for various deployment models. The global trust in its capabilities is evident, especially given the preference by financial sectors. Additionally, having features like IT Service Intelligence enhances our organization by providing actionable insights quickly, which is crucial for operational efficiency.

Splunk ITSI could benefit from including more features that other solutions support, such as vulnerability management modules. This would help manage vulnerabilities effectively, allowing my organization to track patch management and compliance more thoroughly. It would be beneficial to include a feature that provides comprehensive vulnerability management similar to open-source solutions.

I have been working with Splunk ITSI (IT Service Intelligence) for nearly two and a half years.

Splunk ITSI is quite stable, and I would rate its stability at around eight point five to nine. The setup, however, must be done correctly as incorrect deployment can lead to issues.

Splunk is highly scalable, with the ability to expand efficiently. I would rate its scalability at nine.

Having worked closely with Splunk support engineers, I've observed their high capabilities in resolving issues. The technical support is excellent, and I would rate it at ten.

Positive

Previously, we have used other solutions like Wazuh and IBM QRadar. We recommend Wazuh primarily due to its lower cost and robust capabilities, although it may lack in certain areas where Splunk ITSI excels.

The initial setup for Splunk ITSI can be a complex process, especially when compared to the simplicity of open-source solutions like Wazuh.

Pricing can vary significantly based on the selected modules and deployment choices. Splunk ITSI tends to be more expensive compared to some open-source solutions.

We have evaluated several solutions, including Wazuh, IBM QRadar, and other open-source platforms.

Overall, I would rate Splunk ITSI at nine or nine point two. I would recommend it for enterprise-level organizations due to its cost implications; smaller companies may prefer open-source solutions to reduce expenses. The solution could improve by integrating more vulnerability management features. I would rate the overall solution at nine.

We get our customers' requirements and onboard their logs into the SIEM tool using agent-based integration or some DB Connect method. After the integration, we write the use cases. There are two types of data: fault monitoring and performance monitoring. In fault monitoring, the customer typically wants every event as an alert, so we'll do a correlation search for that alert. 

We'll add fields to the alerts, such as summaries and descriptions, and write the regular expression from the raw event to extract and display it on a table. After writing the correlation search, we will enable the policy that we'll use to trigger an incident in the ITSI tool. In our Splunk tool, there is a technical add-on called Remedy that we use to create a ticket for a correlation search and alert. 

After writing the NEAP policy, we'll display the number of tickets and all that information in a single dashboard. In the first panel, we'll display a summary of all the applications and the number of tickets divided according to the severity. The second panel displays the alert information, such as the ID, reported date, and the host. 

We have a team of four people. Two integrate the log sources into Splunk, while two write correlation searches, enable the new policies, and generate tickets in incident service with the ITSI tool. They also work on the dashboards, tables, and service analyzer.

With Splunk ITSI, we don't need to manually raise tickets for analysis. For example, it will not trigger a ticket if we receive an alert about a suspicious event when a set of conditions are met, but it's an invalid alert. Based on a NEAP policy, an incident will be created for each valid alert with the help of our ITSM tool. Each NEAP policy has two components: filtering criteria and action rules. The filtering criteria include sections. If the alert source equals the application log monitoring, it will group that particular event. 

For each event, it groups by incidents based on the job ID, and we write conditions for the second-action rules. The incident ticket remains in progress if the event exceeds one and the status is not closed. It shouldn't create a second incident for the same job name.

Splunk ITSI helps customers to reduce their resources. For example, they don't need extra resources to raise manual incidents for each alert. This solution enables us to raise incidents for only valid alerts, and it displays them all in a single dashboard.

It doesn't affect the effectiveness of the application monitoring, but it decreases the resources and associated costs. It will improve the performance compared to raising incidents manually and reduce human error. 

ITSI reduced the time needed to create a ticket. Instead of raising a manual ticket, we can automatically create one after an alert is triggered based on our policy. We can see all the incidents and alerts on the dashboard. 

It has also reduced the volume of incident alerts. We sometimes raise a manual ticket for the same alert triggered yesterday or a few days before. If it is not closed, and we raise another incident by human error. We can write a new condition so that an alert name by the same name will produce no new tickets. It will update the ticket as "in progress" or change the severity from minor to major.

We can also reduce our alert noise using ITSI by writing a complex set of specific correlations. We'll write the exact conditions based on customer requirements. For example, we'll use Windows event ID 4625 for a failed login attempt. If a user wants, we can add the search criteria so only this event ID will be triggered. 

When integrating our customer logs sources, we directly integrate the real-time events into Splunk. There is no time difference from the customer side. It goes directly into Splunk ITSI. Previously, we used some integration method so that when an alert triggers in EMS, it will reach out to Splunk to create an incident within a minute.

We send the artifacts, logs, and analysis to an incident response team to resolve an incident. The response time depends on the team. They receive all the evidence about an alert. 

ITSI helps automate some reports and dashboard features. When we want to run some individual searches, it takes some time to run each search to generate a report and share it with the customer. We can add all these reports into a single dashboard, and we have a query for each report. We add all these queries into a dashboard and schedule the reports, so it generates a report daily showing all the graphs. We can download that report and share it with the customers.

When we automatically generate a ticket based on the alert, it reduces the detection time and makes the ticket-raising time nearly instantaneous. The time difference between the alert trigger and ticket creation time will be minimal as the machine is generating the ticket. The customer response time is five to 10 minutes. 

The search function is the most valuable. It includes regular expressions and wild card searches. We'll write searches using field and case-sensitive services and use all of these search types to write an alert condition. Splunk ITSI has another feature called Glass Table that offers a visual representation. 

We can manually change the dashboard by reducing its size or changing the background color. When we click on any cell, it will navigate to the next dashboard. You also have a KPI feature. Each KPI case has a separate formula, and we'll write a formula so that when a threshold is reached, it triggers a condition. All of this KPI information is displayed in one service analyzer.

ITSI's end-to-end visibility is excellent. With its help, we can monitor all the network-related log sources and infrastructure. Each log source is integrated into the tool and stored in a separate index to improve search performance. We are using this cluster environment with multiple indexes. It's better to have three to four indexes for a faster search.

The solution's preventive analytics help to prevent incidents before they occur. We write a correlation search that is reported. When an alert is triggered, we write a condition. Each incident will have a priority and a response time based on the SLA. For a priority 1 incident, we must respond within 30 minutes. It's an hour for priority 2 and two hours for priority 3. We have three to four hours for priority 4. 

A ticket will be created within this time, and the incident response team will be alerted. While raising the ticket, we analyze all the alert information and everything the incident response team needs to resolve it. The incident response team will act accordingly and close the incident within this time.

When configuring a dashboard, we can write search criteria. Based on the search criteria, the dashboard shows all the alerts, including the alert time, creation time, and a summary description of the alert. When you add an extra column, such as the user that triggered the alert, the next time he refreshes the dashboard, he wants to know that the alert is acknowledged. We want to improve that comment feature. 

In the Service Analyzer, we monitor the network infrastructure services and have a KPI for each service. When the value exceeds the threshold value, we can add the colors. For example, we can set it to green when the threshold value is within the limit. If it is red, then the value has passed the threshold. We want more colors in the service analyzer to display all these features.

I have worked with ITSI for two years.

Splunk ITSI is stable. When Splunk releases its latest update package, we scan it for vulnerabilities and update it to the next version if there are none. 

Splunk ITSI is highly scalable. 

I rate Splunk support nine out of 10. We can get support from the Splunk community or raise a ticket to Splunk and get a reply faster.

Positive

Before implementing Splunk, we manually noted all the alert information in a notepad. I downloaded the log file and traced the incident in tools like ServiceNow and BMC Remedy. Now we have a Remedy add-on feature integrated with Splunk ITSI, so it requires no manual intervention to raise a ticket in ITSI. 

Deploying Splunk ITSI was straightforward. We downloaded the initial version and upgraded to the latest package from the back end. It's a simple process that involves integration, log onboarding, deploying agents, and setting up DB Connect. In the agent-based method, we'll have a separate configuration. We collect the log path for all the sources and hosts that need monitoring, which will be integrated into our Splunk tool. 

It requires minimal IT resources to deploy. Two IT resources are sufficient at the time of onboarding for 10 log sources weekly. It's easy to maintain. We are maintaining the license. If your data exceeds the license limit, you need to reduce it or pay for more. 

We have a 100 GB license. This licensing option is a bit expensive, but it can manage any type of bulk data, including database logs, network device logs, and social media devices. 

I rate Splunk ITSI nine out of 10. No manual intervention is needed. It generates the tickets automatically when an alert is reported. If we do this manually, it will take more time to review all the alerts. 

Splunk ITSI has been a great aggregator for creating dashboards for all our app teams when we ingest logs.

Splunk ITSI has been the central location for log aggregation and information via dashboards.

The most valuable feature is the aggregation of the metrics and the relative ease of getting them away from search. The solution has helped save time by getting the metrics into the dashboard to get their information.

When we first started, a lot of users were hitting search. We have an ingest pricing model, and a lot of our ingest was going sky-high. By converting more of those users to Splunk ITSI, we were able to bring down and standardize them using uniform metrics. This prevented them from using the search function all the time ad hoc and pulling down tons of data.

Our organization monitors multiple cloud environments, including AWS and Azure. Splunk ITSI has been good so far for monitoring the AWS environment, and we have several teams on the AWS platform.

The end-to-end visibility that Splunk ITSI has into our cloud-native environment is very important for our organization. More of the values are shown daily and weekly. As a result, we get to continue expanding with teams to build Splunk ITSI dashboards.

Splunk ITSI has helped reduce our mean time to resolve (MTTR). 50% of the time, we have Splunk ITSI dashboards created. Then, we can quickly go in and reduce the mean time to discover. It's really about discovery and identifying root causes. This past week, we could quickly provide the app team with our observations and suggestions, and it was very valid.

This process could have taken days. On the contrary, we took the first five minutes to look at the Splunk ITSI dashboard, followed up with a basic query, and then returned with our observations.

Splunk ITSI has helped improve our organization's business resilience because it allows the app teams on AWS to correlate anything they see from a downtime perspective that minimizes impact on customers. We're investing in Splunk ITSI because it can predict, identify, and solve problems in real time.

After implementing Splunk ITSI, we immediately saw time to value. With the first couple of dashboards, we could immediately see an improvement in our app teams and the monitoring team's relationship with them.

We found Splunk ITSI to be the platform that helps consolidate networking, security, and IT observability tools. It's going to be a game-changer for us to pull a lot of the tools together. We always look for opportunities where Splunk can be the only tool of choice. However, Splunk ITSI is a great aggregator when we use other tools like AppDynamics and Dynatrace to pull information from cloud environments.

It also provides visibility and data correlation. You won't get to one point where you will use Splunk ITSI for everything. However, it can be the one-stop shop for data aggregation and realizing the data's value.

Splunk ITSI has been the central part where Splunk engineers go to create dashboards for the app teams.

Splunk ITSI should include ease of integration and more templating.

I have been using Splunk ITSI for two years.

I haven't had any issues with the solution’s stability.

So far, we haven't had any scalability issues with the tool.

Splunk's customer service and technical support have been good, and we don't have any complaints. We have a good technical partner. We tap into our Splunk engineers almost weekly, and it's been great. We've had a couple of little hiccups in the past with some things.

I appreciate the customer service and the technical teams for being honest in discovering bugs and giving our team credit for taking things back that need to be investigated further or will go into future models. We've had some suggestions, and the team's really happy that Splunk listens.

Positive

We have seen a return on investment with Splunk ITSI. We've been able to get data faster in the hands of the app teams, but we don't have KPIs that measure more of the financial or business value.

I wouldn't say there's been an issue with the solution's pricing because we went through the AWS marketplace and negotiated directly with Splunk.

Overall, I rate the solution a nine out of ten.

Splunk ITSI is a service intelligence platform that monitors services, availability, endpoints, and interactions within an environment. My experience with ITSI focuses on web application APIs. I installed and configured it for a telecommunications company to monitor web application API services, troubleshoot downtimes, and mitigate failures. ITSI offers a comprehensive view of the environment, enabling top-to-bottom visibility into services, endpoints, and performance. It provides correlation analysis, deep dives, and episode reviews, leveraging AI and machine learning algorithms to detect signals, predict issues, and prepare engineers for potential problems.

Splunk ITSI's dynamic and highly beneficial end-to-end visibility allows us to gain comprehensive and clear visibility once we configure our settings, services, and entities.

Splunk ITSI's machine learning and AI capabilities are powerful tools that help prevent incidents before they occur. As an engineer, I appreciate the ability to visualize potential future scenarios within my environment. This predictive forecasting feature provides valuable insights into our environment and services.

Due to its complex functionalities, Splunk ITSI requires significant learning. Proper training is essential to understand how these features operate effectively. While the benefits were not immediate, they became apparent over time as we configured, implemented, and utilized the various functionalities. It took several months before the full value of Splunk ITSI was realized.

For incident management and incident response, ITSI assists us by enabling us to create numerous knowledge objects as Splunk users. Whenever an issue arises, these objects can be centered around our services or entities, such as reminders, emails, or notables. Consequently, ITSI significantly aids our management and incident response efforts.

Splunk ITSI effectively reduces the volume of incidents by providing predictive capabilities, enhancing environmental visibility, and facilitating efficient troubleshooting. This deep-dive approach minimizes the occurrence of noisy alerts and consequently lowers the overall incident rate.

It helps reduce alert noise by allowing users to review and group notables. Through the episode review functionality, analysts can examine fired alerts, assign them to specific investigators or analysts, and group them to minimize the occurrence of noisy alerts.

Splunk ITSI has been instrumental in reducing the mean time to detect. While I have other tools as an engineer, ITSI, in conjunction with Splunk SOAR, offers preconfigured automation and quick responses that can further enhance our MTTD. ITSI provides the necessary visibility, and when integrated with SOAR, it aids in detecting and resolving issues more efficiently. These tools work seamlessly together, streamlining our incident response process and improving operational efficiency. Combined, our MTTD is under 30 seconds.

Splunk ITSI has helped reduce the mean time to resolve the issue because we can detect the incidents faster.

It is a valuable tool for cost savings. In a recent project involving web application APIs, ITSI's top-to-bottom visibility and machine learning capabilities enabled us to predict and prevent downtime, reducing losses significantly. By integrating ITSI with an automated tool like SOAR, we implemented automated responses that quickly resolved issues and minimized disruptions. This resulted in substantial savings, estimated to be between five and ten million dollars. Before ITSI, downtime in the web payment application APIs was frequent, leading to significant financial losses. ITSI's implementation has eliminated this issue and provided substantial cost benefits between five and ten million dollars.

Splunk ITSI offers a valuable visualization tree that allows us to map and analyze dependencies and co-dependency within our environment. We can quickly identify errors, failures, and cascading impacts from specific branches by inputting our services and entities into this diagram. I have found this feature particularly useful for clearly understanding my environment's dynamics. Additionally, ITSI's deep dive functionality enables detailed examination of service trends over time, providing valuable insights. Furthermore, its AI and machine learning capabilities, especially beneficial for users with relevant knowledge, offer powerful predictive and correlation analysis tools. Overall, ITSI's combination of visualization, deep dive, and AI and ML features makes it an indispensable tool for observability and understanding complex environments.

ITSI currently lacks the capability for automated response, mitigation, and remediation. To achieve this, it must be integrated with third-party applications. Adding these features to ITSI would significantly enhance its value. For example, the ability to define specific conditions and triggers for automated responses to alarms or incidents would enable proactive mitigation and detection. Incorporating automated response and detection functionalities into Splunk ITSI would make it a powerful tool for incident management.

I have been using Splunk ITSI for seven years.

Splunk, as a platform and software, typically operates smoothly without significant lag or crashes. When such issues arise, they are often attributed to insufficient memory or hard drive space allocated for the Splunk installation. These factors are primarily dependent on the project owners and company's available resources and hardware capabilities. However, it's important to note that the Splunk platform itself rarely encounters stability problems.

Splunk ITSI assists in optimizing resource allocation to align with demand. We can effectively manage our infrastructure by accurately predicting resource requirements based on factors such as the environment, project, and specific operations within our facility. Splunk ITSI's machine learning capabilities can also contribute to this predictive analysis or forecasting, further enhancing our ability to optimize resource utilization.

The technical support responded quickly and provided high-quality assistance. They paid close attention to our issue, conducted a remote diagnosis of our environment, and clearly explained the problem and recommended solutions. Their service was exceptional.

Positive

The initial deployment of Splunk ITSI is straightforward. Assuming all other configurations are in place, a full deployment can be completed in approximately 30 minutes. The exact duration depends on the complexity of the environment, including the number of indexers, search heads, and overall workload. For a single installation on a standalone computer with minimal infrastructure and support requirements, the deployment can be completed in just a few seconds.

The number of Splunk ITSI consultants required for a deployment depends on the project's size, architecture, and specific monitoring needs. A small, single-deployment project may only need one consultant. However, larger projects involving clusters of indexers or searchers, or those requiring constant monitoring, may necessitate more consultants. Such complex deployments might require two or three consultants to manage the entire environment effectively.

I would rate Splunk ITSI eight out of ten.

To anyone considering switching to Splunk, I highly recommend it. Splunk offers a wide range of applications, making it a versatile tool for various IT environments. Beyond ITSI, Splunk provides numerous tools and platforms that offer comprehensive insights into IT operations, security, and more. Whether dealing with payments, web application APIs, or any aspect of IT, Splunk can help. Splunk empowers you to gather, search, analyze, and visualize data to create knowledge objects and set endpoints. It enables you to secure, analyze, and query your IT environments, providing valuable insights. Splunk's powerful features, including AI and machine learning algorithms, help you detect issues, streamline alerts, and improve overall operations. Splunk's risk-based alerting and ITSI security features ensure data protection and compliance. It helps safeguard your data in transit, storage, and indexing, providing visibility into access and potential leaks. For compliance, vulnerability, and risk management, Splunk is a valuable asset. I strongly recommend installing Splunk for its ability to enhance IT operations, improve visibility, and ensure security. If observability is a priority, I also encourage exploring Splunk ITSI.

Splunk ITSI is available both in the cloud and on-premises.

For new users, consider hiring a Splunk consultant to provide initial guidance and training. The consultant can demonstrate key features, share best practices, and help you get started. Secondly, familiarize yourself with Splunk's extensive documentation, which is a valuable resource for learning and troubleshooting. It's essential for anyone involved in managing or using Splunk to stay updated on the latest information. Finally, having a consultant work directly with your team can accelerate the learning process. They can provide tailored training, assist with implementation, and ensure that your users are equipped to effectively utilize Splunk's capabilities.