Splunk ITSI (IT Service Intelligence) Reviews

We used Splunk ITSI to monitor service health and key performance indicators across various servers, such as CPU, memory, and disk utilization—advanced detection capabilities based on defined thresholds and triggered alerts. Splunk ITSI, integrated with ServiceNow, facilitated alert generation and management. Additionally, we leveraged ITSI for event analytics and created glass tables based on configuration items. We monitored specific KPIs and generated alerts via ServiceNow based on established thresholds to meet customer requirements.

Some clients have Splunk ITSI deployed in the cloud, and others are on-premises.

Using a client example, I'll explain the end-to-end visibility provided by Splunk ITSI. We have over a hundred clients in our environment. Once we onboard client data, such as cloud data, we subscribe to that cloud service and integrate the data into our Splunk environment. We then create data models and correlations integrated with the ITSI service. Within ITSI, we create correlation searches and schedule them to run regularly. Each time the Splunk schedule runs, it generates notable events and checks policies to determine if an event qualifies for a ticket. If it qualifies, an episode is created in ITSI, and a ticket is automatically generated in ServiceNow. This is the complete end-to-end process within Splunk ITSI.

We use predictive analytics based on the threshold values to help prevent incidents before they occur.

It does not take long after deployment for our clients to realize the benefits of Splunk ITSI because it immediately reduces alert noise.

Both Splunk ITSI and Splunk Enterprise Security handle incident management, but Enterprise Security utilizes common data models for improved detection. ITSI employs an "episode review" concept to analyze incidents, examining their generation, root cause, trigger alert, and any alerting failures. This provides comprehensive observability of each episode. Similarly, when integrating Enterprise Security with customer systems, pre-built common data models generate alerts that require monitoring to determine their cause, priority, and severity.

Splunk ITSI, using the correlation through event management, can reduce our alert noise.

We can correlate information to receive only relevant alerts, allowing us to quickly respond to issues.

The most valuable feature is event correlation, which ensures that only one ticket is generated per issue, eliminating duplicates and reducing noise from multiple alerts. This significantly streamlines issue tracking and resolution. Additionally, the system analyzes service performance by identifying areas of impact and tracking key performance indicators. This deep-dive analysis allows for the precise identification of issues and facilitates data-driven improvements.

While integrating services and KPIs in ITSI is straightforward, I found it challenging to analyze them with the service analyzers; specifically, using the deep dive feature to pinpoint the exact source and time of an issue proved difficult. Although I'm proficient in service analytics management, the deep dive aspect requires further development.

I have been using Splunk ITSI for two years.

Splunk ITSI is stable.

Splunk ITSI is scalable. It is easy to scale on the cloud platform.

The Splunk support team is adequate, but their response time is slow.

Positive

The deployment is straightforward. We acquired a license and integrated it into our current Splunk environment.

Splunk ITSI is a premium application and comes with a premium price tag.

I would rate Splunk ITSI nine out of ten. Splunk ITSI is a valuable tool for IT and operations teams.

I recommend Splunk ITSI. It's an excellent tool for infrastructure monitoring, direct management, and service analytics, providing a clear, consolidated view of your IT environment.

I just had to monitor the dashboard and infrastructure alerts and escalate them to the appropriate teams.  

I used it for both performance monitoring and incident management. We had an IT infrastructure setup on Splunk ITSI itself. There were dedicated dashboards created by the admins, and we had to monitor these dashboards for the performance of our infrastructure assets, such as the database or infrastructure access. 

We had to monitor these alerts and escalate them to the appropriate teams. For example, if a network alert showed up on the system board, we had to escalate it to the network team, such as, "We are seeing this kind of alert on the ITSI app board; please have a look into it." So, that's the main task on the Splunk ITSI app.

Splunk was initiated for monitoring dashboards and to have our infrastructure integrated into Splunk itself. We have several servers, databases, and multiple services running. We have applications that were dedicated to the service provider. So we had our Splunk IT set up on those servers.

Basically, to keep these applications running smoothly or to have a smooth flow of these applications, we integrated everything on Splunk. And, we need to be resilient and proactive so it doesn't cause any impact to the customers and clients and doesn't go down. We set up our monitoring dashboard on ITSI, which keeps us in touch with how the performance and health checks are going on for these components and applications.

It has a clear understanding of how different environments are related to each other. It has pretty much everything integrated within it. You just need to click a few on the board and whatever details you require are there. So, I find it pretty useful.

For predictive analysis, we have access to pull-out reports on whatever packets are integrated into our system, whatever the packet reinsurance, packet alerts, or whatever has been generated in the system. We pull out these reports based on the previous data and incidents or alerts in the environment. 

Then, after analyzing the previous data, we identify what was causing the incidents or alerts. Based on that, we have taken action to prevent incidents in the environment. So that was a really helpful feature as well because having access to the backend itself helps to identify the previous causes or incidents in the environment.

I liked how it's integrated in such a way that it's really user-friendly. You don't have to do much. Within a few clicks, you get all the data that you need, like what the server is, what the issue is, and how it can be resolved. It was all integrated into the tool itself.

I found it very easy to identify the server or the root cause. So, it helps to resolve the issue on a priority basis or as soon as possible.

The event analytics in Splunk is integrated to help avoid such incidents. Whenever we see such alerts on the board, we have to take immediate action to avoid any incidents in the future.

Sometimes, an incident happens, like the application goes down, and we receive the incident. At the same time, we receive multiple alerts on our dashboard. So, we have to escalate these alerts along with the incident call and incident procedure. We keep the teams involved by saying, "We are seeing this kind of alert on our ITSI dashboard. Please have a look into it or try to get it resolved." It provides the information IT needs about the server, database, and network connectivity. So, it was easy to identify issues when we had such alerts on the board.

Reduced incident volume: ITSI reduced our incident volume by 20 to 25%. It was really quick, and we were able to investigate whatever incidents or alerts happened in the environment. It was really good. It was really quick to identify such issues and previous issues in the environment. So, it has reduced the MTTR, the mean time to resolve an incident, by 20 to 25%. So it's really helpful.

Alert noise: I didn't see it reduced because whenever we introduce a ticket to ITSI, our system is already integrated into the service. And along with that, we are already migrating from other tools to ITSI itself. So, I'm not quite sure that it reduced it because we are continuously adding servers to ITSI. It increased our count of alerts. But I couldn't comment on that because we are continuously adding our infrastructure to ITSI. So, I haven't identified any reduction.

ITSI reduced our mean time to detect whenever we have seen any meantime to detect alerts in the environment; we get them within a fraction of a second, so we get to see the alerts on the board immediately. It is reduced by 20% to 30% as well.

It continuously refreshes itself within two to three minutes, so it's really reduced our time to detect that part. 

Splunk ITSI helped us automate routine tasks. For example, we have a daily task where we have to pull out the daily report. Based on that, we have to access whatever incidents or alerts happened or occurred during the day. 

We have to pull out the report and get all kinds of data, the details of what we have done and the kind of alerts we have seen in the day. Then this action has been taken or maybe escalated. So it was really helpful to get such data on a daily basis.

From my perspective (since I don't have administrator or developer access to Splunk ITSI), we could have a better user interface. The Splunk ITSI user interface can be improved because whenever we see the dashboard, it's mostly in text format. It doesn't have a graphical view.

It's easy to identify issues or alerts if you have a graphical representation on the dashboard. I have seen several dashboards in Splunk ITSI which have a really good graphical interface, but the integrated dashboards we have do not.

I'm not sure if it is configured in such a way or not. Maybe a developer or administrator can access that, but I feel like Splunk ITSI having a good graphical user interface would really improve the visibility of the dashboard and alerts.

I have been using it for more than a year. 

From my perspective, it's pretty much stable. We haven't experienced anything bad or any technical downtime apart from the scheduled downtime. So, for me,  the stability is really good.

It is scalable, but we didn't get to experience the scalability part because it was developer- and admin-related.

For just one location, we have more than 500 people who can access Splunk ITSI, including the technical and monitoring teams. Considering the different locations as well, it would be in the thousands, but I'm not sure about the exact count.

The customer service and support are quite useful. Whenever we faced an issue on our Splunk ITSI server, or if alerts weren't updating, showing proper data, or generating detailed alerts, we reached out to the Splunk technical teams for support. 

They are really supportive, with quick responses and a solution-oriented mindset. They provide solutions right on time. The DevOps support provided is really good.

It was pretty good. I didn't have any bad experiences.

Positive

We had several tools before introducing Splunk ITSI. We had several other tools to monitor network, Windows, Linux, or other portal alerts. 

While having Splunk ITSI, we integrated everything into that. We have decommissioned all of the other tools, and everything is on the IT side.

I have worked on ThousandEyes and Spectrum. These tools were used to identify network alerts. We had Spectrum alerts used for network device alerts. And for ThousandEyes, we used it for the portal alerts, for each and every infrastructure component or service. We had different tools integrated to have such alerts on the board.

So, to reduce having multiple tools, our management team introduced Splunk ITSI because everything is integrated into it. It was really helpful to have just one tool for all of our components instead of multiple app tools.

For us, it's on-prem, not on the cloud. We were planning to move it to the cloud, but it's currently on-prem.

Splunk ITSI requires maintenance. From time to time, we have downtime to integrate other tools into ITSI.

The integration of ITSI with other tools enhanced our operational capabilities and has been really helpful. To access a few other tools apart from ITSI, we have to do several things to get the data from the tools themselves. And I find that these tools are pretty slow. 

Getting the data or accessing anything on those tools is really time-consuming but ITSI was quick. We don't require special tools or special access to that environment. We have IDs created for our individuals, and we just need to access ITSI. It was pretty quick, and we didn't need to do much hard work to access all the data. It's really quite useful in that aspect.

It was already introduced by the technical teams or maybe the administrator or developer. We just had it served on a plate, so I don't have much exposure to the development part.

It was deployed for multiple locations and departments. The network, database, Windows, and Linux departments also have the same dashboard and infrastructure to integrate their servers and alerts into Splunk ITSI. So, having exposure to multiple departments and on-prem environments is really helpful.

It was an easy tool when we also used other tools, such as ITSI. To access those tools, we had to log into VPNs and other stuff to get access to our dashboard. 

But with Splunk ITSI, I find it really useful. It was quick, it had all the information you needed, and it was customizable. You don't need to do much to access our infrastructure data. 

Within just a few clicks, you can get whatever you need from ITSI. I find it quite useful. I'll compare it to the other tools as well. It provides good insight.

It saves a lot of time. Whenever we have an incident in the environment, we use to do our priority checks on Splunk ITSI. Whenever we see such an incident, we have to investigate the previous data, see if any previous incidents happened in the environment, or maybe check if any alerts were generated in the system related to that issue. So it is quite helpful whenever we see incidents in the environment.

We have several tools along with Splunk ITSI, but I find Splunk ITSI very useful compared to the others. So I would rate it 70%. I'm satisfied with that. We don't have admin or developer access to Splunk ITSI. But whatever we have access to, I'm definitely 70% sure that ITSI is really good to have in the environment.

On the manpower, it has been reduced by one or two candidates because, obviously, we also use several tools as well, so we have a lot of strength there. However, after we integrated everything on the Splunk ITSI, we reduced our manpower, and it's less time-consuming. Each one can double their task for maybe two weeks their actions as quickly as possible as compared to the other two. Manpower, it's really helpful.

I would recommend Splunk ITSI because it gives you access to all the information you need, and it's just a few clicks away. You just need to know how to navigate through the tool. Apart from that, everything can be done on Splunk ITSI. It's just a matter of how much knowledge you have to access the data in Splunk ITSI.  

Splunk ITSI is really helpful because whatever data you need, you're just a few clicks away from it. That's a really helpful thing to have.

I would definitely recommend it to other users because it gives you really good exposure to the environment. Whatever data you need is quickly accessible.

Overall, I would rate it an eight out of ten.

I work for a consulting company that contracts with an organization to provide operation center services. We use Splunk ITSI as one of our key centralized monitoring tools for the organization. Our goal is to collect data from both the organization's centralized database, Spine, and their cloud platforms, such as AWS and Azure, and send it to Splunk for monitoring. Splunk then creates reports, alerts, and dashboards that we use to visualize the data and make the most of it.

ITSI has many benefits, but its visualization for monitoring is particularly great. We have been able to identify notable events that have occurred, track them back through history, and see what data is available for a long period of time. One of the best reasons we use ITSI is because of its indexing system. We can collect data from various sources in different formats and then operate on that data, even though we have different data from AWS and Azure. Splunk does a good job of ensuring that the data is compatible with different reporting methods.

Splunk ITSI has helped us streamline our incident management process. We have a custom configuration that outputs some alerts to Slack and others to email. We package only alerts and episodes, and when an alert is triggered, an email is sent and a ServiceNow incident is raised. This has significantly streamlined our analysis process.

Splunk ITSI helped reduce our mean time to detect by ten percent.

Splunk ITSI is similar to Splunk Cloud, but it includes some additional features that are specifically useful for IT service management.

We still get the standard package with ITSI, including alerts, reports, and dashboards. However, ITSI also includes a feature called alerts and episodes, which is similar to an ITSM tool. This feature allows us to bring our searches to life and create service trees that focus on business context.

For example, if we create multiple services, we can arrange them in a tree structure. ITSI then uses a traffic light system to indicate the health of each service and its dependencies. This allows us to see the overall health of our IT environment at a glance.

ITSI also includes a powerful KPI system that allows us to create complex saved searches that power multiple different areas of our dashboard. This is very useful for tracking key performance indicators and identifying potential problems early on.

Finally, ITSI includes a feature called a glass table. This feature allows us to create visually appealing dashboards that display our KPIs and other data in a clear and concise way.

One issue we have with Splunk Cloud is that the service team is sometimes not very helpful. This is because the team is outsourced, and they often cannot provide us with the information we need. This is a major complaint of mine, and it is unacceptable given the large amount of money we pay for the service. Splunk Cloud outsources its support team, and the people who are supposed to be helping us are not very knowledgeable. They often give us unhelpful or incorrect answers.

The UI needs improvement. With real-time monitoring, we can have a service structure, but we cannot easily adjust the graphical interface. For example, if we have a long name or a 2005 feature, we cannot easily move it slightly to the right on the web page. This can be a real pain.

Our large-scale system is noisy, making it difficult to pinpoint the exact cause. This is a trade-off for using Splunk as a central monitoring tool, as we cannot give everyone access to everyone else's AWS environment. We are investigating ways to reduce the noise, but I am not sure if it is a specific ITSI problem.

Quality-of-life features have room for improvement. The search function and other features are fine, but there are a few UI changes I would make. For example, I would like to be able to extend the graphical user interface so that we can see the full name by moving the window around. It is currently difficult to work with. 

We can create a correlation search, but when we save the page, it redirects us to the search system. We should be able to save the page and stay on the page, which is a bit annoying.

We have a lookup file, but it doesn't work very well. In fact, it doesn't work at all. I hope Splunk fixes this at some point. When we make a change, it completely wipes out the change. It also says to type in the search bar, click on what we need, and if we make a slight adjustment, it will completely wipe out the search bar and we have to start over. This is very annoying.

I have been using Splunk ITSI for two years.

Splunk ITSI is stable. Resilience is essential for our organization. We need it to be active all the time. It is incredibly important because some of our services are platinum-level. If anything goes wrong, we want to know about it instantly. It is very important that ITSI is stable and works as expected, which it does. We have not had too many problems where things have gone wrong. Most likely, these problems have been configuration issues, rather than our availability going down and us being unable to access Splunk. Splunk is up all the time and rarely goes down.

Splunk ITSI is scalable, and scaling is a primary feature of cloud products. With an enterprise license, we can scale as much as we need. However, scalability also depends on our hardware. If we purchase good hardware to run Splunk on, we should be able to scale easily by creating shared clusters, index clusters, and other types of clusters, and pairing them together.

Splunk's technical support is not very good. They outsource their support, and the outsourced support team is not very knowledgeable. I believe that in-house technical support would be better.

Neutral

The organization was using Splunk Enterprise which is similar to ITSI.

Splunk ITSI is expensive. We pay for the package once the sales team has priced all of our data and other relevant factors. We don't incur any further costs if we pay for a package. On its own, Splunk ITSI can be quite expensive, which is what scares many customers away. If a customer has the budget to use Splunk ITSI, then it is an excellent choice. It is one of those products where we may need to start weighing up different solutions. Splunk was recently sold to Cisco, and it could become the centralized monitoring tool for the organization for x, y, and z. I believe that our package is one of the lowest priced in the UK, even though we are squeezing as much value as possible out of the service. I would say that we should prioritize longevity over making an extra million pounds or so because that will come with time. However, I don't think that everyone sees it that way.

I would rate Splunk ITSI eight out of ten.

The visibility is good, but the issue we are interested in is split into different factions in some parts. Currently, we are not using ITSI to its full potential. The organization is enterprise-scale, which is huge. It is therefore very difficult to implement some of the ITSI best practices because we have so many different areas, each doing things differently. Standardization is difficult to achieve because everything is so massive. We could better use ITSI to its full capacity, but that is on us. However, I think it would work much better if it were a bit smaller in scale.

Cost is definitely a concern. Splunk can be quite expensive, especially if we are tied into a contract. However, it offers more features and capabilities than other solutions. I don't have a lot of experience with Splunk, but the way it aggregates data is very good. It can also parse and strap data, and search and operate on the data that is sent in. This is also very good. I suggest cleaning up the data before sending it to Splunk. This will make it easier to get real-time monitoring of the data needed. We pay for ingestion and storage, so it makes sense to only send in the data that we need. Splunk is a very good tool to use for building and operating real-time analytics dashboards. It has very good visualization, data separation, and real-time analytics capabilities. It can also create very complex queries that can do a lot.

We have over 50 users spread across the organization, and we implement around 100 or more services. Each service may have a tech lead in x and y and an architect in z. Therefore, Splunk ITSI reaches out to many different people in those departments.

Splunk Cloud takes care of all the maintenance. We simply open a case and they implement any new version as needed.

I have used Splunk ITSI to build a lot of glass tables and set up thresholds. We have also used MLTK for machine learning, predictive analytics, and anomaly detection. We use MLTK, which is an external application. We can get notified of issues well before the time to take proactive action.

We use core Splunk and Splunk IT Service Intelligence. It is a multisided cluster environment. Whenever the customer wants glass tables, notable events, or to set up some alert notifications, the product has helped our organization. We can set up our own threshold activities. We can also add ad-hoc searches in the solution. We can get the data of the indexes and alerts tracking by writing a search query.

The glass tables are very helpful. The solution also provides topologies showing exceptions or criticalities whenever something goes down. It is very helpful for customers. The notable events, glass tables, and setting up thresholds are the most valuable features of the solution.

Every customer has a different need and their own customized threshold settings. Some customers need 99% as critical, and some need 80%. We can set the customized thresholds in the product and get the alerts.

If the product had some prebuilt machine learning features, it would add value to our use cases. It would be very good if the product had some in-built predictive analytics and future forecasting features.

I have been using Splunk for almost four years.

The support depends on the licensing we use. There are different licenses available based on the volume and vCPUs. We use the license based on vCPU. It depends on how many virtual CPUs we use. It would be good if Splunk could give on-demand support.

Whenever we raise a support case, the support team follows the SLA and gives us a response. Sometimes, companies will also have on-demand support based on the support credits. Companies generally expect support persons and engineers to join the Zoom sessions when P1 and P2 issues arise. The support team takes a long time to join the meetings at such times. If we can have an engineer join the Zoom sessions right away, it would be helpful for the customers. The support team needs to respond quickly to P2 issues.

We had a P3-level case with a severity level of S2. It was a corrupt bucket issue. The case was in open status for six months. Generally, we don't need six months to fix a corrupt bucket issue. If the support case had been escalated to a higher-level engineer with advanced knowledge in debugging the issues, it would have been easier and would have taken less time.

Neutral

We have been using Enterprise Security. It is for intrusion detection and threat intelligence. It helps our enterprise security team to find vulnerabilities and take proactive actions. We started using Splunk IT Service Intelligence because it gives us some good topology if we build glass tables based on our data. The product provides us with service intelligence.

The deployment process is straightforward. It is the same as core Splunk. The solution uses summary indexing, itsi_tracked_alerts, and itsi_summary_metrics indexes. We must ensure these indexes are available and have a good retention policy.

Our customers have seen improvements in resilience and cost.

It would have been good if the product cost was much lower.

We chose Splunk over other vendors because it is much more reliable. We have done a POC to test how well the tool can help the customers and provide good value to their business. We have used other products like Elasticsearch and Cribl. However, we feel that Splunk is better. Log monitoring is very important to customers. Other log monitoring tools are not user-friendly and flexible. It is also not easy to write search queries on them. However, it is easy to write search queries on Splunk. It also has bucket lifecycles. It is easier to have a centralized repository to maintain and use the data.

Our clients monitor multiple cloud environments. We get data from different third-party clouds like Google Cloud, Microsoft Azure, or AWS. Sometimes, we also use Snowflake. Customers mostly try to build out their own dashboards and knowledge objects. They use Splunk IT Service Intelligence to be notified about any exceptions or critical issues. 

We cannot integrate the product directly with the cloud applications. First, we have to integrate our core Splunk with different clouds. We must first integrate add-ons using Splunkbase, a REST API mechanism, or an HTTP Event Collector (HEC) mechanism into core Splunk. Then, we can use the same ad-hoc search in Splunk IT Service Intelligence to get proper glass tables and results. It's easy to monitor multiple cloud environments using the solution, but we could directly integrate with it if it had the right integration features.

It is important for our organization that the solution has end-to-end visibility into our cloud-native environment. In today's world, most data goes into the cloud. Every organization wants to move the data to the cloud so that it would be more reliable and they can get the data easily. It's less cost-effective as well. So, most organizations are going to the cloud. It's really beneficial and important to the customers because they can easily get the data from the cloud and perform cost optimizations. Managing cloud-native environments with the solution is cost-effective.

The product has definitely helped reduce our mean time to resolve by 70%. If it has built-in machine learning or artificial intelligence techniques, it will be helpful to reduce the remaining 30%.

The tool has helped improve our customer's business resilience. Different SIEM applications and tools are available for enterprise security in today's world. Splunk's next version will have enhanced SOAR features. It will be useful if the product has additional features to help customers and organizations.

We used the MLTK app from Splunkbase and deployed it in Splunk IT Service Intelligence. It helped us to do predictive analysis, forecasting, and anomaly detection. It helped us gain some insights. I rate the tool's ability to provide business resilience a seven out of ten.

If we have a Splunk add-on for Unix and Windows, we can use those add-ons in our core Splunk to get the base monitoring, like OS metrics. For these things, Splunk has PowerShell scripts. It runs every five minutes. So, it is not in real-time. Every organization would need real-time monitoring. The product should provide these features in real time. For OS metrics, we use custom thresholds.

Our customers see time to value within seven days. We implement Splunk with minimal architecture, like two deployment servers, two heavy forwarders, four indexes, and three searchers. We initially had the search factor as two and the replication factor as two. We had very little data initially. We tested in our lower environment with the POC and found the data the customers wanted to see in Splunk. It was helpful for the customers. They can find the exceptions, write their own search queries, and build their own knowledge objects.

We get different types of security management tools in the market, like Enterprise Security, SOAR, and Phantom. The product brings a lot of value to the customers. It gives a lot of insights into notable events and predictive analysis. It also has a good dashboard. I expect the solution to provide enhanced features in the upcoming release.

Attending Splunk conferences provides us with an opportunity to interact and get more details on the products from different vendors. More than 1,000 vendors attend the conferences. The more we interact with the vendors, the more insights we get from them. It is also helpful to build relationships with the vendor.

Overall, I rate the tool an eight out of ten.

We have a couple of different use cases including incident management, correlation, and mapping out incidents.

Having a structure on how to resolve incidents is the most valuable aspect.

It is pretty important to us that it offers end-to-end visibility. That's how we do the ITSI incident setup. It needs to have an overview.

It has helped improve the business' resilience. Splunk's ability to predict, identify and solve problems in real-time is pretty good. I've been a Splunk customer for almost six years.

The time it takes to pinpoint an issue, from when it's triggered to resolution is where I've seen the most value out of Splunk.

We have seen time to value using ITSI. It took a few months to see this value. 

They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve.

I have been using Splunk ITSI for one year.

The product is pretty stable.

We had a support person who was instrumental in getting it set up.

I would rate support an eight out of ten. It's nice to have the help but we'd also like to be independent and that's taking a bit of time to get onboarded. 

The initial setup is easy. We had someone come in. It took around a month or so and he's still with us helping to implement.

Overall, I rate the solution a seven out of ten. I'm getting up to speed with it. 

It has enabled effective monitoring, allowing for a comprehensive view of the growing complexity within the IT infrastructure.

The enhancement to our organization stems from its ability to consistently run rules, actively identifying significant events. This involves an ongoing process of aggregating and configuring notable events into a coherent resource. Additionally, the container version automates website functionalities, including tasks like email reception, providing a heightened level of control.

It has proven highly effective in real-time monitoring of service assistance and KPIs. There has been a noticeable enhancement in automated event clustering. Additionally, the platform facilitates comprehensive analysis for proactive incident prevention.

The end-to-end visibility provided into our network environment is a potent tool for real-time monitoring. It significantly contributes to the monitoring and analysis of complex multi-cloud IT solutions, playing a pivotal role in ensuring efficiency.

Leveraging predictive analytics to proactively prevent incidents before they manifest empowers operations to establish effective management and automation of information related to business processes.

It aids in minimizing alert noise, proving highly effective in incident management. Furthermore, it facilitates root cause analysis.

The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes. It promptly raises a red flag, signaling an effective early warning system.

The resilience it provides is invaluable. It ensures continuous application of rules, specifically for identifying notable events, and utilizes revision policies to configure hardware solutions into edge servers. This is essential for my operations to seamlessly proceed.

It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs.

I have been using it for one year.

It provides good scalability. Approximately, a hundred users use it effectively.

I would rate the customer service and support eight out of ten.

Positive

The initial setup was straightforward.

The installation involves developing a strategy to comprehend the essential services for proper monitoring. Additionally, it entails determining the specific type of intelligent alerts, clusters, and dashboards needed for effective planning. It was done in-house by one individual.

The implementation of this solution quickly demonstrated its value.
It resulted in a time reduction of six hours through its implementation.

It contributed to a six-hour reduction in the meantime to detect incidents.

It assisted in decreasing the mean time to resolve by four hours.

Choosing IT Service Intelligence (ITSI) over other vendors is a superior option now, as it operates on a data platform capable of efficiently collecting and managing large volumes of machine-generated data. It would greatly support the utilization of proper predictive analytics due to the capability to preemptively prevent incidents ten to twenty minutes in advance. Overall, I would rate it eight out of ten.

We use the solution for event management, observability, application management, application performance management, anomaly detection, problem detection, and creating different rules for the anomalies for different events. It's application performance monitoring. The entire area of service is managed by ITSI, and offers automated detection and everything.

The root cause analysis is very helpful for us. 

There's one feature which is a prediction and detection feature that we have gone through. We are not thoroughly using it. However, for us, I would say that root cause analysis, problem detection, and anomaly detection are the most helpful features.

The end-to-end visibility of IT assigned to our network environment is great. The endpoint visibility is definitely helpful, and that is mainly for the application team. We can take a deep dive into the incident. In the everyday work that we do, we don't really use endpoint visibility since that is not required if we look at normal and general use cases. That said, when it comes to an incident during an outage, end-to-end visibility helps us deep dive or drill down to find out the root cause and how to make the platform better for the future.

The product has helped to streamline our incident management with end-to-end visibility. It helps in streamlining the incidents that are coming in. For example, for the authentication service that we have, users for certain regions are not able to authenticate completely. That likely means there's an issue with that region. That is an incident. In that case, I would look at endpoint visibility from the infrastructure to the end of the service call, including all the scans, tracing, and everything. Looking at it helps provide a resolution.

Our alert noise has been reduced.

Our main time to detect has been reduced as well. Previously, we used to take a lot of time getting to the root cause of what happened. We've been able to resolve this quicker, and our main time to detect has been drastically reduced. 

In addition, we've been able to reduce the time to resolve.

Predictive analytics, in terms of preventing incidents before they occur, still needs time to mature. I am not very, I would say, convinced of the prediction feature's capabilities.

It does not have a release comparison on the server comparison feature. For example, if you have an application, and you introduce a new feature, and you're going to deploy it, then the release comparisons should show automatically or generate a report to show the impact of the feature on the overall application. It should show what you can do to optimize it. 

I've used the solution for around five years.

The stability has been good. 

The solution is highly scalable and flexible. 

I've contacted support multiple times. Their service is average. They are not very quick. 

Neutral

I've used a few different solutions, like Dynatrace and Datadog. I've used Elasticsearch and Moogsoft as well.

Dynatrace is an overall package. I'd choose it over ITSI. Splunk is never a package. It does not provide application performance monitoring. Dynatrace is a full-fledged APM tool that includes infrastructure, APM, synthetic monitoring, and user monitoring alongside AI ops, which are very strong. It's a mature platform.

I was involved in the initial setup. It's a very straightforward process. Deploying the platform takes a couple of hours at a maximum. The configuration is more subjective in terms of how long it takes. For example, how many applications do you have? How many environments? We have three environments in the US, and with approvals, it took us around 20 days.

It's a SaaS solution and does not require maintenance. It's a one-click upgrade if you want to upgrade anything. 

Once you buy a license, Splunk is involved and can help with the deployment. They have three or four free consulting sessions initially. They are very involved in the pilot phase. post-pilot, you have regular support. 

The product is expensive. It's one of the most expensive options, although maybe not as expensive as Datadog.

We might be partners with Splunk. 

It's readily available. You don't have to wait very long to witness the benefits of the solution. 

I'd rate the solution seven out of ten. 

If you are looking for an AI solution alongside APM, use a platform with everything in place. However, if you still want to go for a dedicated AIS platform, make sure it integrates with your existing logging and APM tools. However, my position is that it's better to use one platform for the entire opportunity.

We use Splunk ITSI for better CMDB management and control of all infrastructure devices.

We had many old devices and legacy systems, and architects used to configure them as they saw fit. To streamline and standardize our operations, we had to rely on Splunk. Splunk invented device discovery, which allowed us to learn what devices are on the network, what type they are, and how to classify them. Splunk ITSI has been very helpful to us.

We deployed Splunk ITSI on-premises, and it can also be deployed in the cloud.

Splunk ITSI helps the advisory board's cab team increase efficiency by instilling trust in systems over manual administrators. Splunk ITSI also provides a central source for the documentation of our application dependencies.

Splunk ITSI provides end-to-end visibility into our network environment, which reduces the manual effort required to capture configuration data and helps us identify weaknesses in our network.

Once we have implemented the CMDB to meet our requirements, Splunk ITSI's predictive analytics can identify any devices that will be affected by planned changes and provide us with that information. This will allow us to prioritize incidents based on their criticality and notify stakeholders accordingly.

Splunk ITSI has helped our organization in many ways. It has centralized all resources for administrators and service personnel. Architects can plan better using the environmental details provided by ITSI. The CAB team can provide approvals quickly because the information is easily accessible. Splunk ITSI is reliable, and its AI-driven predictive analytics help identify potential component or device failures.

Splunk ITSI streamlined our incident management by allowing Splunk administrators to easily see all incident details and cascade them down to relevant stakeholders and customers. This enabled us to inform the service desk team so they could better prepare responses to end-user queries. We can also easily identify and address infrastructure challenges affecting specific companies.

It helps reduce our alert noise by a minimum of ten percent and it can go significantly more. We categorize and close alerts directly through ServiceNow after integrating our account. This automated process frees up our admins' time to focus on more important tasks.

Splunk ITSI has reduced our MTTD by over ten percent. We can meet our SLAs with Splunk ITSI 99.8 percent of the time. It has also reduced our MTTR by five to ten percent each quarter. We can resolve almost 90 percent of our tickets.

With Splunk ITSI, we can optimize business processes and systems. ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use. This also enables proactive responses to trends and events, as events are already segregated based on how they have been mapped.

Splunk ITSI consumes a lot of CPU resources. I would like a more lightweight solution in terms of resource consumption.

The price has room for improvement.

I have been using Splunk ITSI for five years.

Splunk ITSI is stable.

Resilience is valuable because it functions perfectly, helping to reduce risk and assist our admins and architects.

Splunk ITSI is scalable.

We previously used our internal CMDB solution, which was not streamlined and depended on a few key architects. We wanted more control and better governance, so we switched to Splunk ITSI.

The difficulty level of the deployment depends on the knowledge of those doing the implementation. A person with moderate knowledge will require some time to do all the configurations.

Our deployment took around four to six weeks to complete.

I have seen ROI from Splunk ITSI of close to 30 percent at both my current and previous organizations. The returns have been presented to leadership.

The cost of the modules is a bit high for non-global companies, making it difficult for them to afford Splunk ITSI.

I would rate Splunk ITSI eight out of ten.

Splunk ITSI is the best application performance monitoring tool because it helps administrators do their jobs better, has more computing power, and allows staff to focus on governance and automation.

Organizations may benefit from considering a point monitoring system instead of Splunk ITSI, depending on their environment.

We achieved time to value with Splunk ITSI within the first four to six weeks of deployment.

Splunk ITSI is deployed across multiple departments in our organization and there are 20 users.

Maintenance is required for updates.

I recommend Splunk ITSI. The solution can discover all types of devices in our environment.